diff --git a/_partials/_palette-kubernetes-versions.mdx b/_partials/_palette-kubernetes-versions.mdx index 7b983dd8890..8d729474e1b 100644 --- a/_partials/_palette-kubernetes-versions.mdx +++ b/_partials/_palette-kubernetes-versions.mdx @@ -7,6 +7,7 @@ For installations using a Kubernetes cluster, we support any non-EOL (End of Lif | **Palette Version** | **Highest Supported Kubernetes Version** | | ------------------- | ---------------------- | +| 4.9.22 | 1.35.5 | | 4.9.14 | 1.35.5 | | 4.9.5 | 1.35.5 | | 4.8.47 | 1.35.5 | diff --git a/_partials/self-hosted/_install-next-steps.mdx b/_partials/self-hosted/_install-next-steps.mdx index c9d3848990f..0e7a170f972 100644 --- a/_partials/self-hosted/_install-next-steps.mdx +++ b/_partials/self-hosted/_install-next-steps.mdx @@ -13,6 +13,6 @@ Now that you have installed {props.version}, you can either edition={props.edition} text="activate your installation" url="/activate-installation" - /> . + />. Beginning with version 4.6.32, once you install {props.version}, you have 30 days to activate it; versions older than 4.6.32 do not need to be activated. During the 30-day trial period, you can use {props.version} without any restrictions. After 30 days, you can continue to use {props.version}, but you cannot deploy additional clusters or perform any day-2 operations on existing clusters until {props.version} is activated. Each installation of {props.version} must be activated separately. We recommend activating {props.version} as soon as possible to avoid any disruptions. \ No newline at end of file diff --git a/_partials/self-hosted/_palette-vmware-kubernetes-versions.mdx b/_partials/self-hosted/_palette-vmware-kubernetes-versions.mdx index f63b00b5de8..743bd7ef390 100644 --- a/_partials/self-hosted/_palette-vmware-kubernetes-versions.mdx +++ b/_partials/self-hosted/_palette-vmware-kubernetes-versions.mdx @@ -5,6 +5,7 @@ partial_name: palette-vmware-kubernetes-versions | **Palette Version** | **Kubernetes Version** | **OVA Download URL** | | ------------------- | ---------------------- | --------------------------------------------------------------------------- | +| 4.9.22 | 1.34.9 | `https://vmwaregoldenimage.s3.amazonaws.com/u-2404-0-k-1349-0.ova` | | 4.9.14 | 1.33.10 | `https://vmwaregoldenimage.s3.amazonaws.com/u-2204-0-k-13310-0.ova` | | 4.9.5 | 1.33.10 | `https://vmwaregoldenimage.s3.amazonaws.com/u-2204-0-k-13310-0.ova` | | 4.8.47 | 1.32.9 | `https://vmwaregoldenimage-console.s3.amazonaws.com/u-2204-0-k-1329-0.ova` | diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-config-not-required.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-config-not-required.mdx new file mode 100644 index 00000000000..47e9c86e38d --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-config-not-required.mdx @@ -0,0 +1,28 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-config-not-required +--- + +Image pull secrets are managed by Spectro Cloud. While you do not need to configure the pull secret, you must ensure +that the secret propagates to your workload clusters. This happens automatically unless there are connectivity +constraints from your workload clusters to the {props.version} management plane. + +- **SaaS deployments** - Image pull secrets are managed automatically on the backend. For multi-tenant SaaS, no action + is needed; for dedicated SaaS customers with access to the system console, consult with your customer support + representative. + +- **Airgapped self-hosted {props.version} environments** - The Spectro Cloud-owned images are pulled directly + from your local registry and do not need the Spectro Cloud's OCI registry pull secret. + +- **Environments with configured mirror registries or image swaps** - If your non-airgapped self-hosted {props.version} environment pulls all Spectro Cloud-owned images from a custom or private registry through + or [image swaps](/clusters/cluster-management/image-swap/), you do not need to configure the image pull secret. + +- **Self-hosted OCI registries with pull-through cache** - If you are using a registry that uses pull-through cache (for + example, a [Harbor proxy cache project](https://goharbor.io/docs/latest/administration/configure-proxy-cache/) or a + [JFrog Artifactory remote repository](https://docs.jfrog.com/artifactory/docs/remote-repositories)), you must + configure the hardened image registry credentials at the cache level. + diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-config-required.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-config-required.mdx new file mode 100644 index 00000000000..5a595d968c7 --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-config-required.mdx @@ -0,0 +1,13 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-config-required +--- + +Non-airgapped self-hosted {props.version} environments that pull images directly from Spectro Cloud-owned OCI +registries must configure an image pull secret. This _does not_ include environments that use + or [image swap](/clusters/cluster-management/image-swap/) configurations to redirect image pulls to a private +registry. \ No newline at end of file diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-during-install.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-during-install.mdx new file mode 100644 index 00000000000..1d093945f19 --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-during-install.mdx @@ -0,0 +1,15 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-during-install +--- + +Adding an image pull secret during installation is supported on the following deployment models: + +- Helm charts installations + +It is _not_ supported for the following deployment models: + +- Palette CLI +- Palette Management Appliance + +For these deployments, you must configure the secret [post-installation](#post-installation) using the system console. \ No newline at end of file diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-enablement.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-enablement.mdx new file mode 100644 index 00000000000..91dd77ad0d1 --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-enablement.mdx @@ -0,0 +1,23 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-enablement +--- + +1. Log in to the {props.version} + . + +2. From the left main menu, select **Administration**. + +3. Select the **Hardened Images** tab. + +4. In the **Pull secret** field, paste the image pull secret you received from Spectro Cloud support. + +5. Select **Validate and Save**. + +If the secret is valid, it is saved and distributed to the management plane, workload clusters, and PCGs. If you need to +rotate your image pull secret for any reason, repeat these steps, and paste your new secret into the **Pull secret** +field. diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-helm-install.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-helm-install.mdx new file mode 100644 index 00000000000..a26a5e9fed8 --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-helm-install.mdx @@ -0,0 +1,20 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-helm-install +--- + +For self-hosted {props.version} environments installed on an existing Kubernetes cluster using Helm charts, +you can apply your image pull secret during the installation process. + +| **File** | **Parameter** | +| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | +| {props.helm}/values.yaml | | +| `extras/cert-manager/values.yaml` | `imagePullSecret.dockerConfigJson` | + +For the full installation process, refer to the + . \ No newline at end of file diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-intro.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-intro.mdx new file mode 100644 index 00000000000..fa46714a272 --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-intro.mdx @@ -0,0 +1,34 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-intro +--- + +Beginning in 4.9.22, Spectro Cloud is initiating the shift to security-hardened images. While images have a smaller +attack surface compared to physical and virtual machines, security-hardened images are built to reduce the attack +surface further by containing only the essential runtime components an application needs. They have strict Service Level +Agreements (SLAs) that require the images to be regularly scanned for vulnerabilities, rebuilt, and patched, keeping the +number of CVEs to a minimum. These images also contain artifacts such as Software Bill of Materials (SBOMs) and +cryptographic signatures to verify that the image has not been tampered with. + +As a result of this transition, all images hosted in Spectro Cloud's OCI registries must now be authenticated and +retrieved using +[image pull secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-imagepullsecrets-1). Like + , these secrets are obtained from your Spectro Cloud +customer support representative; they are intended for long-term use and only need to be configured once as part of your +initial setup process. If you need to rotate the secret as part of your organization's security policy, contact support +to request a new one. + +Once configured, the secret is distributed to the management plane, PCGs, and all managed workload clusters so they can +pull the required images. + +:::warning + +As of 4.9.22, configuring an image pull secret is optional; however, it will be mandatory in an upcoming release. +Therefore, we recommend configuring your image pull secret as soon as possible to avoid service disruptions. Refer to +the [Announcements](/release-notes/announcements/#upcoming-breaking-changes) page for the latest updates. + +::: \ No newline at end of file diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-post-install.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-post-install.mdx new file mode 100644 index 00000000000..b1be7b30d4e --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-post-install.mdx @@ -0,0 +1,14 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-post-install +--- + +You can also configure the image pull secret once {props.version} is installed. + +:::warning + +Configuring an image pull secret is currently optional. Once it is mandatory, image pull secrets must be added during +the installation process. At that time, the following system console method will only be used to rotate the image +pull secret if required by your organization's security policy. + +::: \ No newline at end of file diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-prereqs.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-prereqs.mdx new file mode 100644 index 00000000000..e3539959e34 --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-prereqs.mdx @@ -0,0 +1,15 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-prereqs +--- + +- A self-hosted instance of {props.version}. + +- Access to the {props.version} + . + +- An image pull secret provided by Spectro Cloud support. \ No newline at end of file diff --git a/_partials/self-hosted/image-pull-secret/_image-pull-secret-validate.mdx b/_partials/self-hosted/image-pull-secret/_image-pull-secret-validate.mdx new file mode 100644 index 00000000000..fc0fc4ca9ff --- /dev/null +++ b/_partials/self-hosted/image-pull-secret/_image-pull-secret-validate.mdx @@ -0,0 +1,66 @@ +--- +partial_category: self-hosted +partial_name: image-pull-secret-validate +--- + + + + + +1. Log in to the {props.version} + . + +2. From the left main menu, select **Administration**. + +3. Select the **Hardened Images** tab. + +4. Verify that the **Pull secret** field displays a masked secret. + + {props.edition === 'vertex' ? Configuring an image pull secret in the system console. : Configuring an image pull secret in the system console.} + + + + + +1. Open a terminal session in an environment that has network access to the cluster. Set the `KUBECONFIG` environment + variable to the file path of your cluster's kubeconfig that {props.version} is installed on. + + ```shell + export KUBECONFIG= + ``` + +2. Issue the following command to verify the secret propagated to your management cluster matches the one configured in + the system console. + + ```shell + kubectl get secret spectro-image-pull-secret --namespace hubble-system --output yaml + ``` + + ```yaml title="Example output" hideClipboard {3} + apiVersion: v1 + data: + .dockerconfigjson: abcdEFGhiJKlmnOPQrSTUVwX... # output omitted for brevity + kind: Secret + metadata: + annotations: + meta.helm.sh/release-name: hubble + meta.helm.sh/release-namespace: default + creationTimestamp: "2026-06-18T22:33:37Z" + labels: + app: spectro + app.kubernetes.io/managed-by: Helm + module: hubble + name: spectro-image-pull-secret + namespace: hubble-system + resourceVersion: "28192" + uid: c7991fac-2ec0-4419-b451-10c82208f8e5 + type: kubernetes.io/dockerconfigjson + ``` + + + + \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-begin.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-begin.mdx new file mode 100644 index 00000000000..601804c6fac --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-begin.mdx @@ -0,0 +1,18 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-begin +--- + +The following instructions are written agnostic to the Kubernetes distribution you are using. Depending on the +underlying infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match +your environment. Reach out to our support team if you need assistance. + +1. Open a terminal session and navigate to the directory where you downloaded the {props.version} install ZIP file + provided by our support team. Unzip the file to a directory named {props.helm}-install. + + {`unzip charts.zip -d ${props.helm}-install`} + + +2. Navigate to the {props.helm}-install directory. + + {`cd ${props.helm}-install`} \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-cert-manager-airgap.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-cert-manager-airgap.mdx new file mode 100644 index 00000000000..45e9e151064 --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-cert-manager-airgap.mdx @@ -0,0 +1,68 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-cert-manager-airgap +--- + +Open the file `extras/cert-manager/values.yaml` using a text editor of your choice. This example uses Vim. + + ```shell + vim extras/cert-manager/values.yaml + ``` + + +
  • Append `` to each image, along with the `` where you want to store your images.
    • + + ```yaml + image: + cainjectorImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.19.3-spectro-4.8.b" + controllerImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.19.3-spectro-4.8.b" + webhookImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.19.3-spectro-4.8.b" + amceResolverImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.19.3-spectro-4.8.b" + ``` + + In the example below, we used `harbor.docs.spectro.dev` for the registry and `spectro-images` for the repository. + + ```yaml hideClipboard title="Example output" + image: + cainjectorImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.19.3-spectro-4.8.b" + controllerImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.19.3-spectro-4.8.b" + webhookImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.19.3-spectro-4.8.b" + amceResolverImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.19.3-spectro-4.8.b" + ``` + +
  • If the registry you are pulling images from requires authentication, use the base64-encoded + contents of your `config.json` containing the registry credentials. Refer to + for more information.
    • + + ```yaml title="Example configuration" hideClipboard {5} + imagePullSecret: + # When true, render Secret spectro-image-pull-secret in the cert-manager namespace. + # Pods automatically reference that pull secret when create is true or the secret already exists. + create: false + dockerConfigJson: "abcdEFGhiJKlmnOPQrSTUVwX..." # Used when create is true: base64-encoded dockerconfigjson + ``` + +
  • Install the Cert-Manager Helm chart.
    • + + ```shell + helm upgrade --install cert-manager \ + ./extras/cert-manager/cert-manager-*.tgz \ + --namespace cert-manager \ + --create-namespace \ + --values ./extras/cert-manager/values.yaml + ``` + + ```shell hideClipboard title="Example output" + Release "cert-manager" does not exist. Installing it now. + NAME: cert-manager + LAST DEPLOYED: Wed Jun 17 12:54:27 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 1 + TEST SUITE: None + ``` \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-cert-manager-non-airgap.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-cert-manager-non-airgap.mdx new file mode 100644 index 00000000000..08828b7946b --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-cert-manager-non-airgap.mdx @@ -0,0 +1,62 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-cert-manager-non-airgap +--- + +Open the file `extras/cert-manager/values.yaml` using a text editor of your choice. This example uses Vim. + + ```shell + vim extras/cert-manager/values.yaml + ``` + +
  • If you plan to pull images from Spectro Cloud OCI registries, paste the image pull secret received from your + customer support representative into the `imagePullSecret.dockerConfigJson` field. It is not required if you plan to + use mirror registries or image swap.
    • + + Alternately, if you plan to pull images from a private registry that requires authentication, use the base64-encoded + contents of your `config.json` containing the registry credentials. Refer to + for more information. + + :::info + + If you omit the image pull secret during installation, you must provide it through the system console. Refer to + for more information. + + ::: + + ```yaml title="Example configuration" hideClipboard {5} + imagePullSecret: + # When true, render Secret spectro-image-pull-secret in the cert-manager namespace. + # Pods automatically reference that pull secret when create is true or the secret already exists. + create: false + dockerConfigJson: "abcdEFGhiJKlmnOPQrSTUVwX..." # Used when create is true: base64-encoded dockerconfigjson + ``` + +
  • Install the Cert-Manager Helm chart.
    • + + ```shell + helm upgrade --install cert-manager \ + ./extras/cert-manager/cert-manager-*.tgz \ + --namespace cert-manager \ + --create-namespace \ + --values ./extras/cert-manager/values.yaml + ``` + + ```shell hideClipboard title="Example output" + Release "cert-manager" does not exist. Installing it now. + NAME: cert-manager + LAST DEPLOYED: Wed Jun 17 12:54:27 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 1 + TEST SUITE: None + ``` \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-cluster-prereqs.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-cluster-prereqs.mdx new file mode 100644 index 00000000000..da2d1b081ea --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-cluster-prereqs.mdx @@ -0,0 +1,62 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-cluster-prereqs +--- + +- We recommend the following resources for {props.version}. Refer to our + for additional sizing information. + + - A minimum of three AMD64 (x86_64) nodes. These can be worker nodes or three untainted control plane nodes. + - ARM-based nodes are not supported. + + - 8 CPUs per node + + - 16 GB of memory per node + + - 110 GB of disk space per node + +- The following network ports must be accessible: + + - **TCP/443** - Inbound and outbound to and from the {props.version} management cluster + + - **TCP/6443** - Outbound traffic from the {props.version} management cluster to the deployed workload cluster's Kubernetes API server. + +- The following TLS/SSL certificate files for the domain name you will assign to {props.version}. You must enable HTTPS + encryption for {props.version}. Reach out to your network administrator or security team to obtain these files: + + - x509 TLS/SSL certificate file in base64 format + + - x509 TLS/SSL certificate key file in base64 format + + - x509 TLS/SSL certificate authority file in base64 format + +- The Kubernetes cluster must use a Kubernetes version compatible with your {props.version} version. Refer to + to locate the required Kubernetes version. + +- Ensure the Kubernetes cluster _does_ not have Cert Manager installed. {props.version} requires a unique Cert Manager + configuration to be installed as part of the installation process. If Cert Manager is already installed, you must + uninstall it before installing {props.version}. + +- A Container Storage Interface (CSI) to create persistent volumes, which are used to store + persistent data. You may install any CSI that is compatible with your Kubernetes cluster. + +- A [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) to manage persistent storage, with the + annotation `storageclass.kubernetes.io/is-default-class` set to `true`. You can set a default storage class in your Kubernetes cluster using the + following `kubectl` command. + + ```shell + kubectl patch storageclass --patch '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' + ``` + + To use a non-default storage class for the {props.version} installation, you must set the preferred storage class name + in the {props.helm}/values.yaml file using the `mongo.storageClass` parameter. diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-end.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-end.mdx new file mode 100644 index 00000000000..9138f75d135 --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-end.mdx @@ -0,0 +1,111 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-end +--- + +Install the {props.version} Helm Chart using the following command. + + {`helm upgrade --values ${props.helm}/values.yaml \\\n hubble ${props.helm}/spectro-mgmt-plane-*.tgz --install`} + + ```shell hideClipboard title="Example output" + Release "hubble" does not exist. Installing it now. + NAME: hubble + LAST DEPLOYED: Wed Jun 17 21:41:31 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 1 + TEST SUITE: None + ``` + +
  • Track the installation process using the command below. {props.version} is ready when the deployments in the namespaces + `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` reach the _Ready_ state.
    • + + + + ```shell + kubectl get pods --all-namespaces --watch + ``` + + :::tip + + For a more user-friendly experience, use the open source tool [k9s](https://k9scli.io/) to monitor the installation + process. + + ::: + +
  • Create a DNS CNAME record that is mapped to the {props.version} `traefik-ingress-controller` load balancer. You can use the + following command to retrieve the load balancer IP address. If you need assistance creating the DNS record, contact + your network administrator.
    • + + ```shell + kubectl get service traefik-ingress-controller --namespace ingress-traefik \ + --output jsonpath='{.status.loadBalancer.ingress[0].hostname}' + ``` + + :::warning + + If {props.version} has only one tenant and you use local accounts with Single Sign-On (SSO) disabled, you can access + {props.version} using the IP address or any domain name that resolves to that IP. However, once you enable SSO, users + must log in using the tenant-specific subdomain. For example, if you create a tenant named `tenant1` and the domain + name you assigned to {props.version} is {props.helm}.example.com, the tenant URL will be tenant1.{props.helm}.example.com. We recommend you create an additional wildcard DNS record to map all tenant URLs to the {props.version} load balancer. + For example, *.{props.helm}.example.com. + + ::: + +
  • Use the custom domain name or the IP address of the load balancer to visit the {props.version} system console. To access the + system console, open a web browser and paste the custom domain URL or the IP address of the load balancer in the address bar, and append the value + `/system`.
    • + + The first time you visit the {props.version} system console, a warning message about a not-trusted TLS/SSL certificate may + appear. This is expected, as you still need to upload your TLS/SSL certificate to {props.version}. You can ignore this warning + message and proceed. + + {props.edition === 'vertex' + ? Screenshot of the VerteX system console showing Username and Password fields. + : Screenshot of the Palette system console showing Username and Password fields. + } + + +
  • Log in to the system console using the following default credentials. Refer to + guide for more information.
    • + + | **Parameter** | **Value** | + | ------------- | --------- | + | Username | `admin` | + | Password | `admin` | + + After logging in, you must create a new password. Once you create your password, you are redirected to the {props.version} + system console. Use the username `admin` and your new password to log in to the system console. You can create + additional system administrator accounts and assign roles to users in the system console. Refer to + for more information. + +
  • After logging in, a summary page is displayed. {props.version} is installed with a self-signed TLS/SSL certificate. To assign a + different TLS/SSL certificate, you must upload the SSL certificate, TLS/SSL certificate key, and TLS/SSL certificate authority + files to {props.version}. You can upload the files using the {props.version} system console. Refer to + for more information.
    • + + :::warning + + If you plan to deploy host clusters into different networks, you may require a reverse proxy. Check out the + guide for more information. + + ::: + +You now have a self-hosted instance of {props.version} installed in a Kubernetes cluster. Make sure you retain the `values.yaml` +file, as you can refer to it for future upgrades. \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-image-swap.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-image-swap.mdx new file mode 100644 index 00000000000..acc1228f529 --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-image-swap.mdx @@ -0,0 +1,38 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-image-swap +--- + +_(Self-hosted OCI registry only)_ If you plan to use image swap for self-hosted OCI registries, install the Image Swap + Helm chart. Image swap rewrites pod image references to pull from your mirror registry. {props.version} ignores the + `mirrorRegistries` configuration unless the Image Swap chart is installed. Choose the correct command based on + whether you added your image swap values to {props.helm}/values.yaml or `extras/image-swap/values.yaml`. + + + + + + {`helm upgrade --values ${props.helm}/values.yaml \\\n image-swap extras/image-swap/image-swap-*.tgz --install`} + + + + + + ```shell + helm upgrade --values extras/image-swap/values.yaml \ + image-swap extras/image-swap/image-swap-*.tgz --install + ``` + + + + + + ```shell hideClipboard title="Example output" + Release "image-swap" does not exist. Installing it now. + NAME: image-swap + LAST DEPLOYED: Wed Jun 17 14:44:13 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 1 + TEST SUITE: None + ``` \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-local-prereqs.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-local-prereqs.mdx new file mode 100644 index 00000000000..c2c7d8d3ec7 --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-local-prereqs.mdx @@ -0,0 +1,23 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-local-prereqs +--- + +- Access to the target Kubernetes cluster's kubeconfig file. You must be able to interact with the cluster using + `kubectl` commands and have sufficient permissions to install {props.version}. We recommend using a role with cluster-admin + permissions to install {props.version}. + +- The following software installed and available: + + - [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) + - [Helm](https://helm.sh/docs/intro/install/) + - `unzip` or a similar extraction utility + - `vim`, `nano`, or a similar text editor + +- Access to the {props.version} Helm charts (`charts.zip`). Refer to + for instructions on how to request access. \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-main-chart-airgap.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-main-chart-airgap.mdx new file mode 100644 index 00000000000..2b8db6a58cd --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-main-chart-airgap.mdx @@ -0,0 +1,517 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-main-chart-airgap +--- + +Open the file {props.helm}/values.yaml using a text editor of your choice. This example uses Vim. + + {`vim ${props.helm}/values.yaml`} + + +
  • The file {props.helm}/values.yaml contains the default values for the {props.version} installation parameters. The following table lists the most important parameters to pay attention to. For a complete list of fields and additional + information, refer to + for more information.
    • + + | **Parameter** | **Description** | **Type** | + | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | + | `global.imagePullSecret.dockerConfigJson` | If you plan to pull images from private registries that require authentication, paste your image pull secret here. This must match the image pull secret configured for [Cert-Manager](#cert-manager-helm-chart). | string | + | `env.rootDomain` | The URL name or IP address you will use for the {props.version} installation. | string | + | `config.installationMode` | Determines whether your {props.version} installation should have a default connection to the internet. Set to `airgap`. | string | + | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for {props.version} FIPS packs. These credentials are provided by our support team. If using images from a self-hosted OCI registry instead, leave these sections blank and refer to the [Self-Hosted OCI Registries](#self-hosted-oci-registries) table instead. | object | + | `ingress.enabled` | Whether to install the Traefik ingress controller. Set to `false` if you already have an ingress controller deployed in the cluster. | boolean | + | `reachSystem` | _(Proxy environments only)_ Set `reachSystem.enabled` to `true` and configure the `reachSystem.proxySettings` parameters to configure {props.version} to use a network proxy in your environment | object | + | `mongo.storageClass` | If you do not have a default storage class in your cluster (the annotation `"storageclass.kubernetes.io/is-default-class":"true"`), enter the name of the storage class to use for your {props.version} installation. | string | + + #### Self-Hosted OCI Registries + + The following parameters are required if you pull {props.version} images from a self-hosted OCI registry instead of a + Spectro Cloud OCI registry or AWS ECR. + + :::tip + + If you would prefer to keep your image swap values in a separate location, you can use the following table to + complete the `extras/image-swap/values.yaml` file instead. Otherwise, complete the following fields in {props.helm}/values.yaml. + + Use the following command to extract and edit the `extras/image-swap/values.yaml` file. + + ```shell + tar --extract --verbose --gzip --file extras/image-swap/image-swap-*.tgz --directory extras/ + vim extras/image-swap/values.yaml + ``` + + ::: + + | **Parameter** | **Description** | **Type** | + | ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | + | `ociImageRegistry` | Configure the registry endpoint, credentials, and `mirrorRegistries` values. Refer to the page for parameter descriptions. | object | + | `ociImageRegistry.mirrorRegistries` | A comma-separated list of mirror registries in image swap format that maps public registry paths to your private registry. Refer to the page for examples. | string | + | `imageSwapImages` | The Image Swap init and webhook images. If you host these images in your OCI registry, replace the image paths with your registry URL and namespace or project. | object | + | `imageSwapConfig.isEKSCluster` | Set to `true` if you are installing {props.version} on an Amazon EKS cluster. Set to `false` for all other Kubernetes distributions. | boolean | + + :::info + + Include `/v2` in your mirror registry endpoints if you are using a + [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. + Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other + registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. + + Including `/v2` + for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: + `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. + + ::: + +
  • Save the completed {props.helm}/values.yaml file. You can review the following examples of the + {props.helm}/values.yaml file with the required parameters highlighted.
    • + + + + + + ```yaml {8,26,29,60,84-93,122-123,149-151} + ######################### + # Spectro Cloud Palette # + ######################### + + global: + imagePullSecret: + # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication + dockerConfigJson: "abcdEFGhiJKlmnOPQrSTUVwX..." # omitted for brevity + + # MongoDB Configuration + mongo: + # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas + internal: true + + # Mongodb URL. Only change if using Mongo Atlas. + databaseUrl: "mongo-0.mongo.hubble-system.svc.cluster.local,mongo-1.mongo.hubble-system.svc.cluster.local,mongo-2.mongo.hubble-system.svc.cluster.local" + # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. + databasePassword: "" + + #No. of mongo replicas to run, default is 3 + replicas: 3 + # The following only apply if mongo.internal == true + cpuLimit: "2000m" + memoryLimit: "4Gi" + pvcSize: "20Gi" + storageClass: "" # leave empty to use the default storage class + + config: + installationMode: "airgap" #values can be connected or airgap. + isPaletteBaseCluster: false + + # SSO SAML Configuration (Optional for self-hosted type) + sso: + saml: + enabled: false + acsUrlRoot: "myfirstpalette.spectrocloud.com" + acsUrlScheme: "https" + audienceUrl: "https://www.spectrocloud.com" + entityId: "https://www.spectrocloud.com" + apiVersion: "v1" + + # Email Configurations. (Optional for self-hosted type) + email: + enabled: false + emailId: "noreply@spectrocloud.com" + smtpServer: "smtp.gmail.com" + smtpPort: 587 + insecureSkipVerifyTls: false + fromEmailId: "noreply@spectrocloud.com" + password: "" # base64 encoded SMTP password + + env: + # rootDomain is a DNS record which will be mapped to the ingress controller load balancer + # E.g., myfirstpalette.spectrocloud.com + # - Mandatory if ingress.traefik.hostPort == false (LoadBalancer mode) + # - Optional if ingress.traefik.hostPort == true (hostPort / appliance mode, leave empty) + # + # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes + # E.g., *.myfirstpalette.spectrocloud.com + rootDomain: "my-domain.docs-test.spectrocloud.com" + + # stableEndpointAccess is used when deploying EKS clusters in Private network type. + # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true + cluster: + stableEndpointAccess: false + + # registry: + # endpoint: "" # + # name: "" # + # password: "" # + # username: "" # + # insecureSkipVerify: false + # caCert: "" + + # ociPackRegistry: + # endpoint: "" # + # name: "" # + # password: "" # + # username: "" # + # baseContentPath: "" # + # insecureSkipVerify: false + # caCert: "" + + ociPackEcrRegistry: + endpoint: "https://123456789.dkr.ecr.us-east-1.amazonaws.com" # + name: "Palette Packs" # + accessKey: "**********" # + secretKey: "**********" # + baseContentPath: "production-fips" # + isPrivate: true + insecureSkipVerify: false + caCert: "" + credentialType: "" + + # ociImageRegistry: + # endpoint: "" # + # name: "" # + # password: "" # + # username: "" # + # baseContentPath: "" # + # insecureSkipVerify: false + # caCert: "" + # mirrorRegistries: "" # See instructions below. + + # Instruction for mirrorRegistries. + # ---------------------------------- + # Please provide the registry endpoint for the following registries, separated by double colons (::): + # docker.io + # gcr.io + # ghcr.io + # k8s.gcr.io + # registry.k8s.io + # quay.io + # For each registry, follow this example format: + # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ + # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. + + imageSwapImages: + imageSwapInitImage: "us-docker.pkg.dev/palette-images-fips/third-party/thewebroot/imageswap-init:v1.5.3-spectro-4.9.0" + imageSwapImage: "us-docker.pkg.dev/palette-images-fips/third-party/thewebroot/imageswap:v1.5.3-spectro-4.9.0" + + imageSwapConfig: + isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false + + grpc: + external: false + endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 + annotations: {} + # AWS example + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + + # Azure example + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel + + # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. + grpcStaticIP: "" + caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert + serverCrtBase64: "" + serverKeyBase64: "" + insecureSkipVerify: false + tunnel: + preferredServer: + endpoint: "" + servers: + - endpoint: "" + ingress: + # When enabled the Traefik ingress controller would be installed + enabled: true + + # Port allocation behaviour based on traefik.hostPort: + # + # traefik.hostPort=false → Traefik: 80/443 (LoadBalancer Service) -- default behaviour for self-hosted / cloud setups with an external LB. + # traefik.hostPort=true → Traefik: 80/443 (bound to node hostPort) -- appliance / on-prem setup with no external LB. + traefik: + # Whether to front the Traefik ingress controller with a cloud + # load balancer (hostPort == false) or bind directly to node host ports (hostPort == true) + hostPort: false + + ingress: + # Default SSL certificate and key for the ingress controller (Optional) + # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com + # If left blank, a self-signed cert will be generated (when terminating TLS upstream of the ingress controller) + certificate: "" + key: "" + + #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. + annotations: {} + # AWS example + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: + # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' + + # Azure example + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel + + # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. + ingressStaticIP: "" + + # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. + terminateHTTPSAtLoadBalancer: false + + frps: + frps: + enabled: false + frpHostURL: proxy.sample.spectrocloud.com + server: + crt: LS0tLS1CRUdJTiBDRVJU... # omitted for brevity + key: LS0tLS1CRUdJTiBSU0Eg... # omitted for brevity + ca: + crt: LS0tLS1CRUdJTiBDRVJ... # omitted for brevity + service: + annotations: {} + + ui-system: + enabled: true + ui: + nocUI: + enable: true + mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette + mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID + + reachSystem: + enabled: false + proxySettings: + http_proxy: "" + https_proxy: "" + no_proxy: "" + ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. + scheduleOnControlPlane: true + ``` + + + + + + ```yaml {8,26,29,60,75-82,94-102,117-119,121-122,149-150} + ######################### + # Spectro Cloud Palette # + ######################### + + global: + imagePullSecret: + # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication + dockerConfigJson: "abcdEFGhiJKlmnOPQrSTUVwX..." # omitted for brevity + + # MongoDB Configuration + mongo: + # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas + internal: true + + # Mongodb URL. Only change if using Mongo Atlas. + databaseUrl: "mongo-0.mongo.hubble-system.svc.cluster.local,mongo-1.mongo.hubble-system.svc.cluster.local,mongo-2.mongo.hubble-system.svc.cluster.local" + # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. + databasePassword: "" + + #No. of mongo replicas to run, default is 3 + replicas: 3 + # The following only apply if mongo.internal == true + cpuLimit: "2000m" + memoryLimit: "4Gi" + pvcSize: "20Gi" + storageClass: "" # leave empty to use the default storage class + + config: + installationMode: "airgap" #values can be connected or airgap. + isPaletteBaseCluster: false + + # SSO SAML Configuration (Optional for self-hosted type) + sso: + saml: + enabled: false + acsUrlRoot: "myfirstpalette.spectrocloud.com" + acsUrlScheme: "https" + audienceUrl: "https://www.spectrocloud.com" + entityId: "https://www.spectrocloud.com" + apiVersion: "v1" + + # Email Configurations. (Optional for self-hosted type) + email: + enabled: false + emailId: "noreply@spectrocloud.com" + smtpServer: "smtp.gmail.com" + smtpPort: 587 + insecureSkipVerifyTls: false + fromEmailId: "noreply@spectrocloud.com" + password: "" # base64 encoded SMTP password + + env: + # rootDomain is a DNS record which will be mapped to the ingress controller load balancer + # E.g., myfirstpalette.spectrocloud.com + # - Mandatory if ingress.traefik.hostPort == false (LoadBalancer mode) + # - Optional if ingress.traefik.hostPort == true (hostPort / appliance mode, leave empty) + # + # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes + # E.g., *.myfirstpalette.spectrocloud.com + rootDomain: "my-domain.docs-test.spectrocloud.com" + + # stableEndpointAccess is used when deploying EKS clusters in Private network type. + # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true + cluster: + stableEndpointAccess: false + + # registry: + # endpoint: "" # + # name: "" # + # password: "" # + # username: "" # + # insecureSkipVerify: false + # caCert: "" + + ociPackRegistry: + endpoint: "example.harbor.org" # + name: "Packs OCI" # + password: "**************" # + username: "**************" # + baseContentPath: "spectro-packs" # + insecureSkipVerify: false + caCert: "" + + # ociPackEcrRegistry: + # endpoint: "" # + # name: "" # + # accessKey: "" # + # secretKey: "" # + # baseContentPath: "" # + # isPrivate: true + # insecureSkipVerify: false + # caCert: "" + + ociImageRegistry: + endpoint: "example.harbor.org" # + name: "Images OCI" # + password: "**************" # + username: "**************" # + baseContentPath: "spectro-images" # + insecureSkipVerify: false + caCert: "" + mirrorRegistries: "docker.io::harbor.example.org/project/docker.io,gcr.io::harbor.example.org/project/gcr.io" # See instructions below. + + # Instruction for mirrorRegistries. + # ---------------------------------- + # Please provide the registry endpoint for the following registries, separated by double colons (::): + # docker.io + # gcr.io + # ghcr.io + # k8s.gcr.io + # registry.k8s.io + # quay.io + # For each registry, follow this example format: + # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ + # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. + + imageSwapImages: + imageSwapInitImage: "harbor.example.org/project/us-docker.pkg.dev/palette-images-fips/third-party/thewebroot/imageswap-init:v1.5.3-spectro-4.9.0" + imageSwapImage: "harbor.example.org/project/us-docker.pkg.dev/palette-images-fips/third-party/thewebroot/imageswap:v1.5.3-spectro-4.9.0" + + imageSwapConfig: + isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false + + grpc: + external: false + endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 + annotations: {} + # AWS example + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + + # Azure example + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel + + # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. + grpcStaticIP: "" + caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert + serverCrtBase64: "" + serverKeyBase64: "" + insecureSkipVerify: false + tunnel: + preferredServer: + endpoint: "" + servers: + - endpoint: "" + ingress: + # When enabled the Traefik ingress controller would be installed + enabled: true + + # Port allocation behaviour based on traefik.hostPort: + # + # traefik.hostPort=false → Traefik: 80/443 (LoadBalancer Service) -- default behaviour for self-hosted / cloud setups with an external LB. + # traefik.hostPort=true → Traefik: 80/443 (bound to node hostPort) -- appliance / on-prem setup with no external LB. + traefik: + # Whether to front the Traefik ingress controller with a cloud + # load balancer (hostPort == false) or bind directly to node host ports (hostPort == true) + hostPort: false + + ingress: + # Default SSL certificate and key for the ingress controller (Optional) + # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com + # If left blank, a self-signed cert will be generated (when terminating TLS upstream of the ingress controller) + certificate: "" + key: "" + + #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. + annotations: {} + # AWS example + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: + # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' + + # Azure example + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel + + # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. + ingressStaticIP: "" + + # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. + terminateHTTPSAtLoadBalancer: false + + frps: + frps: + enabled: false + frpHostURL: proxy.sample.spectrocloud.com + server: + crt: LS0tLS1CRUdJTiBDRVJU... # omitted for brevity + key: LS0tLS1CRUdJTiBSU0Eg... # omitted for brevity + ca: + crt: LS0tLS1CRUdJTiBDRVJ... # omitted for brevity + service: + annotations: {} + + ui-system: + enabled: true + ui: + nocUI: + enable: true + mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette + mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID + + reachSystem: + enabled: false + proxySettings: + http_proxy: "" + https_proxy: "" + no_proxy: "" + ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. + scheduleOnControlPlane: true + ``` + + + + \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-main-chart-non-airgap.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-main-chart-non-airgap.mdx new file mode 100644 index 00000000000..f396726db75 --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-main-chart-non-airgap.mdx @@ -0,0 +1,516 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-main-chart-non-airgap +--- + +Open the file {props.helm}/values.yaml using a text editor of your choice. This example uses Vim. + + {`vim ${props.helm}/values.yaml`} + + +
  • The file {props.helm}/values.yaml contains the default values for the {props.version} installation parameters. The following table lists the most important parameters to pay attention to. For a complete list of fields and additional + information, refer to + for more information.
    • + + | **Parameter** | **Description** | **Type** | + | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | + | `global.imagePullSecret.dockerConfigJson` | If you plan to pull images from Spectro Cloud OCI registries (without mirror registries or image swap configured) or images from private registries that require authentication, paste your image pull secret here. This must match the image pull secret configured for [Cert-Manager](#cert-manager-helm-chart). If you omit the image pull secret during installation, you must provide it through the system console. Refer to for more information. | string | + | `env.rootDomain` | The URL name or IP address you will use for the {props.version} installation. | string | + | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for {props.version} FIPS packs. These credentials are provided by our support team. If using images from a self-hosted OCI registry instead, leave these sections blank and refer to the [Self-Hosted OCI Registries](#self-hosted-oci-registries) table instead. | object | + | `ingress.enabled` | Whether to install the Traefik ingress controller. Set to `false` if you already have an ingress controller deployed in the cluster. | boolean | + | `reachSystem` | _(Proxy environments only)_ Set `reachSystem.enabled` to `true` and configure the `reachSystem.proxySettings` parameters to configure {props.version} to use a network proxy in your environment | object | + | `mongo.storageClass` | If you do not have a default storage class in your cluster (the annotation `"storageclass.kubernetes.io/is-default-class":"true"`), enter the name of the storage class to use for your {props.version} installation. | string | + + #### Self-Hosted OCI Registries + + The following parameters are required if you pull {props.version} images from a self-hosted OCI registry instead of a + Spectro Cloud OCI registry or AWS ECR. + + :::tip + + If you would prefer to keep your image swap values in a separate location, you can use the following table to + complete the `extras/image-swap/values.yaml` file instead. Otherwise, complete the following fields in {props.helm}/values.yaml. + + Use the following command to extract and edit the `extras/image-swap/values.yaml` file. + + ```shell + tar --extract --verbose --gzip --file extras/image-swap/image-swap-*.tgz --directory extras/ + vim extras/image-swap/values.yaml + ``` + + ::: + + | **Parameter** | **Description** | **Type** | + | ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | + | `ociImageRegistry` | Configure the registry endpoint, credentials, and `mirrorRegistries` values. Refer to the page for parameter descriptions. | object | + | `ociImageRegistry.mirrorRegistries` | A comma-separated list of mirror registries in image swap format that maps public registry paths to your private registry. Refer to the page for examples. | string | + | `imageSwapImages` | The Image Swap init and webhook images. If you host these images in your OCI registry, replace the image paths with your registry URL and namespace or project. | object | + | `imageSwapConfig.isEKSCluster` | Set to `true` if you are installing {props.version} on an Amazon EKS cluster. Set to `false` for all other Kubernetes distributions. | boolean | + + :::info + + Include `/v2` in your mirror registry endpoints if you are using a + [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. + Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other + registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. + + Including `/v2` + for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: + `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. + + ::: + +
  • Save the completed {props.helm}/values.yaml file. You can review the following examples of the + {props.helm}/values.yaml file with the required parameters highlighted.
    • + + + + + + ```yaml {8,26,60,84-93,122-123,149-151} + ######################### + # Spectro Cloud Palette # + ######################### + + global: + imagePullSecret: + # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication + dockerConfigJson: "abcdEFGhiJKlmnOPQrSTUVwX..." # omitted for brevity + + # MongoDB Configuration + mongo: + # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas + internal: true + + # Mongodb URL. Only change if using Mongo Atlas. + databaseUrl: "mongo-0.mongo.hubble-system.svc.cluster.local,mongo-1.mongo.hubble-system.svc.cluster.local,mongo-2.mongo.hubble-system.svc.cluster.local" + # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. + databasePassword: "" + + #No. of mongo replicas to run, default is 3 + replicas: 3 + # The following only apply if mongo.internal == true + cpuLimit: "2000m" + memoryLimit: "4Gi" + pvcSize: "20Gi" + storageClass: "" # leave empty to use the default storage class + + config: + installationMode: "connected" #values can be connected or airgap. + isPaletteBaseCluster: false + + # SSO SAML Configuration (Optional for self-hosted type) + sso: + saml: + enabled: false + acsUrlRoot: "myfirstpalette.spectrocloud.com" + acsUrlScheme: "https" + audienceUrl: "https://www.spectrocloud.com" + entityId: "https://www.spectrocloud.com" + apiVersion: "v1" + + # Email Configurations. (Optional for self-hosted type) + email: + enabled: false + emailId: "noreply@spectrocloud.com" + smtpServer: "smtp.gmail.com" + smtpPort: 587 + insecureSkipVerifyTls: false + fromEmailId: "noreply@spectrocloud.com" + password: "" # base64 encoded SMTP password + + env: + # rootDomain is a DNS record which will be mapped to the ingress controller load balancer + # E.g., myfirstpalette.spectrocloud.com + # - Mandatory if ingress.traefik.hostPort == false (LoadBalancer mode) + # - Optional if ingress.traefik.hostPort == true (hostPort / appliance mode, leave empty) + # + # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes + # E.g., *.myfirstpalette.spectrocloud.com + rootDomain: "my-domain.docs-test.spectrocloud.com" + + # stableEndpointAccess is used when deploying EKS clusters in Private network type. + # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true + cluster: + stableEndpointAccess: false + + # registry: + # endpoint: "" # + # name: "" # + # password: "" # + # username: "" # + # insecureSkipVerify: false + # caCert: "" + + # ociPackRegistry: + # endpoint: "" # + # name: "" # + # password: "" # + # username: "" # + # baseContentPath: "" # + # insecureSkipVerify: false + # caCert: "" + + ociPackEcrRegistry: + endpoint: "https://123456789.dkr.ecr.us-east-1.amazonaws.com" # + name: "Palette Packs" # + accessKey: "**********" # + secretKey: "**********" # + baseContentPath: "production-fips" # + isPrivate: true + insecureSkipVerify: false + caCert: "" + credentialType: "" + + # ociImageRegistry: + # endpoint: "" # + # name: "" # + # password: "" # + # username: "" # + # baseContentPath: "" # + # insecureSkipVerify: false + # caCert: "" + # mirrorRegistries: "" # See instructions below. + + # Instruction for mirrorRegistries. + # ---------------------------------- + # Please provide the registry endpoint for the following registries, separated by double colons (::): + # docker.io + # gcr.io + # ghcr.io + # k8s.gcr.io + # registry.k8s.io + # quay.io + # For each registry, follow this example format: + # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ + # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. + + imageSwapImages: + imageSwapInitImage: "us-docker.pkg.dev/palette-images-fips/third-party/thewebroot/imageswap-init:v1.5.3-spectro-4.9.0" + imageSwapImage: "us-docker.pkg.dev/palette-images-fips/third-party/thewebroot/imageswap:v1.5.3-spectro-4.9.0" + + imageSwapConfig: + isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false + + grpc: + external: false + endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 + annotations: {} + # AWS example + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + + # Azure example + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel + + # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. + grpcStaticIP: "" + caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert + serverCrtBase64: "" + serverKeyBase64: "" + insecureSkipVerify: false + tunnel: + preferredServer: + endpoint: "" + servers: + - endpoint: "" + ingress: + # When enabled the Traefik ingress controller would be installed + enabled: true + + # Port allocation behaviour based on traefik.hostPort: + # + # traefik.hostPort=false → Traefik: 80/443 (LoadBalancer Service) -- default behaviour for self-hosted / cloud setups with an external LB. + # traefik.hostPort=true → Traefik: 80/443 (bound to node hostPort) -- appliance / on-prem setup with no external LB. + traefik: + # Whether to front the Traefik ingress controller with a cloud + # load balancer (hostPort == false) or bind directly to node host ports (hostPort == true) + hostPort: false + + ingress: + # Default SSL certificate and key for the ingress controller (Optional) + # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com + # If left blank, a self-signed cert will be generated (when terminating TLS upstream of the ingress controller) + certificate: "" + key: "" + + #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. + annotations: {} + # AWS example + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: + # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' + + # Azure example + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel + + # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. + ingressStaticIP: "" + + # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. + terminateHTTPSAtLoadBalancer: false + + frps: + frps: + enabled: false + frpHostURL: proxy.sample.spectrocloud.com + server: + crt: LS0tLS1CRUdJTiBDRVJU... # omitted for brevity + key: LS0tLS1CRUdJTiBSU0Eg... # omitted for brevity + ca: + crt: LS0tLS1CRUdJTiBDRVJ... # omitted for brevity + service: + annotations: {} + + ui-system: + enabled: true + ui: + nocUI: + enable: true + mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette + mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID + + reachSystem: + enabled: false + proxySettings: + http_proxy: "" + https_proxy: "" + no_proxy: "" + ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. + scheduleOnControlPlane: true + ``` + + + + + + ```yaml {8,26,60,75-82,94-102,117-119,121-122,149-150} + ######################### + # Spectro Cloud Palette # + ######################### + + global: + imagePullSecret: + # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication + dockerConfigJson: "abcdEFGhiJKlmnOPQrSTUVwX..." # omitted for brevity + + # MongoDB Configuration + mongo: + # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas + internal: true + + # Mongodb URL. Only change if using Mongo Atlas. + databaseUrl: "mongo-0.mongo.hubble-system.svc.cluster.local,mongo-1.mongo.hubble-system.svc.cluster.local,mongo-2.mongo.hubble-system.svc.cluster.local" + # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. + databasePassword: "" + + #No. of mongo replicas to run, default is 3 + replicas: 3 + # The following only apply if mongo.internal == true + cpuLimit: "2000m" + memoryLimit: "4Gi" + pvcSize: "20Gi" + storageClass: "" # leave empty to use the default storage class + + config: + installationMode: "connected" #values can be connected or airgap. + isPaletteBaseCluster: false + + # SSO SAML Configuration (Optional for self-hosted type) + sso: + saml: + enabled: false + acsUrlRoot: "myfirstpalette.spectrocloud.com" + acsUrlScheme: "https" + audienceUrl: "https://www.spectrocloud.com" + entityId: "https://www.spectrocloud.com" + apiVersion: "v1" + + # Email Configurations. (Optional for self-hosted type) + email: + enabled: false + emailId: "noreply@spectrocloud.com" + smtpServer: "smtp.gmail.com" + smtpPort: 587 + insecureSkipVerifyTls: false + fromEmailId: "noreply@spectrocloud.com" + password: "" # base64 encoded SMTP password + + env: + # rootDomain is a DNS record which will be mapped to the ingress controller load balancer + # E.g., myfirstpalette.spectrocloud.com + # - Mandatory if ingress.traefik.hostPort == false (LoadBalancer mode) + # - Optional if ingress.traefik.hostPort == true (hostPort / appliance mode, leave empty) + # + # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes + # E.g., *.myfirstpalette.spectrocloud.com + rootDomain: "my-domain.docs-test.spectrocloud.com" + + # stableEndpointAccess is used when deploying EKS clusters in Private network type. + # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true + cluster: + stableEndpointAccess: false + + # registry: + # endpoint: "" # + # name: "" # + # password: "" # + # username: "" # + # insecureSkipVerify: false + # caCert: "" + + ociPackRegistry: + endpoint: "example.harbor.org" # + name: "Packs OCI" # + password: "**************" # + username: "**************" # + baseContentPath: "spectro-packs" # + insecureSkipVerify: false + caCert: "" + + # ociPackEcrRegistry: + # endpoint: "" # + # name: "" # + # accessKey: "" # + # secretKey: "" # + # baseContentPath: "" # + # isPrivate: true + # insecureSkipVerify: false + # caCert: "" + + ociImageRegistry: + endpoint: "example.harbor.org" # + name: "Images OCI" # + password: "**************" # + username: "**************" # + baseContentPath: "spectro-images" # + insecureSkipVerify: false + caCert: "" + mirrorRegistries: "docker.io::harbor.example.org/project/docker.io,gcr.io::harbor.example.org/project/gcr.io" # See instructions below. + + # Instruction for mirrorRegistries. + # ---------------------------------- + # Please provide the registry endpoint for the following registries, separated by double colons (::): + # docker.io + # gcr.io + # ghcr.io + # k8s.gcr.io + # registry.k8s.io + # quay.io + # For each registry, follow this example format: + # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ + # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. + + imageSwapImages: + imageSwapInitImage: "harbor.example.org/project/us-docker.pkg.dev/palette-images-fips/third-party/thewebroot/imageswap-init:v1.5.3-spectro-4.9.0" + imageSwapImage: "harbor.example.org/project/us-docker.pkg.dev/palette-images-fips/third-party/thewebroot/imageswap:v1.5.3-spectro-4.9.0" + + imageSwapConfig: + isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false + + grpc: + external: false + endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 + annotations: {} + # AWS example + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + + # Azure example + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel + + # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. + grpcStaticIP: "" + caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert + serverCrtBase64: "" + serverKeyBase64: "" + insecureSkipVerify: false + tunnel: + preferredServer: + endpoint: "" + servers: + - endpoint: "" + ingress: + # When enabled the Traefik ingress controller would be installed + enabled: true + + # Port allocation behaviour based on traefik.hostPort: + # + # traefik.hostPort=false → Traefik: 80/443 (LoadBalancer Service) -- default behaviour for self-hosted / cloud setups with an external LB. + # traefik.hostPort=true → Traefik: 80/443 (bound to node hostPort) -- appliance / on-prem setup with no external LB. + traefik: + # Whether to front the Traefik ingress controller with a cloud + # load balancer (hostPort == false) or bind directly to node host ports (hostPort == true) + hostPort: false + + ingress: + # Default SSL certificate and key for the ingress controller (Optional) + # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com + # If left blank, a self-signed cert will be generated (when terminating TLS upstream of the ingress controller) + certificate: "" + key: "" + + #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. + annotations: {} + # AWS example + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: + # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' + + # Azure example + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel + + # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. + ingressStaticIP: "" + + # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. + terminateHTTPSAtLoadBalancer: false + + frps: + frps: + enabled: false + frpHostURL: proxy.sample.spectrocloud.com + server: + crt: LS0tLS1CRUdJTiBDRVJU... # omitted for brevity + key: LS0tLS1CRUdJTiBSU0Eg... # omitted for brevity + ca: + crt: LS0tLS1CRUdJTiBDRVJ... # omitted for brevity + service: + annotations: {} + + ui-system: + enabled: true + ui: + nocUI: + enable: true + mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette + mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID + + reachSystem: + enabled: false + proxySettings: + http_proxy: "" + https_proxy: "" + no_proxy: "" + ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. + scheduleOnControlPlane: true + ``` + + + + \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-other-prereqs.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-other-prereqs.mdx new file mode 100644 index 00000000000..9d1a7b6bc33 --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-other-prereqs.mdx @@ -0,0 +1,24 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-other-prereqs +--- + +- If you are using a _self-hosted MongoDB_ instance, such as MongoDB Atlas, ensure the MongoDB database has a user named + `hubble` with the permission `readWriteAnyDatabase`. Refer to the + [Add a Database User](https://www.mongodb.com/docs/guides/atlas/db-user/) guide for more information. + +- A custom domain and the ability to update DNS records. You will need this to enable HTTPS + encryption for {props.version}. + +- (Proxy environments only) If you are installing {props.version} behind a network proxy server, ensure {props.version} has access to the + required domains and ports. Refer to + for more information. + +- (Proxy environments only) If you are installing {props.version} behind a network proxy server, ensure you have the network proxy's Certificate + Authority (CA) certificate file in the base64 format. You will need this to enable {props.version} to communicate with the + network proxy server. \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-reach-system.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-reach-system.mdx new file mode 100644 index 00000000000..671f0c687be --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-reach-system.mdx @@ -0,0 +1,44 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-reach-system +--- + +_(Proxy environments only)_ If you are installing {props.version} in an environment where a network proxy must be + configured for {props.version} to access the internet, install the Reach System chart using the following command. + + :::warning + + Ensure you + set `reach-system.enabled` to `true` and configure `reach-system.proxySettings` in {props.helm}/values.yaml as well. + + ::: + + {`helm upgrade --values ${props.helm}/values.yaml \\\n reach-system extras/reach-system/reach-system-*.tgz --install`} + + ```shell hideClipboard title="Example output" + Release "reach-system" does not exist. Installing it now. + NAME: reach-system + LAST DEPLOYED: Fri Jan 30 18:40:57 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 1 + TEST SUITE: None + ``` + +
    + + Update containerd to use proxy configurations + + If your Kubernetes cluster is behind a network proxy, ensure the containerd service is configured to use proxy + settings. You can do this by updating the containerd configuration file on each node in the cluster. The + configuration file is typically located at `/etc/systemd/system/containerd.service.d/http-proxy.conf`. The following example shows configured proxy settings. Replace the values with your proxy settings. Ask your network administrator for + guidance. + + ``` + [Service] + Environment="HTTP_PROXY=http://example.com:9090" + Environment="HTTPS_PROXY=http://example.com:9090" + Environment="NO_PROXY=127.0.0.1,localhost,100.64.0.0/17,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,,.cluster.local" + ``` + +
    \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-spectro-mgmt-crds.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-spectro-mgmt-crds.mdx new file mode 100644 index 00000000000..db0e5ce3204 --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-spectro-mgmt-crds.mdx @@ -0,0 +1,24 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-spectro-mgmt-crds +--- + +Install the Spectro Management CRDs chart. This chart contains Custom Resource Definitions (CRDs) required by + {props.version}, including Traefik CRDs, and must be installed before the main {props.version} Helm chart. When the + chart is installed, the custom resource types are registered with the Kubernetes API server; no pods are deployed. + + ```shell + helm upgrade --install spectro-mgmt-crds \ + extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz \ + --values extras/spectro-mgmt-crds/values.yaml + ``` + + ```shell hideClipboard title="Example output" + Release "spectro-mgmt-crds" does not exist. Installing it now. + NAME: spectro-mgmt-crds + LAST DEPLOYED: Wed Jun 17 21:17:39 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 1 + TEST SUITE: None + ``` \ No newline at end of file diff --git a/_partials/self-hosted/kubernetes-install/_kubernetes-install-validate.mdx b/_partials/self-hosted/kubernetes-install/_kubernetes-install-validate.mdx new file mode 100644 index 00000000000..54371a87fe4 --- /dev/null +++ b/_partials/self-hosted/kubernetes-install/_kubernetes-install-validate.mdx @@ -0,0 +1,114 @@ +--- +partial_category: self-hosted +partial_name: kubernetes-install-validate +--- + +Use the following steps to validate your {props.version} installation. + + + + + +1. Open up a web browser and navigate to the {props.version} system console. To access the system console, open a web + browser and paste the `env.rootDomain` value you provided in the address bar and append the value `/system`. You can + also use the IP address of the load balancer. + +2. Log in using the default credentials. After logging in, you are prompted to create a new password. Enter a new + password and save your changes. You are redirected to the {props.version} system console. + + + + + +1. Open a terminal session with access to the cluster you installed {props.version} on. + +2. Verify all pods in all namespaces are running. + + ```shell + kubectl get pods --all-namespaces + ``` + + ```shell hideClipboard title="Example output" + NAMESPACE NAME READY STATUS RESTARTS AGE + cert-manager cert-manager-5fb779d887-mz2vb 1/1 Running 0 8m46s + cert-manager cert-manager-cainjector-764f9646d4-7nhpq 1/1 Running 0 8m46s + cert-manager cert-manager-webhook-85b8dbdddd-fkn6z 1/1 Running 0 8m46s + cp-system spectro-cp-ui-5dffbcdc78-gk8st 1/1 Running 0 7m14s + hubble-system auth-7f4c7ff9c-2clwp 1/1 Running 0 6m8s + hubble-system auth-7f4c7ff9c-j84bt 1/1 Running 0 6m7s + hubble-system cloud-8f8467c95-9r8bp 1/1 Running 0 6m7s + hubble-system cloud-8f8467c95-pvcv4 1/1 Running 0 6m8s + hubble-system configserver-5bc8f9fdcb-mbt66 1/1 Running 0 6m8s + hubble-system event-5fbf6b7f44-bmzdk 1/1 Running 0 6m8s + hubble-system event-5fbf6b7f44-cxc58 1/1 Running 0 6m7s + hubble-system event-5fbf6b7f44-zhr9h 1/1 Running 0 6m7s + hubble-system foreq-8487bf9bbf-847vj 1/1 Running 0 6m7s + hubble-system hashboard-66f957cfdf-k48wn 1/1 Running 0 6m7s + hubble-system hashboard-66f957cfdf-pddx7 1/1 Running 0 6m6s + hubble-system hutil-7cc6975bb5-5mhjp 1/1 Running 0 6m6s + hubble-system hutil-7cc6975bb5-jwzr5 1/1 Running 0 6m7s + hubble-system memstore-7d59d65f67-j8lls 1/1 Running 0 6m6s + hubble-system mgmt-54fb5f487d-dj2tz 1/1 Running 0 7m14s + hubble-system mongo-0 2/2 Running 0 6m33s + hubble-system mongo-1 2/2 Running 0 5m47s + hubble-system mongo-2 2/2 Running 0 4m57s + hubble-system mongodb-key-manager-helm-k6294 0/1 Completed 0 7m15s + hubble-system msgbroker-0 1/1 Running 0 7m15s + hubble-system msgbroker-1 1/1 Running 0 6m43s + hubble-system oci-proxy-78cd749dc9-jfs86 1/1 Running 0 6m6s + hubble-system reloader-reloader-55d78d877b-7tnkq 1/1 Running 0 6m6s + hubble-system specman-0 1/1 Running 0 6m2s + hubble-system spectro-tunnel-74d559dd65-hlwch 1/1 Running 0 6m5s + hubble-system spectrocluster-6885954988-knrfq 1/1 Running 0 6m5s + hubble-system spectrocluster-6885954988-pb6pr 1/1 Running 0 6m5s + hubble-system spectrocluster-6885954988-xcvk9 1/1 Running 0 6m5s + hubble-system spectrocluster-jobs-7dc76bf6c7-pjc7l 1/1 Running 0 6m5s + hubble-system spectrocluster-reconciler-dcfd55ff5-gnfjg 1/1 Running 0 6m4s + hubble-system spectroclusterop-58966f7f54-grznt 1/1 Running 0 6m4s + hubble-system spectroclusterop-58966f7f54-jj9m6 1/1 Running 0 6m4s + hubble-system spectrossh-589d975d4d-82vm2 1/1 Running 0 6m4s + hubble-system system-d48fdbc9-ffzq9 1/1 Running 0 6m8s + hubble-system system-d48fdbc9-sztrr 1/1 Running 0 6m8s + hubble-system timeseries-f465b4c99-8h8c7 1/1 Running 0 6m4s + hubble-system timeseries-f465b4c99-jlzlj 1/1 Running 0 6m3s + hubble-system timeseries-f465b4c99-z27d8 1/1 Running 0 6m3s + hubble-system user-697c6f8bf-fgwtp 1/1 Running 0 6m3s + hubble-system user-697c6f8bf-wcqxk 1/1 Running 0 6m3s + ingress-traefik traefik-ingress-controller-5dctd 1/1 Running 0 7m15s + ingress-traefik traefik-ingress-controller-tx6st 1/1 Running 0 7m16s + ingress-traefik traefik-ingress-controller-zf25w 1/1 Running 0 7m16s + jet-system jet-796fc87c5d-vpvtz 1/1 Running 0 4m1s + kube-system aws-node-8xqnx 2/2 Running 0 121m + kube-system aws-node-gtr64 2/2 Running 0 121m + kube-system aws-node-h7pdv 2/2 Running 0 121m + kube-system coredns-566b9b9d-hck47 1/1 Running 0 129m + kube-system coredns-566b9b9d-jpnrs 1/1 Running 0 129m + kube-system ebs-csi-controller-7dfbb6bd58-nwcjl 6/6 Running 0 113m + kube-system ebs-csi-controller-7dfbb6bd58-w8kxz 6/6 Running 0 113m + kube-system ebs-csi-node-9r6fk 3/3 Running 0 113m + kube-system ebs-csi-node-vp744 3/3 Running 0 113m + kube-system ebs-csi-node-xb69v 3/3 Running 0 113m + kube-system kube-proxy-59qgr 1/1 Running 0 121m + kube-system kube-proxy-krrzd 1/1 Running 0 121m + kube-system kube-proxy-lbsgp 1/1 Running 0 121m + ui-system spectro-ui-56749c5f84-98m89 1/1 Running 0 7m15s + ``` + +3. Verify the `hubble` release is deployed. + + ```shell + helm status hubble + ``` + + ```shell title="Example output" hideClipboard + NAME: hubble + LAST DEPLOYED: Thu Jun 18 18:33:18 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 1 + TEST SUITE: None + ``` + + + + \ No newline at end of file diff --git a/_partials/vertex/_palette-vmware-kubernetes-versions.mdx b/_partials/vertex/_palette-vmware-kubernetes-versions.mdx index e1bf38286b3..677c50f5575 100644 --- a/_partials/vertex/_palette-vmware-kubernetes-versions.mdx +++ b/_partials/vertex/_palette-vmware-kubernetes-versions.mdx @@ -5,6 +5,7 @@ partial_name: palette-vmware-kubernetes-versions | **Palette Version** | **Kubernetes Version** | **FIPS OVA Download URL** | | ------------------------------------------------------------ | ---------------------- | ------------------------------------------------------------------------------ | +| 4.9.22 | 1.34.9 | `https://vmwaregoldenimage.s3.amazonaws.com/u-2204-0-k-1349-fips.ova` | | 4.9.14 | 1.33.10 | `https://vmwaregoldenimage.s3.amazonaws.com/u-2204-0-k-13310-fips.ova` | | 4.9.5 | 1.33.10 | `https://vmwaregoldenimage.s3.amazonaws.com/u-2204-0-k-13310-fips.ova` | | 4.8.47 | 1.32.9 | `https://vmwaregoldenimage-console.s3.amazonaws.com/u-2004-0-k-1329-fips.ova` | diff --git a/docs/docs-content/architecture/override-capi-properties/aws-capi-override-reference.md b/docs/docs-content/architecture/override-capi-properties/aws-capi-override-reference.md index 8f69c3e0ecb..50f908a6b9d 100644 --- a/docs/docs-content/architecture/override-capi-properties/aws-capi-override-reference.md +++ b/docs/docs-content/architecture/override-capi-properties/aws-capi-override-reference.md @@ -7,10 +7,14 @@ hide_table_of_contents: false tags: ["architecture", "capi", "cluster api", "advanced configuration", "aws"] --- -This page provides examples and references for overriding Cluster API (CAPI) properties on AWS clusters. +This page provides examples and references for overriding Cluster API (CAPI) properties on AWS clusters using Cluster +API Provider AWS (CAPA). ## AWS IaaS +AWS IaaS clusters use the CAPA self-managed path. Cluster-level overrides target the `AWSCluster` resource, and +pool-level overrides target the `AWSMachineTemplate` resource. + | Level | CAPI Kind | API References | | ------- | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | | All | - | [CAPA Book - CRD Reference](https://cluster-api-aws.sigs.k8s.io/crd/)
    \*Use with caution as this reference guide is not semantically versioned. | @@ -41,6 +45,9 @@ awsCluster: #### Pool-Level +`AWSMachineTemplate` has an extra level of nesting. The spec wraps a `template`, which contains another `spec` field +that holds the actual machine configuration. All pool-level AWS IaaS overrides use this structure. + ```yaml title="Set network interface type and disable uncompressed user data" awsMachineTemplate: spec: @@ -80,3 +87,213 @@ override. | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `AWSCluster` | `partition`, `secondaryControlPlaneLoadBalancer` | | `AWSMachineTemplate` | `placementGroupName`, `tenancy`, dedicated host fields, `networkInterfaces` (beyond single-subnet pattern), `nonRootVolumes`, cloudInit/ignition blocks, `cpuOptions` (not available in v2.7.1), `privateDnsName`, `capacityReservationId` | + +## EKS + +Amazon EKS clusters use the CAPA managed-cluster path. Cluster-level overrides target the `AWSManagedControlPlane` +resource, and pool-level overrides target the `AWSManagedMachinePool` resource. + +| Level | CAPI Kind | API References | +| ------- | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| All | - | [CAPA Book - CRD Reference](https://cluster-api-aws.sigs.k8s.io/crd/)
    \*Use with caution as this reference guide is not semantically versioned. | +| Cluster | `AWSManagedControlPlane` | [v2.7.1 AWSManagedControlPlane API types](https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/v2.7.1/controlplane/eks/api/v1beta2/awsmanagedcontrolplane_types.go) | +| Pool | `AWSManagedMachinePool` | [v2.7.1 AWSManagedMachinePool API types](https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/v2.7.1/exp/api/v1beta2/awsmanagedmachinepool_types.go) | + +### Examples + +These examples demonstrate how to override CAPI properties using YAML directly targeting the underlying CAPA managed +resources. + +#### Cluster-Level + +```yaml title="Set additional tags on the cluster" +awsManagedControlPlane: + spec: + additionalTags: + env: "dev" +``` + +```yaml title="Enable control plane logging" +awsManagedControlPlane: + spec: + logging: + apiServer: true + audit: true +``` + +#### Pool-Level + +```yaml title="Set additional tags on the node pool" +awsManagedMachinePool: + spec: + additionalTags: + passthrough-pool: worker-pool-1 +``` + +```yaml title="Set the node group update configuration" +awsManagedMachinePool: + spec: + updateConfig: + maxUnavailable: 1 +``` + +### Node Pool Launch Template + +You can customize the launch template of an EKS managed node group by overriding the `awsLaunchTemplate` field of the +`AWSManagedMachinePool` resource. This lets you set properties such as a custom AMI, instance type, and additional +volumes. + +:::warning + +Before you override `awsLaunchTemplate`, you must +[Enable Nodepool Customization](../../clusters/public-cloud/aws/eks.md#cloud-configuration-settings). This option +directs Palette to provision the node group with a custom, user-managed launch template. Without it, the node group uses +a launch template that CAPA manages, and launch template fields are rejected. + +You can enable this option when you create the cluster (Day-0) or on an active cluster (Day-2). You do not need to +supply any values for the optional fields that appear when you click the **Enable Nodepool Customization** toggle. + +::: + +When you reference a custom AMI through `awsLaunchTemplate.ami.id`, also set the pool's `amiType` to `CUSTOM`. AWS +requires the node group AMI type to be `CUSTOM` whenever the launch template specifies an explicit image ID. + +```yaml title="Set a custom AMI, instance type, and data volume" +awsManagedMachinePool: + spec: + amiType: CUSTOM + awsLaunchTemplate: + ami: + id: ami-00b365be53e09d355 + instanceType: m5.2xlarge + nonRootVolumes: + - deviceName: /dev/sdf + size: 80 + type: gp3 +``` + +If you override `awsLaunchTemplate` while node pool customization is disabled, the override is rejected and a cluster +event similar to the following appears. + +```shell hideClipboard title="Example cluster event when node pool customization is disabled" +instanceType cannot be specified with a CAPA-managed launch template +``` + +### Node Pool AWS Tags + +You can apply AWS custom tags at the node pool level on EKS clusters by overriding the `additionalTags` field of the +`AWSManagedMachinePool` resource. This is useful for cost allocation, ownership, and automation tags that need to differ +per node pool, such as a per-customer or per-team tag on a dedicated pool. + +#### Cluster-Level and Node-Pool-Level Tags Are Additive + +EKS supports AWS tags at two levels, and the two sets are merged rather than replaced. + +| Level | Override Target | Applies To | +| ------------- | --------------------------------------- | ----------------------------------------------------------------------- | +| **Cluster** | `awsManagedControlPlane.additionalTags` | All resources that the cluster creates, including every node pool. | +| **Node pool** | `awsManagedMachinePool.additionalTags` | Only the managed node group for that pool and its associated resources. | + +:::info + +Node-pool-level tags are additive to the cluster-level tags. The resources for a node pool receive the union of both +sets. If the same key is set at both levels, the node-pool value takes precedence. + +::: + +##### Example + +Consider the following example overrides. + +```yaml title="Cluster-level override" +awsManagedControlPlane: + spec: + additionalTags: + env: prod +``` + +```yaml title="Node-pool-level override" +awsManagedMachinePool: + spec: + additionalTags: + customer: spectro +``` + +The managed node group for that pool, and its associated Auto Scaling group, receive both tags: + +- `env: prod` +- `customer: spectro` + +Other node pools that do not set `additionalTags` receive the cluster-level tag only (`env: prod`). + +#### Tag Propagation + +Tags resolved for a node pool are applied to the EKS managed node group and to the Auto Scaling group that backs it. +Amazon EKS and EC2 Auto Scaling then propagate Auto Scaling group tags to the EC2 instances launched in the pool, +according to the standard AWS tag-propagation rules. + +Cluster-level tags continue to apply to all cluster resources, such as the `AWSManagedControlPlane`, networking +resources, and every node pool, regardless of any node-pool overrides. + +#### Add, Update, and Delete Tags + +The override YAML is the source of truth for the tags at each level. Palette reconciles the resolved tag set onto the +node group and Auto Scaling group on each reconcile, so you manage tags by editing the override YAML. + +| Operation | How to perform it | +| ---------- | -------------------------------------------------------------------------------------------------- | +| **Add** | Add the key/value pair under `additionalTags`. | +| **Update** | Change the value of an existing key under `additionalTags`. | +| **Delete** | Remove the key from `additionalTags`. The tag is removed from the resources on the next reconcile. | + +#### Supported Tag Formats + +Palette does not validate tag keys or values against AWS constraints. Tags must conform to the +[AWS tag requirements](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html), such as the per-resource +tag limit and the key and value length and character restrictions. + +Avoid the following reserved prefixes that AWS and EKS manage: + +- `aws:` +- `kubernetes.io/` +- `eks:` + +AWS rejects an invalid tag during reconciliation, and the failure surfaces as a warning cluster event. Refer to +[Error Handling](./override-capi-properties.md#error-handling) for details. + +#### Day-0 and Day-2 Workflows + +You can set node-pool tags when you create a cluster (Day-0) or on a running cluster (Day-2). + +- **Day-0** - Provide the node-pool override YAML in the node pool configuration before you deploy the cluster. The + resolved tags are applied when the managed node group is created. + +- **Day-2** - Edit the node-pool override YAML on the running cluster. Palette reconciles the change onto the existing + node group. + + :::warning + + On EKS, any override change to a node pool, including a tag-only change, triggers a rolling upgrade (repave) of that + pool, which temporarily reduces pool capacity. Plan Day-2 tag changes during a maintenance window. Refer to + [Repave Behavior](./override-capi-properties.md#repave-behavior) for details. + + ::: + +### Unsupported First-Class Properties + +:::info + +Learn more about the difference between first-class properties and override properties in the +[First-Class Support vs. Override](./override-capi-properties.md#first-class-support-vs-override) section. + +::: + +The following properties are not exposed as first-class properties in the +[supported interfaces for Palette](./override-capi-properties.md#supported-interfaces) but can be configured using +override. + +| CAPA Resource Type | Properties | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `AWSManagedControlPlane` | `secondaryCidrBlock`, `partition`, `imageLookupFormat`, `imageLookupOrg`, `imageLookupBaseOS`, `tokenMethod`, `restrictPrivateSubnets`, `vpcCni.env`, `addons` | +| `AWSManagedMachinePool` | `availabilityZoneSubnetType`, `amiVersion`, `labels`, `taints`, `providerIDList`, `remoteAccess.sourceSecurityGroups`, `remoteAccess.public`, `awsLaunchTemplate` (partial support) | +| `AWSFargateProfile` | `role` | diff --git a/docs/docs-content/architecture/override-capi-properties/azure-capi-override-reference.md b/docs/docs-content/architecture/override-capi-properties/azure-capi-override-reference.md index c0b6fdd95b8..e26f2fbb6d4 100644 --- a/docs/docs-content/architecture/override-capi-properties/azure-capi-override-reference.md +++ b/docs/docs-content/architecture/override-capi-properties/azure-capi-override-reference.md @@ -10,8 +10,77 @@ tags: ["architecture", "capi", "cluster api", "advanced configuration", "azure"] This page provides examples and references for overriding Cluster API (CAPI) properties on Azure clusters using Cluster API Provider Azure (CAPZ). +## Azure IaaS + +Self-managed Azure IaaS clusters use the CAPZ self-managed path. Cluster-level overrides target the `AzureCluster` +resource, and pool-level overrides target the `AzureMachineTemplate` resource. + +| Level | CAPI Kind | API References | +| ------- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| All | - | [CAPZ Book - API Reference](https://capz.sigs.k8s.io/reference/reference)
    \*Use with caution as this reference guide is not semantically versioned. | +| Cluster | `AzureCluster` | [v1.18.0 AzureCluster API types](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/v1.18.0/api/v1beta1/azurecluster_types.go) | +| Pool | `AzureMachineTemplate` | [v1.18.0 AzureMachineTemplate API types](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/v1.18.0/api/v1beta1/azuremachinetemplate_types.go) | + +### Examples + +These examples demonstrate how to override CAPI properties using YAML directly targeting the underlying CAPZ +self-managed resources. + +#### Cluster-Level + +```yaml title="Set additional tags on the cluster" +azureCluster: + spec: + additionalTags: + env: day0 + owner: Anu +``` + +#### Pool-Level + +`AzureMachineTemplate` has an extra level of nesting. The spec wraps a `template`, which contains another `spec` field +that holds the actual machine configuration. All pool-level Azure IaaS overrides use this structure. + +```yaml title="Set the VM size" +azureMachineTemplate: + spec: + template: + spec: + vmSize: Standard_D4s_v3 +``` + +```yaml title="Set the OS disk size" +azureMachineTemplate: + spec: + template: + spec: + osDisk: + diskSizeGB: 128 +``` + +### Unsupported First-Class Properties + +:::info + +Learn more about the difference between first-class properties and override properties in the +[First-Class Support vs. Override](./override-capi-properties.md#first-class-support-vs-override) section. + +::: + +The following properties are not exposed as first-class properties in the +[supported interfaces for Palette](./override-capi-properties.md#supported-interfaces) but can be configured using +override. + +| CAPZ Resource Type | Properties | +| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `AzureCluster` | `bastionSpec`, `controlPlaneEnabled`, `controlPlaneEndpoint`, `extendedLocation`, `cloudProviderConfigOverrides`, `failureDomains`, `additionalTags` | +| `AzureMachineTemplate` | `providerID`, `failureDomain`, `userAssignedIdentities`, `systemAssignedIdentityRole`, `dataDisks`, `additionalTags`, `additionalCapabilities`, `allocatePublicIP`, `enableIPForwarding`, `diagnostics`, `securityProfile.securityType`, `securityProfile.uefiSettings`, `additionalCapabilities.ultraSSDEnabled` | + ## Azure AKS +Azure AKS clusters use the CAPZ managed path. Cluster-level overrides target the `AzureManagedControlPlane` resource, +and pool-level overrides target the `AzureManagedMachinePool` resource. + | Level | CAPI Kind | API References | | ------- | -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | All | - | [CAPZ Book - API Reference](https://capz.sigs.k8s.io/reference/reference)
    \*Use with caution as this reference guide is not semantically versioned. | diff --git a/docs/docs-content/architecture/override-capi-properties/cloudstack-capi-override-reference.md b/docs/docs-content/architecture/override-capi-properties/cloudstack-capi-override-reference.md new file mode 100644 index 00000000000..9ddf6304858 --- /dev/null +++ b/docs/docs-content/architecture/override-capi-properties/cloudstack-capi-override-reference.md @@ -0,0 +1,81 @@ +--- +sidebar_label: "CloudStack CAPI Override Reference" +title: "CloudStack CAPI Override Reference" +description: "Discover examples and references for overriding CAPI properties on CloudStack clusters." +icon: "" +hide_table_of_contents: false +tags: ["architecture", "capi", "cluster api", "advanced configuration", "cloudstack"] +--- + +This page provides examples and references for overriding Cluster API (CAPI) properties on Apache CloudStack clusters +using the Cluster API Provider CloudStack (CAPC). + +## CloudStack + +Cluster-level overrides target the `CloudStackCluster` resource, and pool-level overrides target the +`CloudStackMachineTemplate` resource. + +| Level | CAPI Kind | API References | +| ------- | --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| All | - | [CAPC Book](https://cluster-api-cloudstack.sigs.k8s.io/)
    \*Use with caution as this reference guide is not semantically versioned. | +| Cluster | `CloudStackCluster` | [v0.6.1 CloudStackCluster API types](https://github.com/kubernetes-sigs/cluster-api-provider-cloudstack/blob/v0.6.1/api/v1beta3/cloudstackcluster_types.go) | +| Pool | `CloudStackMachineTemplate` | [v0.6.1 CloudStackMachineTemplate API types](https://github.com/kubernetes-sigs/cluster-api-provider-cloudstack/blob/v0.6.1/api/v1beta3/cloudstackmachinetemplate_types.go) | + +### Examples + +These examples demonstrate how to override CAPI properties using YAML directly targeting the underlying CAPC resources. + +:::info + +`CloudStackMachineTemplate` has an extra level of nesting. The spec wraps a `template`, which contains another `spec` +field that holds the actual machine configuration. All pool-level CloudStack overrides use this structure. + +::: + +#### Cluster-Level + +```yaml title="Sync the cluster with CloudStack Kubernetes Service (CKS)" +cloudStackCluster: + spec: + syncWithACS: true +``` + +#### Pool-Level + +`cloudstackMachineTemplate` has an extra level of nesting. The spec wraps a `template`, which contains another `spec` +field that holds the actual machine configuration. All pool-level CloudStack overrides use this structure. + +:::warning + +The pool-level top-level key is `cloudstackMachineTemplate` with a lowercase `s`, unlike the cluster-level +`cloudStackCluster` key. + +::: + +```yaml title="Set the SSH key and compute offering" +cloudstackMachineTemplate: + spec: + template: + spec: + sshKey: my-ssh-key + offering: + name: compute-offering-2 +``` + +### Unsupported First-Class Properties + +:::info + +Learn more about the difference between first-class properties and override properties in the +[First-Class Support vs. Override](./override-capi-properties.md#first-class-support-vs-override) section. + +::: + +The following properties are not exposed as first-class properties in the +[supported interfaces for Palette](./override-capi-properties.md#supported-interfaces) but can be configured using +override. + +| CAPC Resource Type | Properties | +| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `CloudStackCluster` | None | +| `CloudStackMachineTemplate` | `affinity`, `cloudstackAffinityRef`, `uncompressedUserData`, `diskOffering.mountPath`, `diskOffering.device`, `diskOffering.filesystem`, `diskOffering.label` | diff --git a/docs/docs-content/architecture/override-capi-properties/override-capi-properties.md b/docs/docs-content/architecture/override-capi-properties/override-capi-properties.md index a64fe3f1abb..26daeaebb08 100644 --- a/docs/docs-content/architecture/override-capi-properties/override-capi-properties.md +++ b/docs/docs-content/architecture/override-capi-properties/override-capi-properties.md @@ -34,10 +34,13 @@ Use with caution and test changes in a non-production environment first. Overriding CAPI properties is currently supported for the following infrastructure types. Override fields must be valid for the listed provider API version. -| Provider | CAPI Implementation | Version | Reference Docs | -| --------- | ------------------- | --------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| AWS IaaS | CAPA | [v2.7.1](https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases/tag/v2.7.1) | - [CAPA book](https://cluster-api-aws.sigs.k8s.io/)
    - [v2.7.1 AWSCluster Types](https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/v2.7.1/api/v1beta2/awscluster_types.go)
    - [v2.7.1 AWSMachineTemplate Types](https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/v2.7.1/api/v1beta2/awsmachinetemplate_types.go) | -| Azure AKS | CAPZ | [v1.18.0](https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/tag/v1.18.0) | - [CAPZ book](https://capz.sigs.k8s.io/)
    - [v1.18.0 AzureManagedControlPlane Types](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/v1.18.0/api/v1beta1/azuremanagedcontrolplane_types.go)
    - [v1.18.0 AzureManagedMachinePool Types](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/v1.18.0/api/v1beta1/azuremanagedmachinepool_types.go) | +| Provider | CAPI Implementation | Version | Reference Docs | +| ---------- | ------------------- | ------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| AWS IaaS | CAPA | [v2.7.1](https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases/tag/v2.7.1) | - [CAPA book](https://cluster-api-aws.sigs.k8s.io/)
    - [v2.7.1 AWSCluster Types](https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/v2.7.1/api/v1beta2/awscluster_types.go)
    - [v2.7.1 AWSMachineTemplate Types](https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/v2.7.1/api/v1beta2/awsmachinetemplate_types.go) | +| AWS EKS | CAPA | [v2.7.1](https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases/tag/v2.7.1) | - [CAPA book](https://cluster-api-aws.sigs.k8s.io/)
    - [v2.7.1 AWSManagedControlPlane Types](https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/v2.7.1/controlplane/eks/api/v1beta2/awsmanagedcontrolplane_types.go)
    - [v2.7.1 AWSManagedMachinePool Types](https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/v2.7.1/exp/api/v1beta2/awsmanagedmachinepool_types.go) | +| Azure IaaS | CAPZ | [v1.18.0](https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/tag/v1.18.0) | - [CAPZ book](https://capz.sigs.k8s.io/)
    - [v1.18.0 AzureCluster Types](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/v1.18.0/api/v1beta1/azurecluster_types.go)
    - [v1.18.0 AzureMachineTemplate Types](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/v1.18.0/api/v1beta1/azuremachinetemplate_types.go) | +| Azure AKS | CAPZ | [v1.18.0](https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/tag/v1.18.0) | - [CAPZ book](https://capz.sigs.k8s.io/)
    - [v1.18.0 AzureManagedControlPlane Types](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/v1.18.0/api/v1beta1/azuremanagedcontrolplane_types.go)
    - [v1.18.0 AzureManagedMachinePool Types](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/v1.18.0/api/v1beta1/azuremanagedmachinepool_types.go) | +| CloudStack | CAPC | [v0.6.1](https://github.com/kubernetes-sigs/cluster-api-provider-cloudstack/releases/tag/v0.6.1) | - [CAPC book](https://cluster-api-cloudstack.sigs.k8s.io/)
    - [v0.6.1 CloudStackCluster Types](https://github.com/kubernetes-sigs/cluster-api-provider-cloudstack/blob/v0.6.1/api/v1beta3/cloudstackcluster_types.go)
    - [v0.6.1 CloudStackMachineTemplate Types](https://github.com/kubernetes-sigs/cluster-api-provider-cloudstack/blob/v0.6.1/api/v1beta3/cloudstackmachinetemplate_types.go) | ## Supported Interfaces @@ -127,6 +130,14 @@ The following table lists example top-level keys and nested keys. | `AzureManagedMachinePool` | `azureManagedMachinePool` | | `VMSwappiness` | `vmSwappiness` | +:::info + +An exception to the camelCase rule is `CloudStackMachineTemplate`, which uses a lowercase `s` in the top-level key +(`cloudstackMachineTemplate`). This is a historical artifact and requires special attention when constructing override +YAML for CloudStack. + +::: + You can learn about the available CAPI kinds, nested keys, and their structure by reviewing the [reference docs](#supported-providers) for the target CAPI provider. For example, to find the key for control plane load balancer type on AWS, review the `AWSCluster` API types and look for the relevant field. @@ -153,14 +164,27 @@ construct valid override YAML, use the following steps. Use the CAPI Kind for your target resource, converted to [camelCase](#key-format). - ```yaml hideClipboard + ```yaml hideClipboard title="Example top-level key for AWSCluster" awsCluster: ``` - ```yaml hideClipboard + ```yaml hideClipboard title="Example top-level key for AzureManagedMachinePool" azureManagedMachinePool: ``` +
    + + Note on CloudStackMachineTemplate top-level key + + An exception to the camelCase rule is `CloudStackMachineTemplate`, which uses a lowercase `s` in the top-level key + (`cloudstackMachineTemplate`). + + ```yaml hideClipboard title="Example top-level key for CloudStackMachineTemplate" + cloudstackMachineTemplate: + ``` + +
    + 2. Add `spec`. All configurable properties sit under `spec`. Your YAML always begins with the top-level key followed by `spec`. @@ -227,15 +251,13 @@ construct valid override YAML, use the following steps. Fields defined in `AzureManagedControlPlaneClassSpec` appear directly under `azureManagedControlPlane.spec`, without an additional nesting key. -
    - - Note on `AWSMachineTemplate` nesting +6. For node pool overrides on self-managed clusters, apply the extra `template` nesting. - `AWSMachineTemplate` has an extra level of nesting compared to other resources. The spec wraps a `template`, which - contains another `spec` field that holds the actual machine configuration (`AWSMachineSpec`). All pool-level AWS - overrides use this structure. + Self-managed clusters (for example, AWS IaaS) back their node pools with a machine template resource. These machine + template specs wrap the actual machine configuration in a `template` field, so pool-level overrides require an + additional `template` level in the YAML. - ```yaml hideClipboard + ```yaml hideClipboard title="Example AWSMachineTemplate override YAML with nested template field" awsMachineTemplate: spec: template: @@ -243,8 +265,6 @@ construct valid override YAML, use the following steps. instanceType: m5.xlarge ``` -
    - ## Important Behaviors Before overriding CAPI properties, review the following behaviors that apply when you configure a cluster or node pool. @@ -257,11 +277,22 @@ Overriding CAPI properties on an existing cluster is likely to trigger a [node pool repave](../../clusters/cluster-management/node-pool.md#repave-behavior-and-configuration), which temporarily reduces cluster capacity. Plan override changes during a maintenance window. -- **AKS** - Any override change triggers a rolling upgrade, even for parameters that would otherwise support inline - updates. +- **Azure AKS** & **AWS EKS** - Any override change to a node pool triggers a rolling upgrade of that pool, even for + parameters that would otherwise support inline updates. ::: +When you _disable_ the **Override Cluster API node pool configuration** toggle on a node pool that already has an +override, Palette reverts the overridden fields to the values it manages natively. This might trigger a repave of the +node pool, depending on which fields change. + +- A repave occurs if the reversion changes a field that Palette uses to decide when to repave a node pool. Palette + maintains a fixed, provider-specific list of repave-triggering fields. For example, on AWS IaaS, these fields include + the instance type, SSH key name, root volume size, and AMI ID. + +- A repave does not occur if the reversion changes only fields that are not repave-triggering, such as metadata. For + example, AWS additional tags and CloudStack details are not on the list, so reverting them does not trigger a repave. + ### Override Always Wins Override values take precedence over values from all other input sources, such as: @@ -330,4 +361,6 @@ Failed to get/apply cloudconfig from hubble. admission webhook "vawscloudconfig. - [AWS CAPI Override Reference](./aws-capi-override-reference.md) -- [Azure AKS CAPI Override Reference](./azure-capi-override-reference.md) +- [Azure CAPI Override Reference](./azure-capi-override-reference.md) + +- [CloudStack CAPI Override Reference](./cloudstack-capi-override-reference.md) diff --git a/docs/docs-content/audit-logs/audit-logs.md b/docs/docs-content/audit-logs/audit-logs.md index fe935704449..7e975686daa 100644 --- a/docs/docs-content/audit-logs/audit-logs.md +++ b/docs/docs-content/audit-logs/audit-logs.md @@ -7,9 +7,8 @@ sidebar_custom_props: icon: "admin" --- -The Spectro Cloud management platform application captures audit logs to track the user interaction with the application -resources along with the timeline. For certain resources, the system-level modifications are also captured in the audit -logs. +Palette captures audit logs to track user interaction with the application resources along with the timeline. For +certain resources, the system-level modifications are also captured in the audit logs. The audit log contains information about the resource and the user who performed the action. The user or the system action on the resource is classified as _Create_, _Update_, and _Delete_. Every resource is categorized as a type that @@ -24,10 +23,10 @@ across all projects and tenant actions. The project scope audits show the activi 2. Select a project to view project scope audit logs or select **Tenant Admin** to view tenant scope audit logs. - - Users must have the **Project Viewer** role with `audit.get` and `audit.list` permissions for the selected project - to access the audit logs. - - Users must have the **Tenant Admin** role or the `audit.get` and `audit.list` permissions at the tenant scope to - access the audit logs. + - The **Project Viewer** role with `audit.get` and `audit.list` permissions for the selected project are required to + access the project scope audit logs. + - The **Tenant Admin** role or the `audit.get` and `audit.list` permissions at the tenant scope are required to + access the tenant scope audit logs. 3. Navigate to the left main menu and select **Audit Logs**. @@ -47,14 +46,28 @@ For certain resources, like cluster profiles, you can associate a custom update event log. On a successful save of a cluster profile, you will be prompted to provide an update note about the changes made to the profile. This message will be shown when you select an audit log from the list. -## Push Audit Trails to Amazon CloudWatch +## Push Audit Trails to Amazon CloudWatch or Splunk You can push the compliance, management, operational, and risk audit logs to -[Amazon CloudWatch](https://aws.amazon.com/cloudwatch/). This enables continuous monitoring, security analysis, resource -tracking, and troubleshooting of the workload cluster using the event history. +[Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) or +[Splunk](https://help.splunk.com/en/splunk-observability-cloud/get-started). This enables continuous monitoring, +security analysis, resource tracking, and troubleshooting of the workload cluster using the event history. ### Prerequisites + + + + +Configure a HTTP Event Collector (HEC) in Splunk before configuring a Palette audit trail. + +Refer to the +[Set up and use HTTP Event Collector in Splunk Web](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/10.4/get-data-with-http-event-collector/set-up-and-use-http-event-collector-in-splunk-web) +guide for more information. + + + + Ensure that the IAM user or the ROOT user role created has the following IAM policy included for Amazon CloudWatch. ```json @@ -77,6 +90,10 @@ Ensure that the IAM user or the ROOT user role created has the following IAM pol } ``` + + + + ### Enablement 1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. @@ -88,8 +105,28 @@ Ensure that the IAM user or the ROOT user role created has the following IAM pol 4. Fill in the following details. + + + + + - **Audit Name**: Custom name to identify the logs. + - **Type**: Choice of monitoring service. Select **Splunk**. + - **HEC endpoint**: HEC URL retrieved from the Splunk console. + - **Token**: HEC token retrieved from the Splunk console. + - **Advanced Configuration**: Provide optional configuration for log routing and security. + - **Index**: Route logs to a specific Splunk index. Leave blank to use the token default. + - **Source**: Set a custom source identifier for easier filtering in Splunk searches. Leave blank to use the + default. + - **Certificate**: Upload your server’s certificate if your Splunk instance uses a self-signed certificate. + - **TLS Verification**: Enabled by default. Disable if your endpoint uses a self-signed certificate and you choose + not to upload it. + + + + + - **Audit Name**: Custom name to identify the logs. - - **Type**: Choice of monitoring service. Currently, CloudWatch is available. + - **Type**: Choice of monitoring service. Select **CloudWatch**. - **Group**: The log group name obtained from CloudWatch logs for audit trail creation. - **Region**: The region of the AWS account. - **Credentials** : Use an **Access Key** and **Secret Access Key** to validate the AWS account for pushing the audit @@ -98,7 +135,13 @@ Ensure that the IAM user or the ROOT user role created has the following IAM pol from Palette. - **Stream (Optional)**: CloudWatch log stream for audit trail creation. -5. Select **Confirm** to complete the audit trail configuration. Audit trails can be edited and deleted using the + + + + +5. Select **Validate** to verify your configuration. + +6. Select **Confirm** to complete the audit trail configuration. Audit trails can be edited and deleted using the **three-dot Menu**. ## Resources diff --git a/docs/docs-content/automation/palette-cli/install-palette-cli.md b/docs/docs-content/automation/palette-cli/install-palette-cli.md index bf66fda2447..92899e5a1af 100644 --- a/docs/docs-content/automation/palette-cli/install-palette-cli.md +++ b/docs/docs-content/automation/palette-cli/install-palette-cli.md @@ -68,7 +68,7 @@ palette version ```shell hideClipboard -Palette CLI version: 4.9.5 +Palette CLI version: 4.9.8 ``` ## Next Steps diff --git a/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md b/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md index 43d63d83a89..348c73df978 100644 --- a/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md +++ b/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md @@ -149,14 +149,14 @@ cloud account. 4. Fill out the input fields listed in the table below. - | **Configuration Field** | **Value** | - | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | **Location Name** | Provide a name of your choice. | - | **Location Provider** | Select AWS from the **drop-down** Menu. | - | **Certificate** | Provide the CA bundle in PEM format if you are using a custom certificate bundle to establish SSL/TLS sessions. | - | **S3 Bucket** | The name of the S3 bucket you created in the object store. The bucket name must be DNS-compliant. For more information, refer to the [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) defined by AWS. | - | **Region** | Region where the S3 bucket is hosted. You can check region codes in the [Service endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region) section in the AWS documentation. | - | **S3 URL** | Optional S3 URL. If you choose to provide a value, refer to the [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html#virtual-host-style-url-ex) guide to determine the bucket URL and select the **Force S3 path style** checkbox. | + | **Configuration Field** | **Value** | + | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | **Location Name** | Provide a name of your choice. | + | **Location Provider** | Select AWS from the **drop-down** Menu. | + | **Certificate** | Provide the CA bundle in PEM format if you are using a custom certificate bundle to establish SSL/TLS sessions. | + | **S3 Bucket** | The name of the S3 bucket you created in the object store. The bucket name must be DNS-compliant. For more information, refer to the [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) defined by AWS. | + | **Region** | Region where the S3 bucket is hosted. You can check region codes in the [Service endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region) section in the AWS documentation. | + | **Endpoint URL** | Optional bucket URL. If you choose to provide a value, refer to the [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html#virtual-host-style-url-ex) guide to determine the bucket URL and select the **Force S3 path style** checkbox. | 5. Next, choose the **STS** authentication method. When you choose the STS authentication method, you must create a new IAM role and provide its Amazon Resource Name (ARN) to Palette. Check out the @@ -523,14 +523,14 @@ multiple cloud accounts. 4. Fill out the input fields listed in the table below. - | **Configuration Field** | **Value** | - | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | **Location Name** | Provide a name of your choice. | - | **Location Provider** | Select AWS from the **drop-down** Menu. | - | **Certificate** | Optional service provider x509 certificate. | - | **S3 Bucket** | The S3 bucket name you created in the object store. The bucket name must be DNS-compliant. For more information, refer to the [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) defined by AWS. | - | **Region** | Region where the S3 bucket is hosted. You can check the region code from the [Service endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region) section in the AWS documentation. | - | **S3 URL** | Optional S3 bucket URL. If you provide a value, refer to the [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html#virtual-host-style-url-ex) guide to determine the bucket URL, and select the **Force S3 path style** checkbox. | + | **Configuration Field** | **Value** | + | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | **Location Name** | Provide a name of your choice. | + | **Location Provider** | Select AWS from the **drop-down** Menu. | + | **Certificate** | Optional service provider x509 certificate. | + | **S3 Bucket** | The S3 bucket name you created in the object store. The bucket name must be DNS-compliant. For more information, refer to the [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) defined by AWS. | + | **Region** | Region where the S3 bucket is hosted. You can check the region code from the [Service endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region) section in the AWS documentation. | + | **Endpoint URL** | Optional bucket URL. If you provide a value, refer to the [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html#virtual-host-style-url-ex) guide to determine the bucket URL, and select the **Force S3 path style** checkbox. | 5. Next, choose the **STS** authentication method. When you choose the STS authentication method, you must create a new IAM role and provide its Amazon Resource Name (ARN) to Palette. Check out the diff --git a/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-static.md b/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-static.md index 79275b43c1c..078e0d46ac2 100644 --- a/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-static.md +++ b/docs/docs-content/clusters/cluster-management/backup-restore/add-backup-location-static.md @@ -27,7 +27,7 @@ The following sections provide detailed instructions. Select the environment whe - [GCP](#gcp) -- [MinIO](#minio) +- [S3 Compatible Storage](#s3-compatible-storage) - [Azure](#azure) @@ -121,14 +121,14 @@ The following sections provide detailed instructions. Select the environment whe 4. Fill out the input fields listed in the table below. - | **Configuration Field** | **Value** | - | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | **Location Name** | Provide a name of your choice. | - | **Location Provider** | Select AWS from the **drop-down** Menu. | - | **Certificate** | Provide the CA bundle in PEM format if you are using a custom certificate bundle to establish SSL/TLS sessions. | - | **S3 Bucket** | Name of the S3 bucket you created in the object store. The bucket name must be DNS-compliant. For more information, refer to the [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) defined by AWS. | - | **Region** | Region where the S3 bucket is hosted. You can check the region code from the [Service endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region) section in the AWS documentation. | - | **S3 URL** | Optional bucket URL. If you choose to provide a value, refer to the [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html#virtual-host-style-url-ex) guide to determine the bucket URL. If you provided an S3 URL, enable the **Force S3 path style** checkbox. | + | **Configuration Field** | **Value** | + | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | + | **Location Name** | Provide a name of your choice. | + | **Location Provider** | Select AWS from the **drop-down** Menu. | + | **Certificate** | Provide the CA bundle in PEM format if you are using a custom certificate bundle to establish SSL/TLS sessions. | + | **S3 Bucket** | Name of the S3 bucket you created in the object store. The bucket name must be DNS-compliant. For more information, refer to the [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) defined by AWS. | + | **Region** | Region where the S3 bucket is hosted. You can check the region code from the [Service endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region) section in the AWS documentation. | + | **Endpoint URL** | Optional bucket URL. If you choose to provide a value, refer to the [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html#virtual-host-style-url-ex) guide to determine the bucket URL. If you provide an endpoint URL, select the **Force S3 path style** checkbox. | 5. Next, choose the _Credentials_ validation method. If you want to use dynamic credentials through the AWS STS service, refer to the [Add a Backup Location using Dynamic Credentials](add-backup-location-dynamic.md) for guided @@ -215,33 +215,45 @@ Use the following steps to validate adding the new backup location. 4. Search for the newly added backup location in the list. The presence of the backup location validates that you successfully added a new backup location. -## MinIO +## S3 Compatible Storage + +You can use any S3-compatible object storage, such as MinIO or NetApp StorageGRID, as a backup location. The following +steps use MinIO as an example. If you use a different S3-compatible provider, refer to your provider's documentation for +the equivalent account, bucket, and access key configuration. + +:::info + +This backup location was previously named **MinIO**. Backup locations that you created under the **MinIO** label +continue to work and appear under the **S3 Compatible Storage** label after the upgrade, with all their settings +preserved. + +::: ### Prerequisites -- A MinIO account. +- An account with an S3-compatible storage provider, such as MinIO. -- An S3-compliant bucket in the MinIO account. +- An S3-compliant bucket in your storage account. -- IAM policy in your MinIO account to authorize a MinIO user to perform the required read and write operations on the - MinIO bucket. MinIO uses Policy-Based Access Control (PBAC) to control which IAM identities can access the resources - and what actions the IAM identities are authorized to perform on the specific resources. Refer to the +- An IAM policy that authorizes a user to perform the required read and write operations on the bucket. For example, + MinIO uses Policy-Based Access Control (PBAC) to control which IAM identities can access the resources and what + actions the IAM identities are authorized to perform on the specific resources. Refer to the [MinIO Access Management](https://min.io/docs/minio/linux/administration/identity-access-management/policy-based-access-control.html#access-management) guide to learn more about the IAM policy requirements. -- A MinIO user assigned to the IAM policy defined above. You can learn more about MinIO access management in the +- A user assigned to the IAM policy defined above. To learn more about MinIO access management, refer to the [MinIO object storage for Kubernetes](https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html) documentation. -- An access key for the MinIO user. You can create an access key from the MinIO console. Refer to the +- An access key for the user. For MinIO, you can create an access key from the MinIO console. Refer to the [MinIO official documentation](https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#access-keys) to learn about creating access keys. - If you are using a custom Certificate Authority (CA) for SSL/TLS connections, provide the x509 certificate in - Privacy-Enhanced Mail (PEM) format to Palette. This is required if the MinIO endpoint is using a self-signed + Privacy-Enhanced Mail (PEM) format to Palette. This is required if the storage endpoint is using a self-signed certificate. -### Add a MinIO Bucket +### Add an S3 Compatible Storage Bucket 1. Log in to [Palette](https://console.spectrocloud.com/). @@ -254,22 +266,21 @@ Use the following steps to validate adding the new backup location. | **Field** | **Value** | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Location Name** | Provide a name of your choice. | - | **Location Provider** | Select MinIO from the drop-down field. | + | **Location Provider** | Select **S3 Compatible Storage** from the drop-down menu. | | **Certificate** | Provide the CA bundle in PEM format if you are using a custom certificate bundle to establish SSL/TLS sessions. This is required for endpoints using a self-signed certificate. | - | **S3 Bucket** | The name of the S3 bucket you created in the MinIO object store. | - | **Region** | The region where the MinIO server is configured. Example: `us-east-1` | - | **S3 URL** | The MinIO object storage console URL. Example: `http://12.123.234.567:0000` | - | **Force S3 path style** | This value is required for MinIO. | + | **S3 Bucket** | The name of the S3 bucket you created in the object store. | + | **Region** | The region where the storage server is configured. Example: `us-east-1` | + | **Endpoint URL** | The endpoint URL of your S3-compatible object storage. For MinIO, this is the object storage console URL. Example: `http://12.123.234.567:0000` | + | **Force S3 path style** | This value is required for S3-compatible storage. | :::warning - Ensure you check the **Force S3 path style** checkbox. S3 path style is required by Velero to access the MinIO object + Ensure you select the **Force S3 path style** checkbox. S3 path style is required by Velero to access the object storage. Palette uses [Velero](https://velero.io/docs) to create backups. ::: -5. Next, provide the access key for the MiniIO user. The access key has two parts - the _access key ID_ and the _secret - key_. +5. Next, provide the access key for the user. The access key has two parts - the _access key ID_ and the _secret key_. 6. Click on the **Create** button. diff --git a/docs/docs-content/clusters/cluster-management/backup-restore/backup-restore.md b/docs/docs-content/clusters/cluster-management/backup-restore/backup-restore.md index 9f09e58dc7a..790bd54e98c 100644 --- a/docs/docs-content/clusters/cluster-management/backup-restore/backup-restore.md +++ b/docs/docs-content/clusters/cluster-management/backup-restore/backup-restore.md @@ -59,7 +59,7 @@ object storage solutions as backup locations. - Google Cloud Platform (GCP) bucket -- MinIO S3 bucket +- S3 Compatible Storage, such as a MinIO bucket - Azure blob storage @@ -82,12 +82,12 @@ credentials for all cloud service providers. You can also use dynamic credential Review the table below to learn more about what cloud providers and credentials methods are supported. -| **Service Provider** | **Static Credentials Support** | **Dynamic Credentials Support** | -| -------------------- | ------------------------------ | ------------------------------- | -| AWS | ✅ | ✅ | -| GCP | ✅ | ❌ | -| MinIO | ✅ | ❌ | -| Azure | ✅ | ❌ | +| **Service Provider** | **Static Credentials Support** | **Dynamic Credentials Support** | +| --------------------- | ------------------------------ | ------------------------------- | +| AWS | ✅ | ✅ | +| GCP | ✅ | ❌ | +| S3 Compatible Storage | ✅ | ❌ | +| Azure | ✅ | ❌ | To learn more about adding a backup location, check out the [Add a Backup Location using Static Credentials](/clusters/cluster-management/backup-restore/add-backup-location-static) diff --git a/docs/docs-content/clusters/cluster-management/certificate-management.md b/docs/docs-content/clusters/cluster-management/certificate-management.md index 0894009d5cc..78acbbca877 100644 --- a/docs/docs-content/clusters/cluster-management/certificate-management.md +++ b/docs/docs-content/clusters/cluster-management/certificate-management.md @@ -9,7 +9,9 @@ tags: ["clusters", "cluster management"] In Kubernetes, Public Key Infrastructure (PKI) certificates are used to secure communications and authenticate components within the cluster. Certificates have an expiry date and need to be renewed periodically. You can view the -issue and expiry date of the cluster by click on **View K8s Certificates** in the cluster details page. +issue and expiry date of the cluster by clicking on **View K8s Certificates** in the cluster details page. Palette lists +all control plane PKI certificates that it includes in its automatic renewal cycle, including the kubeconfig-embedded +client certificates, the etcd peer and health-check certificates, and the kubelet client and serving certificates. This page focuses on how to renew the PKI certificates through Palette. You have two options for how you can renew the cluster PKI certificates: @@ -107,11 +109,11 @@ method, using the Palette UI or the API. 4. From the cluster details page, click on **View K8s Certificates**. -![A view of the Palette UI with an arrow pointing to the **View K8s Certificates** button.](/clusters_cluster-management_certificate-management_cluster-details-page.webp) + ![A view of the Palette UI with an arrow pointing to the **View K8s Certificates** button.](/certificate-management_cluster-details-page.webp) 5. Next, select **Renew All** to start the renewal process. -![A view of the cluster certificates displaying the expiration date](/clusters_cluster-management_certificate-management_certificate-renew-page.webp) + ![A view of the cluster certificates displaying the expiration date](/certificate-management_certificate-renew-page.webp) The renewal process may take several minutes, depending on the number of cluster nodes. @@ -248,47 +250,71 @@ Using the following steps, you can validate that the cluster's PKI certificates { "certificates": [ { - "expiry": "2024-05-23T16:51:05.000Z", + "expiry": "2027-06-09T16:51:05.000Z", "name": "front-proxy-client" } ], - "expiry": "2033-05-23T16:45:22.209Z", + "expiry": "2036-06-09T16:45:22.209Z", "name": "front-proxy-ca" }, { "certificates": [ { - "expiry": "2024-05-23T16:51:05.000Z", - "name": "kube-apiserver" + "expiry": "2027-06-09T16:51:05.000Z", + "name": "apiserver" }, { - "expiry": "2024-05-23T16:51:05.000Z", - "name": "kube-apiserver-kubelet-client" + "expiry": "2027-06-09T16:51:05.000Z", + "name": "apiserver-kubelet-client" + }, + { + "expiry": "2027-06-09T16:51:05.000Z", + "name": "apiserver-etcd-client" + }, + { + "expiry": "2027-06-09T16:51:05.000Z", + "name": "admin" + }, + { + "expiry": "2027-06-09T16:51:05.000Z", + "name": "super-admin" + }, + { + "expiry": "2027-06-09T16:51:05.000Z", + "name": "controller-manager" + }, + { + "expiry": "2027-06-09T16:51:05.000Z", + "name": "scheduler" + }, + { + "expiry": "2027-06-09T16:51:05.000Z", + "name": "kubelet-client" + }, + { + "expiry": "2027-06-09T16:51:05.000Z", + "name": "kubelet-serving" } ], - "expiry": "2033-05-23T16:45:22.209Z", + "expiry": "2036-06-09T16:45:22.209Z", "name": "ca" }, { "certificates": [ { - "expiry": "2024-05-23T16:51:05.000Z", - "name": "kube-apiserver-etcd-client" - }, - { - "expiry": "2024-05-23T16:51:05.000Z", - "name": "kube-etcd-healthcheck-client" + "expiry": "2027-06-09T16:51:05.000Z", + "name": "server" }, { - "expiry": "2024-05-23T16:51:05.000Z", - "name": "kube-etcd-peer" + "expiry": "2027-06-09T16:51:05.000Z", + "name": "peer" }, { - "expiry": "2024-05-23T16:51:05.000Z", - "name": "kube-etcd-server" + "expiry": "2027-06-09T16:51:05.000Z", + "name": "healthcheck-client" } ], - "expiry": "2033-05-23T16:45:22.209Z", + "expiry": "2036-06-09T16:45:22.209Z", "name": "etcd-ca" } ], @@ -298,5 +324,11 @@ Using the following steps, you can validate that the cluster's PKI certificates } ``` + :::info + + The exact set of certificates returned varies by Kubernetes distribution and node configuration. + + ::: + diff --git a/docs/docs-content/clusters/cluster-management/cluster-updates.md b/docs/docs-content/clusters/cluster-management/cluster-updates.md index e5826149f43..aa3e880f261 100644 --- a/docs/docs-content/clusters/cluster-management/cluster-updates.md +++ b/docs/docs-content/clusters/cluster-management/cluster-updates.md @@ -145,17 +145,17 @@ You can follow these steps to validate all cluster update approaches. ## Trigger Worker Node Upgrade -If you have enabled the [**Skip worker node update (Optional)**](./node-pool.md#worker-node-pool) option for worker -nodes on an AWS IaaS, MAAS, or VMware vSphere cluster, you can manually trigger a worker node upgrade at any time after -updating the control plane. +If you have enabled the [**Skip worker node update (Optional)**](./node-pool.md#skip-worker-node-update) option for +worker nodes on an AWS IaaS, MAAS, VMware vSphere, or connected Edge Native cluster, you can manually trigger a worker +node upgrade at any time after updating the control plane. This action repaves the worker nodes to match the control plane's Kubernetes version. This may incur downtime for workloads running on those nodes, so plan accordingly. ### Prerequisites -- An active AWS IaaS, MAAS, or VMware vSphere cluster in Palette with the **Skip worker node update (Optional)** option - enabled. +- An active AWS IaaS, MAAS, VMware vSphere, or connected Edge Native cluster in Palette with the **Skip worker node + update (Optional)** option enabled. - The cluster control plane must be updated to a newer Kubernetes version within the supported N-3 minor version skew. diff --git a/docs/docs-content/clusters/cluster-management/headlamp.md b/docs/docs-content/clusters/cluster-management/headlamp.md index 5b003b446f6..2564a1f8948 100644 --- a/docs/docs-content/clusters/cluster-management/headlamp.md +++ b/docs/docs-content/clusters/cluster-management/headlamp.md @@ -7,10 +7,6 @@ sidebar_position: 215 tags: ["clusters", "cluster management", "headlamp"] --- -:::preview - -::: - [Headlamp](https://headlamp.dev/) is an open source, web-based interface for Kubernetes that provides a clear and intuitive way to interact with cluster resources without relying solely on command-line tools. It allows you to explore workloads, inspect configurations, and monitor the state of their applications through an intuitive dashboard. @@ -32,16 +28,6 @@ workloads, inspect configurations, and monitor the state of their applications t - An OIDC (OpenID Connect) Identity Provider. For more information about using a custom OIDC, visit the page on [Security Assertion Markup Language (SAML) and OIDC Single Sign-On (SSO)](../../user-management/saml-sso/saml-sso.md#palette-oidc-and-pxk). - - -:::warning - -Due to an [active known issue](../../release-notes/known-issues.md#active-known-issues), Headlamp currently supports only the **Palette** OIDC Identity Provider option configured in the pack of your cluster profile. - -::: - - - ## Enablement 1. Log in to [Palette](https://console.spectrocloud.com/). diff --git a/docs/docs-content/clusters/cluster-management/node-pool.md b/docs/docs-content/clusters/cluster-management/node-pool.md index 18bee295cfd..fa29c47217d 100644 --- a/docs/docs-content/clusters/cluster-management/node-pool.md +++ b/docs/docs-content/clusters/cluster-management/node-pool.md @@ -89,16 +89,18 @@ settings may not be available. ### Control Plane Node Pool -| **Property** | **Description** | -| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **Node pool name** | A descriptive name for the node pool. | -| **Number of nodes in the pool** | Number of nodes to be provisioned for the node pool. This number can be 1, 3, or 5. | -| **Allow worker capability** | Select this option to allow workloads to be provisioned on control plane nodes. | -| **Additional Labels** | Optional labels apply placement constraints on a pod. For example, you can add a label to make a node eligible to receive the workload. To learn more, refer to the [Node Labels](./node-labels.md). | -| **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each control plane node. | -| **Taints** | Sets toleration to pods and allows (but does not require) the pods to schedule onto nodes with matching taints. To learn more, refer to the [Taints and Tolerations](./taints.md) guide. | -| **Availability Zones** | The Availability Zones from which to select available servers for deployment. If you select multiple zones, Palette will deploy servers evenly across them as long as sufficient servers are available to do so. | -| **Disk Size** | Give the required storage size. | +| **Property** | **Description** | +| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Node pool name** | A descriptive name for the node pool. | +| **Number of nodes in the pool** | Number of nodes to be provisioned for the node pool. This number can be 1, 3, or 5. | +| **Allow worker capability** | Select this option to allow workloads to be provisioned on control plane nodes. | +| **Additional Labels** | Optional labels apply placement constraints on a pod. For example, you can add a label to make a node eligible to receive the workload. To learn more, refer to the [Node Labels](./node-labels.md). | +| **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each control plane node. | +| **Override Machine Health Check** | Override the default Cluster API [Machine Health Check (MHC)](https://cluster-api.sigs.k8s.io/tasks/automated-machine-management/healthchecking/) settings that Palette applies to this node pool. This option is disabled by default and is available only on Palette eXtended Kubernetes (PXK) infrastructure clusters that use Cluster API. It does not apply to EKS, AKS, or GKE clusters. When enabled, the **Configure Machine Health Check** button appears. When this option is disabled, the node pool uses the default Palette MHC settings. | +| **Configure Machine Health Check** | Available only when **Override Machine Health Check** is enabled. Select this option to define the `maxUnhealthy`, `nodeStartupTimeout`, and `unhealthyNodeConditions` values for the node pool. Palette honors per-pool overrides only when [Cluster Auto Remediation](platform-settings/cluster-auto-remediation.md) is enabled at the tenant or project level. If the MHC configuration is invalid, Palette records an error in the cluster event stream, ignores the override, and applies the default MHC. Any changes made after cluster deployment trigger a cluster repave. | +| **Taints** | Sets toleration to pods and allows (but does not require) the pods to schedule onto nodes with matching taints. To learn more, refer to the [Taints and Tolerations](./taints.md) guide. | +| **Availability Zones** | The Availability Zones from which to select available servers for deployment. If you select multiple zones, Palette will deploy servers evenly across them as long as sufficient servers are available to do so. | +| **Disk Size** | Give the required storage size. | ### Worker Node Pool @@ -108,11 +110,13 @@ settings may not be available. | **Enable Autoscaler** | Scale the worker pool horizontally based on its per-node workload counts. The **Minimum size** specifies the lower bound of nodes in the pool, and the **Maximum size** specifies the upper bound. Setting both parameters to the same value results in a static node count. Public cloud (AWS, Azure, and GCP) IaaS clusters and private data center (VMware vSphere, Apache CloudStack, and MAAS) clusters use the Cluster API [autoscaler](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md) tool; Azure AKS uses the [Azure autoscaler](https://learn.microsoft.com/en-us/azure/aks/cluster-autoscaler?tabs=azure-cli) tool, which is based on the Cluster API autoscaler.

    **NOTE:** If autoscaling is enabled when deploying [VMware vSphere clusters](../data-center/vmware/create-manage-vmware-clusters.md) using an [IP Address Management (IPAM) node pool](../pcg/manage-pcg/create-manage-node-pool.md) with [static placement configured](../pcg/deploy-pcg/vmware.md#static-placement-configuration), the **Maximum size** determines the number of IP addresses automatically reserved for worker nodes. During day-2 operations, even if autoscaler is disabled or the **Maximum size** of the worker pool is reduced, the original number of IP addresses remains allocated. To release the IP addresses, you must [delete the worker node pool](#delete-a-node-pool). | | **Number of nodes in the pool** | Number of nodes to be provisioned for the node pool. This field is hidden if **Enable Autoscaler** is toggled on. | | **Node repave interval** | The time interval in seconds between repaves. The default value is 0 seconds. | -| **Skip worker node update (Optional)** | Enable this option to skip updating worker nodes during a cluster upgrade. The version difference between the control plane and worker nodes must not exceed the [N-3 minor version skew supported by Kubernetes](https://kubernetes.io/releases/version-skew-policy/). Palette enforces this during cluster profile updates and blocks you from updating if you attempt to exceed the N-3 threshold.

    This is useful for production workloads that require high availability or for nodes running critical applications that cannot tolerate downtime. For example, if you have a worker pool dedicated to running database instances or real-time processing services, enable this option to maintain service continuity while still allowing the control plane to receive security patches and feature updates. You can then schedule [worker node updates](../cluster-management/cluster-updates.md#trigger-worker-node-upgrade) during planned maintenance windows. | +| **Skip worker node update (Optional)** | Enable this option to skip updating worker nodes during a cluster upgrade and update the control plane only. The Kubernetes version difference between the control plane and worker nodes must not exceed the [N-3 minor version skew supported by Kubernetes](https://kubernetes.io/releases/version-skew-policy/).

    For more information, including supported cluster types, behavior during profile updates, and how to trigger the deferred worker upgrade, refer to [Skip Worker Node Update](#skip-worker-node-update). | | **Additional Labels** | Optional labels apply placement constraints on a pod. For example, you can add a label to make a node eligible to receive the workload. To learn more, refer to the [Node Labels](./node-labels.md) guide. | | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each worker node. | | **Override Kubeadm Configuration** | Adjust kubelet arguments for [kubeadm](https://kubernetes.io/docs/reference/setup-tools/kubeadm/) or pre-kubeadm commands to meet specific operational or environment requirements for your worker nodes. This option is disabled by default. When enabled, the **Configure Kubeadm** button appears. | | **Configure Kubeadm** | Available only when **Override Kubeadm Configuration** is enabled. Select this option to override `kubeadmconfig.kubeletExtraArgs` and `kubeadmconfig.preKubeadmConfig` commands configured in the Kubernetes layer of your cluster profile. Any changes made post-cluster deployment will trigger a cluster repave. | +| **Override Machine Health Check** | Override the default Cluster API [Machine Health Check (MHC)](https://cluster-api.sigs.k8s.io/tasks/automated-machine-management/healthchecking/) settings that Palette applies to this node pool. This option is disabled by default and is available only on Palette eXtended Kubernetes (PXK) infrastructure clusters that use Cluster API. It does not apply to EKS, AKS, or GKE clusters. When enabled, the **Configure Machine Health Check** button appears. When this option is disabled, the node pool uses the default Palette MHC settings. | +| **Configure Machine Health Check** | Available only when **Override Machine Health Check** is enabled. Select this option to define the `maxUnhealthy`, `nodeStartupTimeout`, and `unhealthyNodeConditions` values for the node pool. Palette honors per-pool overrides only when [Cluster Auto Remediation](platform-settings/cluster-auto-remediation.md) is enabled at the tenant or project level. If the MHC configuration is invalid, Palette records an error in the cluster event stream, ignores the override, and applies the default MHC. Any changes made after cluster deployment trigger a cluster repave. | | **Taints** | Sets toleration to pods and allows (but does not require) the pods to schedule onto nodes with matching taints. To learn more, refer to the [Taints and Tolerations](./taints.md) guide. | | **Rolling update** | Select **Expand First**, **Contract First**, or **Custom** to determine the order in which nodes are added to or removed from the worker node pool.
    - **Expand First** - Adds new nodes before removing old nodes.
    - **Contract First** - Removes old nodes before adding new nodes.
    - **Custom** - Set either an explicit numerical value or a percentage for [**Max Surge**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-surge) and [**Max Unavailable**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-unavailable). **Max Surge** and **Max Unavailable** cannot both be set to `0`. | | **Instance Option** | AWS options for compute capacity. **On Demand** gives you full control over the instance lifecycle without long-term commitment. **Spot** allows the use of spare EC2 capacity at a discount but which can be reclaimed if needed. | @@ -127,6 +131,62 @@ configuration settings to learn more. ::: +## Skip Worker Node Update + +The **Skip worker node update (Optional)** toggle lets you upgrade the control plane of a cluster to a newer Kubernetes +version while deferring the upgrade of one or more worker pools. This is useful for scenarios where you want to apply a +security patch or initiate an LTS upgrade without affecting or repaving worker nodes. You can then schedule the worker +pool upgrade for a time that is convenient for you, such as during a scheduled maintenance window. + +Skipping worker node updates is supported for the following cluster types: + +- AWS IaaS clusters +- MAAS clusters +- VMware vSphere clusters +- Connected (centrally managed) Edge Native clusters + +### Cluster Profile Upgrade Behavior + +When a cluster profile update bumps the Kubernetes version, Palette upgrades the control plane and any worker pools that +do not have **Skip worker node update** enabled. Worker pools with the option enabled are skipped and stay at their +current Kubernetes version. + +:::info + +Palette enforces the Kubernetes [N-3 minor version skew](https://kubernetes.io/releases/version-skew-policy/). If +enabling **Skip worker node update** on a pool would cause it to fall more than three minor versions behind the control +plane, Palette blocks the update. + +::: + +### Scaling Behavior + +Scaling behavior for a worker pool with **Skip worker node update** enabled differs by cluster type. + +For AWS IaaS, MAAS, and VMware vSphere clusters, scale-up is permitted. New nodes added manually or by the cluster +autoscaler join using the worker pool's current Kubernetes version, not the control plane version. Scale-down is not +restricted. + +For connected Edge Native clusters, scale-up is not permitted while the toggle is enabled. Palette rejects scale-up +requests on a pool with the toggle enabled, whether initiated manually or by the cluster autoscaler. To expand capacity, +create a new worker pool and add Edge hosts to it instead. + +### Upgrade a Skipped Worker Pool + +To sync the Kubernetes version of a skipped worker pool with the current Kubernetes control plane version, disable the +**Skip worker node update** toggle on that pool. + +:::danger + +Disabling **Skip worker node update** triggers a repave of the worker pool. Ensure you are ready to repave before +disabling the toggle. + +::: + +For step-by-step instructions, refer to [Trigger Worker Node Upgrade](cluster-updates.md#trigger-worker-node-upgrade). +For Edge Native-specific upgrade behavior, refer to +[Edge Cluster Upgrade Behavior](../edge/cluster-management/upgrade-behavior.md#decoupled-control-plane-and-worker-node-upgrades). + ## Create a New Node Pool ### Prerequisites diff --git a/docs/docs-content/clusters/cluster-management/platform-settings/cluster-auto-remediation.md b/docs/docs-content/clusters/cluster-management/platform-settings/cluster-auto-remediation.md index de67aeca379..e325f084474 100644 --- a/docs/docs-content/clusters/cluster-management/platform-settings/cluster-auto-remediation.md +++ b/docs/docs-content/clusters/cluster-management/platform-settings/cluster-auto-remediation.md @@ -15,6 +15,10 @@ feature will disable auto remediation. This feature can work under two scopes: - Project +You can also override the default Machine Health Check settings per node pool on Palette eXtended Kubernetes (PXK) +infrastructure clusters. Palette honors these per-pool overrides only when this feature is enabled at the tenant or +project level. For more information, refer to [Node Pools](../node-pool.md#node-pool-configuration-settings). + :::warning This feature does not apply to EKS or AKS clusters. diff --git a/docs/docs-content/clusters/clusters.md b/docs/docs-content/clusters/clusters.md index 82a91189d75..d68b1cc815d 100644 --- a/docs/docs-content/clusters/clusters.md +++ b/docs/docs-content/clusters/clusters.md @@ -214,6 +214,14 @@ The following are some sample scenarios where the node health is considered as d - New node doesn't get ready in 30 minutes. +:::info + +These thresholds are the default Machine Health Check settings that Palette applies to every node pool. You can override +these settings per node pool on Palette eXtended Kubernetes (PXK) infrastructure clusters. For more information, refer +to [Node Pool Configuration Settings](cluster-management/node-pool.md#node-pool-configuration-settings). + +::: + ## Event Stream Palette maintains an event stream with low-level details of the various orchestration tasks being performed. This event diff --git a/docs/docs-content/clusters/data-center/cloudstack/create-manage-cloudstack-clusters.md b/docs/docs-content/clusters/data-center/cloudstack/create-manage-cloudstack-clusters.md index 80f7f3a7aaf..658d79c496a 100644 --- a/docs/docs-content/clusters/data-center/cloudstack/create-manage-cloudstack-clusters.md +++ b/docs/docs-content/clusters/data-center/cloudstack/create-manage-cloudstack-clusters.md @@ -115,14 +115,15 @@ by the hypervisor. Refer to the [CAPI Image Builder](../../../byoos/byoos.md) fo 8. Fill out the Apache CloudStack configuration details for the cluster. Refer to the table below to learn more about each option. Click **Next** to proceed. - | Field Name | Description | Required | - | --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | - | **Zone** | The Apache CloudStack physical environment the cluster will be created in. | Yes | - | **Project Name** | The Project name within the Domain that the cluster will be created in. | Yes | - | **SSH Key** | The SSH key to use for the cluster. Check out the [Create and Upload an SSH Key](../../cluster-management/ssh/ssh-keys.md#create-and-upload-an-ssh-key) guide to learn how to upload an SSH key to Palette. | No | - | **Static placement** | The network type to use for the cluster. Select **Static IP** if you want to use static IP addresses. Select **DHCP** if you want to use Dynamic Host Configuration Protocol (DHCP). | Yes | - | **Sync cluster with CloudStack Kubernetes Service (CKS)** | To use this, the CloudStack Kubernetes Service must be enabled on the CloudStack management server in a Global Setting. | No | - | **Update worker pools in parallel** | Palette can more efficiently manage workloads by updating multiple worker pools simultaneously. | No | + | Field Name | Description | Required | + | --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | + | **Zone** | The Apache CloudStack physical environment the cluster will be created in. | Yes | + | **Project Name** | The Project name within the Domain that the cluster will be created in. | Yes | + | **SSH Key** | The SSH key to use for the cluster. Check out the [Create and Upload an SSH Key](../../cluster-management/ssh/ssh-keys.md#create-and-upload-an-ssh-key) guide to learn how to upload an SSH key to Palette. | No | + | **Static placement** | The network type to use for the cluster. Select **Static IP** if you want to use static IP addresses. Select **DHCP** if you want to use Dynamic Host Configuration Protocol (DHCP). | Yes | + | **Sync cluster with CloudStack Kubernetes Service (CKS)** | To use this, the CloudStack Kubernetes Service must be enabled on the CloudStack management server in a Global Setting. | No | + | **Override Cluster API cluster configuration** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your cluster. When enabled, the **Update Cluster API cluster configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | No | + | **Update worker pools in parallel** | Palette can more efficiently manage workloads by updating multiple worker pools simultaneously. | No | @@ -131,16 +132,17 @@ by the hypervisor. Refer to the [CAPI Image Builder](../../../byoos/byoos.md) fo 8. Fill out the Apache CloudStack configuration details for the cluster. Refer to the table below to learn more about each option. Click **Next** to proceed. - | Field Name | Description | Required | - | --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | - | **Zone** | The Apache CloudStack physical environment the cluster will be created in. | Yes | - | **Project Name** | The Project name within the Domain that the cluster will be created in. | Yes | - | **SSH Key** | The SSH key to use for the cluster. Check out the [Create and Upload an SSH Key](../../cluster-management/ssh/ssh-keys.md#create-and-upload-an-ssh-key) guide to learn how to upload an SSH key to Palette. | No | - | **Static placement** | The network type to use for the cluster. Select **Static IP** if you want to use static IP addresses. Select **DHCP** if you want to use Dynamic Host Configuration Protocol (DHCP). | Yes | - | **VPC** | The VPC to use for the cluster. | Yes | - | **Network** | The Network to use for the cluster. | Yes | - | **Control plane endpoint** | The IP address for the Control plane. | Yes | - | **Sync cluster with CloudStack Kubernetes Service (CKS)** | To use this, the CloudStack Kubernetes Service must be enabled on the CloudStack management server in a Global Setting. | No | + | Field Name | Description | Required | + | --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | + | **Zone** | The Apache CloudStack physical environment the cluster will be created in. | Yes | + | **Project Name** | The Project name within the Domain that the cluster will be created in. | Yes | + | **SSH Key** | The SSH key to use for the cluster. Check out the [Create and Upload an SSH Key](../../cluster-management/ssh/ssh-keys.md#create-and-upload-an-ssh-key) guide to learn how to upload an SSH key to Palette. | No | + | **Static placement** | The network type to use for the cluster. Select **Static IP** if you want to use static IP addresses. Select **DHCP** if you want to use Dynamic Host Configuration Protocol (DHCP). | Yes | + | **VPC** | The VPC to use for the cluster. | Yes | + | **Network** | The Network to use for the cluster. | Yes | + | **Control plane endpoint** | The IP address for the Control plane. | Yes | + | **Sync cluster with CloudStack Kubernetes Service (CKS)** | To use this, the CloudStack Kubernetes Service must be enabled on the CloudStack management server in a Global Setting. | No | + | **Override Cluster API cluster configuration** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your cluster. When enabled, the **Update Cluster API cluster configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | No | @@ -157,14 +159,15 @@ by the hypervisor. Refer to the [CAPI Image Builder](../../../byoos/byoos.md) fo ::: - | Field Name | Description | - | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | - | **Node Pool Name** | The name of the control plane node pool. | - | **Number of nodes in the pool** | The number of control plane nodes. Allowed values are 1, 3, and 5. | - | **Allow Worker Capability** | Enable this option to workloads to be deployed on control plane nodes. | - | **Additional Labels** | Additional labels to apply to the control plane nodes. | - | **Additional Annotations** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each control plane node. | - | **Taints** | Taints to apply to the control plane nodes. If enabled, an input field is displayed to specify the taint key, value and effect. Check out the [Node Labels and Taints](../../cluster-management/taints.md) page to learn more. | + | Field Name | Description | + | ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | **Node Pool Name** | The name of the control plane node pool. | + | **Number of nodes in the pool** | The number of control plane nodes. Allowed values are 1, 3, and 5. | + | **Allow Worker Capability** | Enable this option to workloads to be deployed on control plane nodes. | + | **Additional Labels** | Additional labels to apply to the control plane nodes. | + | **Additional Annotations** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each control plane node. | + | **Override Cluster API node pool configuration (Optional)** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your node pool. When enabled, the **Update Cluster API node pool configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | + | **Taints** | Taints to apply to the control plane nodes. If enabled, an input field is displayed to specify the taint key, value and effect. Check out the [Node Labels and Taints](../../cluster-management/taints.md) page to learn more. | #### Cloud Configuration @@ -175,18 +178,19 @@ by the hypervisor. Refer to the [CAPI Image Builder](../../../byoos/byoos.md) fo ### Worker Plane Pool Configuration - | Field Name | Description | - | ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | **Node Pool Name** | The name of the control plane node pool. | - | **Enable Autoscaler** | Scale the pool horizontally based on its per-node workload counts. The **Minimum size** specifies the lower bound of nodes in the pool, and the **Maximum size** specifies the upper bound. Setting both parameters to the same value results in a static node count. Refer to the Cluster API [autoscaler documentation](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md) for more information on autoscaling. | - | **Node Repave Interval** | The interval at which the worker nodes are repaved in seconds. Refer to the [Repave Behavior and Configuration](../../cluster-management/node-pool.md#repave-behavior-and-configuration) for additional information about repave behaviors. | - | **Number of Nodes in the Pool** | Number of nodes to be provisioned for the node pool. This field is hidden if **Enable Autoscaler** is toggled on. | - | **Rolling Update** | Select **Expand First**, **Contract First**, or **Custom** to determine the order in which nodes are added to or removed from the worker node pool.
    - **Expand First** - Adds new nodes before removing old nodes.
    - **Contract First** - Removes old nodes before adding new nodes.
    - **Custom** - Set either an explicit numerical value or a percentage for [**Max Surge**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-surge) and [**Max Unavailable**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-unavailable). **Max Surge** and **Max Unavailable** cannot both be set to `0`. | - | **Additional Labels** | Additional labels to apply to the worker nodes. | - | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each worker node. | - | **Override Kubeadm Configuration** | Adjust kubelet arguments for [kubeadm](https://kubernetes.io/docs/reference/setup-tools/kubeadm/) or pre-kubeadm commands to meet specific operational or environment requirements for your worker nodes. This option is disabled by default. When enabled, the **Configure Kubeadm** button appears. | - | **Configure Kubeadm** | Available only when **Override Kubeadm Configuration** is enabled. Select this option to override `kubeadmconfig.kubeletExtraArgs` and `kubeadmconfig.preKubeadmConfig` commands configured in the Kubernetes layer of your cluster profile. Any changes made post-cluster deployment will trigger a cluster repave. | - | **Taints** | Taints to apply to the control plane nodes. If enabled, an input field is displayed to specify the taint key, value and effect. Check out the [Node Labels and Taints](../../cluster-management/taints.md) page to learn more. | + | Field Name | Description | + | ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | **Node Pool Name** | The name of the control plane node pool. | + | **Enable Autoscaler** | Scale the pool horizontally based on its per-node workload counts. The **Minimum size** specifies the lower bound of nodes in the pool, and the **Maximum size** specifies the upper bound. Setting both parameters to the same value results in a static node count. Refer to the Cluster API [autoscaler documentation](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md) for more information on autoscaling. | + | **Node Repave Interval** | The interval at which the worker nodes are repaved in seconds. Refer to the [Repave Behavior and Configuration](../../cluster-management/node-pool.md#repave-behavior-and-configuration) for additional information about repave behaviors. | + | **Number of Nodes in the Pool** | Number of nodes to be provisioned for the node pool. This field is hidden if **Enable Autoscaler** is toggled on. | + | **Rolling Update** | Select **Expand First**, **Contract First**, or **Custom** to determine the order in which nodes are added to or removed from the worker node pool.
    - **Expand First** - Adds new nodes before removing old nodes.
    - **Contract First** - Removes old nodes before adding new nodes.
    - **Custom** - Set either an explicit numerical value or a percentage for [**Max Surge**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-surge) and [**Max Unavailable**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-unavailable). **Max Surge** and **Max Unavailable** cannot both be set to `0`. | + | **Additional Labels** | Additional labels to apply to the worker nodes. | + | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each worker node. | + | **Override Cluster API node pool configuration (Optional)** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your node pool. When enabled, the **Update Cluster API node pool configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | + | **Override Kubeadm Configuration** | Adjust kubelet arguments for [kubeadm](https://kubernetes.io/docs/reference/setup-tools/kubeadm/) or pre-kubeadm commands to meet specific operational or environment requirements for your worker nodes. This option is disabled by default. When enabled, the **Configure Kubeadm** button appears. | + | **Configure Kubeadm** | Available only when **Override Kubeadm Configuration** is enabled. Select this option to override `kubeadmconfig.kubeletExtraArgs` and `kubeadmconfig.preKubeadmConfig` commands configured in the Kubernetes layer of your cluster profile. Any changes made post-cluster deployment will trigger a cluster repave. | + | **Taints** | Taints to apply to the control plane nodes. If enabled, an input field is displayed to specify the taint key, value and effect. Check out the [Node Labels and Taints](../../cluster-management/taints.md) page to learn more. | #### Cloud Configuration diff --git a/docs/docs-content/clusters/data-center/maas/architecture.md b/docs/docs-content/clusters/data-center/maas/architecture.md index 941b0580361..804b24c8ee2 100644 --- a/docs/docs-content/clusters/data-center/maas/architecture.md +++ b/docs/docs-content/clusters/data-center/maas/architecture.md @@ -53,8 +53,21 @@ using Canonical MAAS. Refer to the PCG deployment options section below to learn ## Limitations -The Canonical Kubernetes pack for deployments in MAAS environments is a Tech Preview feature and does not support -cluster backups with [volume snapshots](../../cluster-management/backup-restore/backup-restore.md#volume-snapshots). + + +The Canonical Kubernetes pack for deployments in MAAS environments does not support the following: + +- OpenID Connect (OIDC) +- Network Time Protocol (NTP) +- SSH key management +- HashiCorp Cloud Platform (HCP) / Linux Container Daemon (LXD) +- The pack is available as a Container Network Interface + (CNI) for Canonical Kubernetes 1.35 and later. For configuration steps, refer + to . + + ## Palette MAAS Distribution @@ -68,8 +81,8 @@ Palette provides the following distributions for MAAS environments. :::preview -The **Canonical Kubernetes** and **OpenShift** packs for deployments in MAAS environments are Tech Preview features and -are subject to change. Do not use these features in production workloads. +The **OpenShift** pack for deployment in MAAS environments is a Tech Preview feature and is subject to change. Do not +use this feature in production workloads. ::: diff --git a/docs/docs-content/clusters/data-center/maas/create-manage-maas-lxd-clusters.md b/docs/docs-content/clusters/data-center/maas/create-manage-maas-lxd-clusters.md index 1b3346bbdae..bb191d53a36 100644 --- a/docs/docs-content/clusters/data-center/maas/create-manage-maas-lxd-clusters.md +++ b/docs/docs-content/clusters/data-center/maas/create-manage-maas-lxd-clusters.md @@ -12,9 +12,13 @@ enabled. This feature allows you to spawn multiple control plane nodes as LXD VM servers, while your worker nodes run on bare metal. This improves resource utilization by reducing the number of bare metal machines needed to run control planes and keeps virtualization overhead low. -:::preview +## Limitations -::: + + +The deployment of MAAS clusters to LXD VMs is limited to the Kubernetes distribution . + + ## Prerequisites diff --git a/docs/docs-content/clusters/edge/cluster-management/upgrade-behavior.md b/docs/docs-content/clusters/edge/cluster-management/upgrade-behavior.md index 49b744346d6..e3c6fe74ae7 100644 --- a/docs/docs-content/clusters/edge/cluster-management/upgrade-behavior.md +++ b/docs/docs-content/clusters/edge/cluster-management/upgrade-behavior.md @@ -123,3 +123,44 @@ Do not change to a different storage pack after provisioning a cluster. You can pack, but if you want to use a different storage pack altogether, we recommend you create another cluster. ::: + +## Decoupled Control Plane and Worker Node Upgrades + +Connected (centrally managed) Edge Native clusters support upgrading the control plane independently from worker pools. +You can enable the **Skip worker node update (Optional)** toggle on individual worker pools to defer their Kubernetes +upgrade while the control plane advances. + +:::info + +This feature is only available for connected Edge Native clusters. Locally managed Edge clusters are not supported. + +::: + +When a cluster profile update bumps the Kubernetes version, Palette upgrades the control plane and any worker pools that +do not have **Skip worker node update** enabled. Worker pools with the toggle enabled are skipped and stay at their +current Kubernetes version. + +Palette enforces the Kubernetes [N-3 minor version skew](https://kubernetes.io/releases/version-skew-policy/). If +enabling the toggle would cause a worker pool to fall more than three minor versions behind the control plane, Palette +blocks the upgrade. + +Scale-up is not permitted while the toggle is enabled. Palette rejects scale-up requests on a pool with the toggle +enabled, whether initiated manually or by the cluster autoscaler. To expand capacity, create a new worker pool and add +Edge hosts to it instead. + +### Upgrade a Skipped Worker Pool + +To sync the Kubernetes version of a skipped worker pool with the current Kubernetes control plane version, disable the +**Skip worker node update** toggle on that pool. + +:::danger + +Disabling **Skip worker node update** triggers a repave of the worker pool. Ensure you are ready to repave before +disabling the toggle. + +::: + +For configuration details, refer to +[Skip Worker Node Update](../../../clusters/cluster-management/node-pool.md#skip-worker-node-update). For step-by-step +instructions to trigger the upgrade, refer to +[Trigger Worker Node Upgrade](../../../clusters/cluster-management/cluster-updates.md#trigger-worker-node-upgrade). diff --git a/docs/docs-content/clusters/edge/edge-compatibility-matrix.md b/docs/docs-content/clusters/edge/edge-compatibility-matrix.md index 472c8a2d001..69e28d57b7c 100644 --- a/docs/docs-content/clusters/edge/edge-compatibility-matrix.md +++ b/docs/docs-content/clusters/edge/edge-compatibility-matrix.md @@ -21,20 +21,21 @@ CanvOS, Stylus, and the Edge host version refer to the same Edge host software r ## Compatibility Matrix -| Palette Release | CanvOS / Stylus / Edge Host Version | Palette CLI Version | Palette Edge CLI Status | -| --------------- | ----------------------------------- | ------------------- | ---------------------------------------------------- | -| 4.9.14 | 4.9.10 | 4.9.5 | Deprecated. Use Palette CLI for supported workflows. | -| 4.9.5 | 4.9.4 | 4.9.2 | 4.9.4 | -| 4.8.47 | 4.8.18 | 4.8.10 | 4.8.18 | -| 4.8.33 | 4.8.10 | 4.8.7 | 4.8.10 | -| 4.8.21 | 4.8.8 | 4.8.5 | 4.8.8 | -| 4.8.6 | 4.8.1 | 4.8.2 | 4.8.1 | -| 4.7.27 | 4.7.16 | 4.7.4 | 4.7.16 | -| 4.7.20 | 4.7.13 | 4.7.2 | 4.7.13 | -| 4.7.13 | 4.7.9 | 4.7.1 | 4.7.9 | -| 4.7.3 | 4.7.2 | 4.7.0 | 4.7.2 | -| 4.6.40 | 4.6.24 | 4.6.8 | 4.6.24 | -| 4.6.32 | 4.6.21 | 4.6.6 | 4.6.21 | +| Palette Release | CanvOS / Stylus / Edge Host Version | Palette CLI Version | Palette Edge CLI Status | +| --------------------------------- | ----------------------------------- | ------------------- | ---------------------------------------------------- | +| 4.9.22 | 4.9.19 | 4.9.8 | 4.9.19 | +| 4.9.14 | 4.9.10 | 4.9.5 | Deprecated. Use Palette CLI for supported workflows. | +| 4.9.5 | 4.9.4 | 4.9.2 | 4.9.4 | +| 4.8.47 | 4.8.18 | 4.8.10 | 4.8.18 | +| 4.8.33 | 4.8.10 | 4.8.7 | 4.8.10 | +| 4.8.21 | 4.8.8 | 4.8.5 | 4.8.8 | +| 4.8.6 | 4.8.1 | 4.8.2 | 4.8.1 | +| 4.7.27 | 4.7.16 | 4.7.4 | 4.7.16 | +| 4.7.20 | 4.7.13 | 4.7.2 | 4.7.13 | +| 4.7.13 | 4.7.9 | 4.7.1 | 4.7.9 | +| 4.7.3 | 4.7.2 | 4.7.0 | 4.7.2 | +| 4.6.40 | 4.6.24 | 4.6.8 | 4.6.24 | +| 4.6.32 | 4.6.21 | 4.6.6 | 4.6.21 | ## Palette Edge CLI Deprecation diff --git a/docs/docs-content/clusters/edge/edge-configuration/installer-reference.md b/docs/docs-content/clusters/edge/edge-configuration/installer-reference.md index 35408b7fe67..25eb291a80c 100644 --- a/docs/docs-content/clusters/edge/edge-configuration/installer-reference.md +++ b/docs/docs-content/clusters/edge/edge-configuration/installer-reference.md @@ -41,7 +41,7 @@ listed in alphabetical order. | `stylus.localUI.login.maxFailedAttemptsBeforeLockout` | Number of consecutive failed login attempts allowed before Local UI access is temporarily locked for the user. This parameter takes effect only when `stylus.localUI.login.disableRateLimiting` is set to `false` and is supported for Edge hosts built with Palette agent version 4.7.16 or later. | Integer | `5` | | `stylus.localUI.port` | Specifies the port that Local UI is exposed on. | Integer | `5080` | | `stylus.managementMode` | Allowed values are `local` and `central`. `central` means the Edge host is connected to Palette; `local` means the Edge host has no connection to a Palette instance. | String | `central` | -| `stylus.path` | Specifies Stylus installation directory. Stylus appends its internal layout, `/opt/spectrocloud`, to this path. If you omit this parameter, the system uses `/` as the default root and installs Stylus to `/opt/spectrocloud`. | String | `/` | +| `stylus.path` | Specifies the Palette Edge node agent installation directory. The Palette Edge node agent appends its internal layout, `/opt/spectrocloud`, to this path. If you omit this parameter, the system uses `/` as the default root and installs the Palette Edge node agent to `/opt/spectrocloud`. | String | `/` | | `stylus.registryCredentials` | Only used when a single external registry is in use and no mapping rules are needed. Refer to [Single External Registry](#single-external-registry) for more details. | Object | None | | `stylus.site` | Review [Site Parameters](#site-parameters) for more information. | Object | None | | `stylus.trace` | Enable trace output. Allowed values are `true` or `false`. | boolean | `false` | @@ -60,9 +60,17 @@ Using custom `stylus.path` values can lead to deployment issues in some configur enabled by default unless you include the feature in the parameter. The following table displays the available features you can enable using this parameter. -| Value | Description | -| -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `UserDataForm` | This value enables you to edit the installer user data after installation in Local UI. For more information, refer to [Edit User Data](../local-ui/host-management/edit-user-data.md). | +| Value | Description | +| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `UserDataForm` | This value enables you to edit the installer user data after installation in Local UI. For more information, refer to [Edit User Data](../local-ui/host-management/edit-user-data.md). | +| `DisableWorkerNodeCapReconcile` | If you disable **Allow worker capability** on the control plane, a taint is automatically added to the control plane pool that prevents workloads from being scheduled on all control plane nodes. If you manually remove the taint, you can set the `DisableWorkerNodeCapReconcile` feature gate to prevent the Palette Edge node agent from automatically adding the taint again. | + +To enable multiple feature gates, provide a comma-separated list. + +```yaml +stylus: + featureGate: "UserDataForm,DisableWorkerNodeCapReconcile" +``` ### Multiple External Registries diff --git a/docs/docs-content/clusters/edge/edgeforge-workflow/validate-user-data.md b/docs/docs-content/clusters/edge/edgeforge-workflow/validate-user-data.md index 1fb6f279404..4edcb7c6cba 100644 --- a/docs/docs-content/clusters/edge/edgeforge-workflow/validate-user-data.md +++ b/docs/docs-content/clusters/edge/edgeforge-workflow/validate-user-data.md @@ -46,8 +46,8 @@ However, this process is also executed automatically when you build the Edge ins :::deprecated -The Palette Edge CLI is deprecated and new image versions will no longer be published. We recommend using the -[Palette CLI](/automation/palette-cli/) CanvOS directory instead. +The Palette Edge CLI is deprecated and new image versions will no longer be published. We recommend using the CanvOS +directory instead. ::: diff --git a/docs/docs-content/clusters/edge/local-ui/cluster-management/create-cluster.md b/docs/docs-content/clusters/edge/local-ui/cluster-management/create-cluster.md index 5ebab18e9bf..f794bac52b7 100644 --- a/docs/docs-content/clusters/edge/local-ui/cluster-management/create-cluster.md +++ b/docs/docs-content/clusters/edge/local-ui/cluster-management/create-cluster.md @@ -140,6 +140,16 @@ management. you must ensure that you have an odd number of nodes in the control plane. Once a cluster is formed, every node in the control plane will be considered a leader node. + :::info + + When **Allow worker capability** is disabled, the Palette Edge node agent adds a taint to all nodes in the control + plane pool to prevent workloads from being scheduled on any control plane node. If you remove the taint manually, it + is automatically added again by the Palette Edge node agent. To keep the taint removed, add + `DisableWorkerNodeCapReconcile` to `stylus.featureGate` in the OS pack before creating the cluster. For more + information, refer to [Feature Gates](../../edge-configuration/installer-reference.md#feature-gates). + + ::: + For more information about node pool configurations, refer to [Node pools](../../../cluster-management/node-pool.md). After you finish configuration, click **Next**. diff --git a/docs/docs-content/clusters/edge/local-ui/host-management/configure-network-interfaces.md b/docs/docs-content/clusters/edge/local-ui/host-management/configure-network-interfaces.md index a9e71ab7ead..a7aa9395c77 100644 --- a/docs/docs-content/clusters/edge/local-ui/host-management/configure-network-interfaces.md +++ b/docs/docs-content/clusters/edge/local-ui/host-management/configure-network-interfaces.md @@ -36,6 +36,31 @@ irrecoverable failures. - Credentials to log in to Local UI. You can log in with any OS user's credentials. +## Configure the Management Interface + +The management interface handles Edge host management traffic, including Local UI access, communication between Edge +hosts, and content synchronization. If no management interface is selected, the Edge host uses the network interface +associated with the default route. + +You can configure the management interface in the Edge Installer `user-data` file. A selection made in the TUI overrides +the value from `user-data`. After initial setup, a selection made in Local UI overrides the value from the TUI. + +1. Log in to Local UI. + +2. From the **Edge Host** page, locate the **Management Interface** field. + +3. Select the interface to use for management traffic. + +4. Click **Confirm** to save the change. + +:::warning + +Selecting a management interface does not change how the host routes network traffic. If multiple adapters use the same +subnet and each adapter has a default route, traffic may leave through a different adapter than expected. For best +results, place management and cluster traffic on separate subnets. + +::: + ## Configure NICs 1. Log in to Local UI. @@ -47,9 +72,10 @@ irrecoverable failures. :::info - The NIC currently used for Edge host management (Local UI access and registration) is not editable. This management - NIC is locked by design to avoid breaking connectivity. You can identify it by the IP address used to access the - Local UI. + The interface currently used for Edge host management is not editable. This interface is locked by design to avoid + breaking connectivity. The active management interface can be configured through `user-data`, the TUI, or Local UI. + For more information, refer to + [Initial Edge Host Configuration with Palette TUI](../../site-deployment/site-installation/initial-setup.md). ::: diff --git a/docs/docs-content/clusters/edge/site-deployment/cluster-deployment.md b/docs/docs-content/clusters/edge/site-deployment/cluster-deployment.md index da16c06193c..489d385b061 100644 --- a/docs/docs-content/clusters/edge/site-deployment/cluster-deployment.md +++ b/docs/docs-content/clusters/edge/site-deployment/cluster-deployment.md @@ -105,8 +105,24 @@ Use the following steps to create a new host cluster so that you can add Edge ho NTP servers. Click on **Next**. 9. The node configuration page is where you can specify what Edge hosts make up the host cluster. Assign Edge hosts to - the **control-plane-pool** and the **worker-pool**. When you have completed configuring the node pools, click on - **Next**. + the **control-plane-pool** and the **worker-pool**. For more information about node pool configuration settings, + refer to [Node Pools](../../cluster-management/node-pool.md). + + :::info + + When **Allow worker capability** is disabled, the Palette Edge node agent adds a taint to all nodes in the control plane pool to prevent workloads from being scheduled on any control plane node. If you remove the taint manually, it is automatically added again by the Palette Edge node agent. To keep the taint removed, add `DisableWorkerNodeCapReconcile` to + + `stylus.featureGate` in the OS pack before creating the cluster. For more information, refer to + [Feature Gates](../edge-configuration/installer-reference.md#feature-gates). + + ::: + + Optionally, enable **Skip worker node update** on a worker pool to allow the control plane to be upgraded + independently of that pool. For details, refer to + [Skip Worker Node Update](../../cluster-management/node-pool.md#skip-worker-node-update) and + [Edge Cluster Upgrade Behavior](../cluster-management/upgrade-behavior.md#decoupled-control-plane-and-worker-node-upgrades). + + When you have completed configuring the node pools, click on **Next**. 10. (Optional) If you want to provision a [two-node high availability cluster](../architecture/two-node.md), check the **Enable Two-Node Capability** box to enable the two-node high availability architecture. This means you must have diff --git a/docs/docs-content/clusters/edge/site-deployment/site-installation/initial-setup.md b/docs/docs-content/clusters/edge/site-deployment/site-installation/initial-setup.md index f5c15214ebc..1aac2c9ad04 100644 --- a/docs/docs-content/clusters/edge/site-deployment/site-installation/initial-setup.md +++ b/docs/docs-content/clusters/edge/site-deployment/site-installation/initial-setup.md @@ -39,6 +39,9 @@ more information about EdgeForge and site user data, refer to you attempt to update pre-existing network settings via the TUI, a new configuration is created alongside the existing one. To manage pre-existing configurations, use the original configuration method, such as `systemd-networkd`, Netplan, or NetworkManager. +- The TUI management interface cannot be changed after cluster registration. +- You cannot use the TUI to configure network bonds or bridges; you must use + [Local UI](../../local-ui/host-management/configure-network-interfaces.md) instead. ## Prerequisites @@ -123,10 +126,34 @@ more information about EdgeForge and site user data, refer to Check the existing hostname and, optionally, change it to a new one. Use the **TAB** key or the up and down arrow keys to switch between fields. When you make a change, press **ENTER** to apply the change. -6. In **Network Adapter**, select a network adapter to configure. By default, the network adapters request an IP - automatically from the Dynamic Host Configuration Protocol (DHCP) server. The Classless Inter-Domain Routing (CIDR) - block of an adapter's possible IP address is displayed in the **Network Adapter** screen without selecting an - individual adapter. +6. In **Network Adapter**, choose the interface that the Edge host uses for management traffic. Management traffic + includes Local UI access, communication between Edge hosts, and content synchronization. + + From the **Management Interface** drop-down menu, select **None**, a network interface, or a VLAN sub-interface. If + you select **None**, the Edge host uses the network interface associated with the default route. + + You can configure the management interface in the Edge Installer `user-data` file. A selection made in the TUI + overrides the value from `user-data`. After initial setup, a selection made in Local UI overrides the value from the + TUI. + + Use the **TAB** key to switch between the **Management Interface** drop-down menu and the network adapter table. The + selected management interface persists after the Edge host reboots. After you complete the initial setup, the + selected interface is displayed as **Mgmt interface** on the Palette TUI landing page. + + ![updated screenshot of management interface](/clusters_site-installation_initial-setup_tui-management-interface_4.8.webp) + + :::info + + The management interface controls Edge host management traffic only. To control Kubernetes cluster traffic, specify + `host.nicName` in the machine pool configuration. This interface is used for node IP selection, the Kubernetes + control plane API, etcd, and the cluster virtual IP address (VIP). + + ::: + +7. From the network adapter table, select an adapter to configure its network settings. By default, network adapters + request an IP automatically from the Dynamic Host Configuration Protocol (DHCP) server. The Classless Inter-Domain + Routing (CIDR) block of an adapter's possible IP address is displayed in the **Network Adapter** screen without + selecting an individual adapter. On the configuration page for each adapter, you can change the IP addressing scheme of the adapter and choose static IP instead of DHCP. In Static IP mode, you need to provide a static IP address, subnet mask, as well as the address @@ -140,19 +167,19 @@ more information about EdgeForge and site user data, refer to ::: -7. On the configuration page of each network adapter, you can also specify the VLAN ID. A VLAN ID enables you to +8. On the configuration page of each network adapter, you can also specify the VLAN ID. A VLAN ID enables you to logically segment network traffic on the same physical network interface, providing network isolation and enhanced traffic management. If you assign a VLAN ID, the Edge host tags all outgoing packets from that adapter with the specified VLAN identifier. -8. Additionally, you can specify the Maximum Transmission Unit (MTU) for your network adapter. The MTU defines the +9. Additionally, you can specify the Maximum Transmission Unit (MTU) for your network adapter. The MTU defines the largest size, in bytes, of a packet that can be sent over a network interface without needing to be fragmented. Press **ENTER** to apply the change. -9. In **DNS Configuration**, specify the IP address of the primary and secondary name servers. You can optionally also - specify a search domain. Press **ENTER** to apply the change. +10. In **DNS Configuration**, specify the IP address of the primary and secondary name servers. You can optionally also + specify a search domain. Press **ENTER** to apply the change. -10. In **NTP Configuration**, specify one or more NTP servers (for example, 0.pool.ntp.org,1.pool.ntp.org). +11. In **NTP Configuration**, specify one or more NTP servers (for example, 0.pool.ntp.org,1.pool.ntp.org). :::warning @@ -163,7 +190,7 @@ host-specific configuration on all hosts in the cluster. ::: -11. After you are satisfied with the configurations, navigate to **Logout** and press **ENTER** to complete the +12. After you are satisfied with the configurations, navigate to **Logout** and press **ENTER** to complete the configuration. ## Validate diff --git a/docs/docs-content/clusters/pcg/pcg.md b/docs/docs-content/clusters/pcg/pcg.md index b3a2211e2fb..52d8757ccf9 100644 --- a/docs/docs-content/clusters/pcg/pcg.md +++ b/docs/docs-content/clusters/pcg/pcg.md @@ -39,6 +39,7 @@ a PCG to an existing Kubernetes cluster. Refer to the | **Palette Version** | **Kubernetes Version** | | --------------------------------------------------------- | ---------------------- | +| 4.9.22 | 1.34.9 | | 4.9.14 | 1.33.10 | | 4.9.5 | 1.33.10 | | 4.8.47 | 1.32.9 | diff --git a/docs/docs-content/clusters/public-cloud/aws/eks.md b/docs/docs-content/clusters/public-cloud/aws/eks.md index db91a83ed35..19ea91638dc 100644 --- a/docs/docs-content/clusters/public-cloud/aws/eks.md +++ b/docs/docs-content/clusters/public-cloud/aws/eks.md @@ -371,16 +371,17 @@ guide for help with migrating workloads. 9. Provide the following cluster configuration information and click **Next** to continue. - | **Parameter** | **Description** | - | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | - | **Region** | Use the drop-down menu to choose the AWS region where you would like to provision the cluster. | - | **SSH Key Pair Name** | Choose the SSH key pair for the region you selected. This is required for dynamic placement and optional for static placement. SSH key pairs must be pre-configured in your AWS environment. This is called an EC2 Key Pair in AWS. The key you select is inserted into the provisioned VMs. | - | **Enable static placement (Optional)** | By default, Palette uses dynamic placement. This creates a new VPC for the cluster that contains two subnets in different Availability Zones (AZs), which is required for EKS cluster deployment. Palette places resources in these clusters, manages the resources, and deletes them when the corresponding cluster is deleted.

    If you want to place resources into pre-existing VPCs, toggle the **Enable static placement (Optional)** option, and provide the VPC ID in the **Virtual Private Cloud (VPC) ID** field that displays with this option enabled.

    Static placement is required for EKS clusters deployed in [AWS Secret or Top Secret cloud](./add-aws-accounts.md#aws-secret-cloud-sc2s-and-top-secret-cloud-c2s). | - | **Cluster Endpoint Access** | This setting provides access to the Kubernetes API endpoint. Select **Private**, **Public**, or **Private & Public**. If you are deploying your cluster in [AWS Secret or Top Secret cloud](./add-aws-accounts.md#aws-secret-cloud-sc2s-and-top-secret-cloud-c2s), use **Private & Public**. For more information, refer to the [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) reference guide. | - | **Public Access CIDRs** | This setting controls which IP address CIDR ranges can access the cluster. To fully allow unrestricted network access, enter `0.0.0.0/0` in the field. For more information, refer to the [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) reference guide. | - | **Private Access CIDRs** | This setting controls which private IP address CIDR ranges can access the cluster. Private CIDRs provide a way to specify private, self-hosted, and air-gapped networks or Private Cloud Gateway (PCG) that may be located in other VPCs connected to the VPC hosting the cluster endpoint.

    To restrict network access, replace the pre-populated `0.0.0.0/0` with the IP address CIDR range that should be allowed access to the cluster endpoint. Only the IP addresses that are within the specified VPC CIDR range - and any other connected VPCs - will be able to reach the private endpoint. For example, while using `0.0.0.0/0` would allow traffic throughout the VPC and all peered VPCs, specifying the VPC CIDR `10.0.0.0/16` would limit traffic to an individual VPC. For more information, refer to the [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) reference guide. | - | **Enable key encryption (Optional)** | Use this option for secrets encryption. You must have an existing AWS Key Management Service (KMS) key you can use. Toggle the **Enable key encryption (Optional)** option and use the **Provider Amazon Resource Name (ARN)** drop-down menu to select the KMS key ARN.

    If you do not have a KMS key and want to create one, review [Enable Secrets Encryption for EKS Cluster](enable-secrets-encryption-kms-key.md). Once your KMS key is created, return to this step to enable secrets encryption with your new KMS key ARN. | - | **Update worker pools in parallel** | Use this option to efficiently manage workloads by updating multiple worker pools simultaneously. | + | **Parameter** | **Description** | + | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | + | **Region** | Use the drop-down menu to choose the AWS region where you would like to provision the cluster. | + | **SSH Key Pair Name** | Choose the SSH key pair for the region you selected. This is required for dynamic placement and optional for static placement. SSH key pairs must be pre-configured in your AWS environment. This is called an EC2 Key Pair in AWS. The key you select is inserted into the provisioned VMs. | + | **Enable static placement (Optional)** | By default, Palette uses dynamic placement. This creates a new VPC for the cluster that contains two subnets in different Availability Zones (AZs), which is required for EKS cluster deployment. Palette places resources in these clusters, manages the resources, and deletes them when the corresponding cluster is deleted.

    If you want to place resources into pre-existing VPCs, toggle the **Enable static placement (Optional)** option, and provide the VPC ID in the **Virtual Private Cloud (VPC) ID** field that displays with this option enabled.

    Static placement is required for EKS clusters deployed in [AWS Secret or Top Secret cloud](./add-aws-accounts.md#aws-secret-cloud-sc2s-and-top-secret-cloud-c2s). | + | **Cluster Endpoint Access** | This setting provides access to the Kubernetes API endpoint. Select **Private**, **Public**, or **Private & Public**. If you are deploying your cluster in [AWS Secret or Top Secret cloud](./add-aws-accounts.md#aws-secret-cloud-sc2s-and-top-secret-cloud-c2s), use **Private & Public**.

    For fully private endpoint access, deploy a self-hosted [Private Cloud Gateway (PCG)](../../pcg/deploy-pcg-k8s.md) with network access to the cluster and provision the cluster through it. If you select **Private** without a PCG, Palette initially creates the cluster in **Private & Public** mode and changes it to **Private** after cluster provisioning completes.

    For more information, refer to the [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) reference guide. | + | **Public Access CIDRs** | This setting controls which IP address CIDR ranges can access the cluster. To fully allow unrestricted network access, enter `0.0.0.0/0` in the field. For more information, refer to the [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) reference guide. | + | **Private Access CIDRs** | This setting controls which private IP address CIDR ranges can access the cluster. Private CIDRs provide a way to specify private, self-hosted, and air-gapped networks or Private Cloud Gateway (PCG) that may be located in other VPCs connected to the VPC hosting the cluster endpoint.

    To restrict network access, replace the pre-populated `0.0.0.0/0` with the IP address CIDR range that should be allowed access to the cluster endpoint. Only the IP addresses that are within the specified VPC CIDR range - and any other connected VPCs - will be able to reach the private endpoint. For example, while using `0.0.0.0/0` would allow traffic throughout the VPC and all peered VPCs, specifying the VPC CIDR `10.0.0.0/16` would limit traffic to an individual VPC. For more information, refer to the [Amazon EKS cluster endpoint access control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) reference guide. | + | **Enable key encryption (Optional)** | Use this option for secrets encryption. You must have an existing AWS Key Management Service (KMS) key you can use. Toggle the **Enable key encryption (Optional)** option and use the **Provider Amazon Resource Name (ARN)** drop-down menu to select the KMS key ARN.

    If you do not have a KMS key and want to create one, review [Enable Secrets Encryption for EKS Cluster](enable-secrets-encryption-kms-key.md). Once your KMS key is created, return to this step to enable secrets encryption with your new KMS key ARN. | + | **Override Cluster API cluster configuration** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your cluster. When enabled, the **Update Cluster API cluster configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | + | **Update worker pools in parallel** | Use this option to efficiently manage workloads by updating multiple worker pools simultaneously. | :::warning @@ -403,13 +404,14 @@ guide for help with migrating workloads. #### Node Configuration Settings - | **Parameter** | **Description** | - | ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | **Node pool name** | A descriptive name for the node pool. | - | **Number of nodes in the pool** | The number of nodes in the worker pool. | - | **Additional Labels (Optional)** | Optional labels to nodes in key-value format. For general information about applying labels, review the [Node Labels](../../cluster-management/node-labels.md) guide. Example: `"environment": "production"`. | - | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each worker node. | - | **Taints (Optional)** | You can apply optional taint labels to a node pool during cluster creation or edit taint labels on an existing cluster. Review the [Node Pool](../../cluster-management/node-pool.md) management page and [Taints and Tolerations](../../cluster-management/taints.md) guide to learn more. Toggle the **Taint** button to create a taint label. When tainting is enabled, you need to provide a custom key-value pair. Use the drop-down menu to choose one of the following **Effect** options:

    - **NoSchedule** - Pods are not scheduled onto nodes with this taint.
    - **PreferNoSchedule** - Kubernetes attempts to avoid scheduling pods onto nodes with this taint, but scheduling is not prohibited.
    - **NoExecute** - New pods that do not tolerate the taint will not be scheduled on the node, and existing pods on the node, if any, will be evicted if they do not tolerate the taint. | + | **Parameter** | **Description** | + | ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | **Node pool name** | A descriptive name for the node pool. | + | **Number of nodes in the pool** | The number of nodes in the worker pool. | + | **Additional Labels (Optional)** | Optional labels to nodes in key-value format. For general information about applying labels, review the [Node Labels](../../cluster-management/node-labels.md) guide. Example: `"environment": "production"`. | + | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each worker node. | + | **Override Cluster API node pool configuration (Optional)** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your node pool. When enabled, the **Update Cluster API node pool configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | + | **Taints (Optional)** | You can apply optional taint labels to a node pool during cluster creation or edit taint labels on an existing cluster. Review the [Node Pool](../../cluster-management/node-pool.md) management page and [Taints and Tolerations](../../cluster-management/taints.md) guide to learn more. Toggle the **Taint** button to create a taint label. When tainting is enabled, you need to provide a custom key-value pair. Use the drop-down menu to choose one of the following **Effect** options:

    - **NoSchedule** - Pods are not scheduled onto nodes with this taint.
    - **PreferNoSchedule** - Kubernetes attempts to avoid scheduling pods onto nodes with this taint, but scheduling is not prohibited.
    - **NoExecute** - New pods that do not tolerate the taint will not be scheduled on the node, and existing pods on the node, if any, will be evicted if they do not tolerate the taint. | #### Cloud Configuration Settings diff --git a/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md b/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md index 935bb897b66..47cda34d015 100644 --- a/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md +++ b/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md @@ -241,16 +241,17 @@ Take the following steps to deploy an Azure cluster. ::: - | **Parameter** | **Description** | - | -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | **Subscription** | Choose the subscription that will be used to access Azure services. | - | **Region** | Choose the Azure region to provision the cluster. | - | **Resource Group** | Select the name of the resource group that contains the Azure resources you will be accessing. | - | **Storage account (Optional)** | (Optional) Use a storage account, if desired. For information about custom storage use cases, refer to our [Azure Storage](../azure/architecture.md#azure-storage) documentation. | - | **Storage container (Optional)** | (Optional) Use a custom storage container, if desired. For information about custom storage use cases, refer to our [Azure Storage](../azure/architecture.md#azure-storage) documentation. | - | **SSH Key** | Select the public SSH key to use when connecting to the nodes. The SSH key pairs displayed are pulled from the Azure cloud account being used to deploy the cluster. The key you select is inserted into the provisioned VMs. For more information, review Microsoft's [Supported SSH key formats](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys#supported-ssh-key-formats). | - | **Static Placement** | (Optional) By default, Palette uses dynamic placement. Select this option to place resources into a pre-existing VNet, and complete the fields listed in the [Static Placement](#static-placement-settings) table. **Static Placement** must be enabled for clusters where you want to use network proxy configurations and for clusters deployed in [Azure Government Secret](../../../clusters/public-cloud/azure/azure-cloud.md) cloud. To learn more about proxy configurations, check out [Proxy Configuration](./architecture.md#proxy-configuration). | - | **Private API Server LB** | (Optional) Select this option to configure a private API server load balancer and enable private connectivity to your Kubernetes cluster, and complete the fields listed in the [Private API Server LB Settings](#private-api-server-lb-settings) table. The option **Private API Server LB** exposes the Kubernetes control plane endpoint on an internal Azure load balancer.

    This option is available only when deploying clusters through a [self-hosted PCG](../../pcg/deploy-pcg-k8s.md). This option must be enabled if deploying clusters to [Azure Government Secret cloud](./azure-cloud.md#azure-government-secret-cloud). | + | **Parameter** | **Description** | + | ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | **Subscription** | Choose the subscription that will be used to access Azure services. | + | **Region** | Choose the Azure region to provision the cluster. | + | **Resource Group** | Select the name of the resource group that contains the Azure resources you will be accessing. | + | **Storage account (Optional)** | (Optional) Use a storage account, if desired. For information about custom storage use cases, refer to our [Azure Storage](../azure/architecture.md#azure-storage) documentation. | + | **Storage container (Optional)** | (Optional) Use a custom storage container, if desired. For information about custom storage use cases, refer to our [Azure Storage](../azure/architecture.md#azure-storage) documentation. | + | **SSH Key** | Select the public SSH key to use when connecting to the nodes. The SSH key pairs displayed are pulled from the Azure cloud account being used to deploy the cluster. The key you select is inserted into the provisioned VMs. For more information, review Microsoft's [Supported SSH key formats](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys#supported-ssh-key-formats). | + | **Static Placement** | (Optional) By default, Palette uses dynamic placement. Select this option to place resources into a pre-existing VNet, and complete the fields listed in the [Static Placement](#static-placement-settings) table. **Static Placement** must be enabled for clusters where you want to use network proxy configurations and for clusters deployed in [Azure Government Secret](../../../clusters/public-cloud/azure/azure-cloud.md) cloud. To learn more about proxy configurations, check out [Proxy Configuration](./architecture.md#proxy-configuration). | + | **Private API Server LB** | (Optional) Select this option to configure a private API server load balancer and enable private connectivity to your Kubernetes cluster, and complete the fields listed in the [Private API Server LB Settings](#private-api-server-lb-settings) table. The option **Private API Server LB** exposes the Kubernetes control plane endpoint on an internal Azure load balancer.

    This option is available only when deploying clusters through a [self-hosted PCG](../../pcg/deploy-pcg-k8s.md). This option must be enabled if deploying clusters to [Azure Government Secret cloud](./azure-cloud.md#azure-government-secret-cloud). | + | **Override Cluster API cluster configuration** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your cluster. When enabled, the **Update Cluster API cluster configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | ### Static Placement Settings @@ -299,14 +300,15 @@ Take the following steps to deploy an Azure cluster. ### Control Plane Pool Configuration Settings - | **Parameter** | **Description** | - | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | **Node pool name** | Enter a descriptive name for the control plane node pool. | - | **Number of nodes in the pool** | Specify the number of nodes in the control plane pool. | - | **Allow worker capability (Optional)** | (Optional) Allow workloads to be provisioned on control plane nodes. | - | **Additional Labels (Optional)** | (Optional) Add optional [node labels](../../cluster-management/node-labels.md) to nodes using key-value format. Example: `environment:production`. | - | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each control plane node. | - | **Taints (Optional)** | (Optional) Apply optional taint labels to a node pool during cluster creation or edit taint labels on an existing cluster. Select **Add New Taint** to create a taint label, and complete the following fields:

    - **Key** - Enter the key in the taint key-value pair.
    - **Value** - Enter the value in the taint key-value pair.
    - **Effect** - Choose from among the following **Effect** options: **NoSchedule**, **PreferNoSchedule**, and **NoExecute**.

    - **NoSchedule** - Pods are not scheduled onto nodes with this taint.
    - **PreferNoSchedule** - Kubernetes attempts to avoid scheduling pods onto nodes with this taint, but scheduling is not prohibited.
    - **NoExecute** - New pods that do not tolerate the taint will not be scheduled on the node, and existing pods on the node, if any, will be evicted if they do not tolerate the taint.

    Review our [Node Pool](../../cluster-management/node-pool.md) and [Taints and Tolerations](../../cluster-management/taints.md) guides to learn more. | + | **Parameter** | **Description** | + | ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | **Node pool name** | Enter a descriptive name for the control plane node pool. | + | **Number of nodes in the pool** | Specify the number of nodes in the control plane pool. | + | **Allow worker capability (Optional)** | (Optional) Allow workloads to be provisioned on control plane nodes. | + | **Additional Labels (Optional)** | (Optional) Add optional [node labels](../../cluster-management/node-labels.md) to nodes using key-value format. Example: `environment:production`. | + | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each control plane node. | + | **Override Cluster API node pool configuration (Optional)** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your node pool. When enabled, the **Update Cluster API node pool configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | + | **Taints (Optional)** | (Optional) Apply optional taint labels to a node pool during cluster creation or edit taint labels on an existing cluster. Select **Add New Taint** to create a taint label, and complete the following fields:

    - **Key** - Enter the key in the taint key-value pair.
    - **Value** - Enter the value in the taint key-value pair.
    - **Effect** - Choose from among the following **Effect** options: **NoSchedule**, **PreferNoSchedule**, and **NoExecute**.

    - **NoSchedule** - Pods are not scheduled onto nodes with this taint.
    - **PreferNoSchedule** - Kubernetes attempts to avoid scheduling pods onto nodes with this taint, but scheduling is not prohibited.
    - **NoExecute** - New pods that do not tolerate the taint will not be scheduled on the node, and existing pods on the node, if any, will be evicted if they do not tolerate the taint.

    Review our [Node Pool](../../cluster-management/node-pool.md) and [Taints and Tolerations](../../cluster-management/taints.md) guides to learn more. | #### Cloud Configuration Settings @@ -325,18 +327,19 @@ Take the following steps to deploy an Azure cluster. ::: - | **Parameter** | **Description** | - | ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | **Node pool name** | Enter a descriptive name for the worker node pool. | - | **Enable Autoscaler** | Scale the worker pool horizontally based on its per-node workload counts. Enabling this option displays the fields **Minimum size** and **Maximum size**.

    - **Minimum size** - Specify the lower bound of nodes in the pool.
    - **Maximum size** - Specify the upper bound of nodes in the pool.

    Setting the **Minimum size** and **Maximum size** to the same value results in a static node count. Refer to the Cluster API [autoscaler documentation](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md) for more information on autoscaling. | - | **Node repave interval (Optional)** | (Optional) Specify the preferred time interval for Palette to perform a rolling upgrade on nodes when it detects a change in the kubeadm configuration file. | - | **Number of nodes in the pool** | Specify the number of nodes in the worker pool. This field is hidden if **Enable Autoscaler** is toggled on. | - | **Rolling update** | Control the sequence of operations during a node pool update.

    Select **Expand First**, **Contract First**, or **Custom** to determine the order in which nodes are added to or removed from the worker node pool.
    - **Expand First** - Adds new nodes before removing old nodes.
    - **Contract First** - Removes old nodes before adding new nodes.
    - **Custom** - Set either an explicit numerical value or a percentage for [**Max Surge**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-surge) and [**Max Unavailable**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-unavailable). **Max Surge** and **Max Unavailable** cannot both be set to `0`. | - | **Additional Labels (Optional)** | (Optional) Add optional [node labels](../../cluster-management/node-labels.md) to nodes using key-value format. Example: `environment:production`. | - | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each worker node. | - | **Override Kubeadm Configuration** | _Only applicable to worker node pools._ Adjust kubelet arguments for [kubeadm](https://kubernetes.io/docs/reference/setup-tools/kubeadm/) or pre-kubeadm commands to meet specific operational or environment requirements for your worker nodes. This option is disabled by default. When enabled, the **Configure Kubeadm** button appears. | - | **Configure Kubeadm** | _Only applicable to worker node pools._ Available only when **Override Kubeadm Configuration** is enabled. Select this option to override `kubeadmconfig.kubeletExtraArgs` and `kubeadmconfig.preKubeadmConfig` commands configured in the Kubernetes layer of your cluster profile. Any changes made post-cluster deployment will trigger a cluster repave. | - | **Taints (Optional)** | (Optional) Apply optional taint labels to a node pool during cluster creation or edit taint labels on an existing cluster. Select **Add New Taint** to create a taint label, and complete the following fields:

    - **Key** - Enter the key in the taint key-value pair.
    - **Value** - Enter the value in the taint key-value pair.
    - **Effect** - Choose from among the following **Effect** options: **NoSchedule**, **PreferNoSchedule**, and **NoExecute**.

    - **NoSchedule** - Pods are not scheduled onto nodes with this taint.
    - **PreferNoSchedule** - Kubernetes attempts to avoid scheduling pods onto nodes with this taint, but scheduling is not prohibited.
    - **NoExecute** - New pods that do not tolerate the taint will not be scheduled on the node, and existing pods on the node, if any, will be evicted if they do not tolerate the taint.

    Review our [Node Pool](../../cluster-management/node-pool.md) and [Taints and Tolerations](../../cluster-management/taints.md) guides to learn more. | + | **Parameter** | **Description** | + | ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | **Node pool name** | Enter a descriptive name for the worker node pool. | + | **Enable Autoscaler** | Scale the worker pool horizontally based on its per-node workload counts. Enabling this option displays the fields **Minimum size** and **Maximum size**.

    - **Minimum size** - Specify the lower bound of nodes in the pool.
    - **Maximum size** - Specify the upper bound of nodes in the pool.

    Setting the **Minimum size** and **Maximum size** to the same value results in a static node count. Refer to the Cluster API [autoscaler documentation](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md) for more information on autoscaling. | + | **Node repave interval (Optional)** | (Optional) Specify the preferred time interval for Palette to perform a rolling upgrade on nodes when it detects a change in the kubeadm configuration file. | + | **Number of nodes in the pool** | Specify the number of nodes in the worker pool. This field is hidden if **Enable Autoscaler** is toggled on. | + | **Rolling update** | Control the sequence of operations during a node pool update.

    Select **Expand First**, **Contract First**, or **Custom** to determine the order in which nodes are added to or removed from the worker node pool.
    - **Expand First** - Adds new nodes before removing old nodes.
    - **Contract First** - Removes old nodes before adding new nodes.
    - **Custom** - Set either an explicit numerical value or a percentage for [**Max Surge**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-surge) and [**Max Unavailable**](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-unavailable). **Max Surge** and **Max Unavailable** cannot both be set to `0`. | + | **Additional Labels (Optional)** | (Optional) Add optional [node labels](../../cluster-management/node-labels.md) to nodes using key-value format. Example: `environment:production`. | + | **Additional Annotations (Optional)** | Additional Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to assign to each worker node. | + | **Override Cluster API node pool configuration (Optional)** | Enable if you want to provide custom Cluster API manifests in YAML format. This is an advanced option that allows you to customize the underlying CAPI objects used to provision and manage your node pool. When enabled, the **Update Cluster API node pool configuration** option becomes available. Click this button to view the YAML code editor drawer, where you can provide your override configuration. Review the [Override CAPI Properties](../../../architecture/override-capi-properties/override-capi-properties.md) documentation to learn more about this feature. | + | **Override Kubeadm Configuration** | _Only applicable to worker node pools._ Adjust kubelet arguments for [kubeadm](https://kubernetes.io/docs/reference/setup-tools/kubeadm/) or pre-kubeadm commands to meet specific operational or environment requirements for your worker nodes. This option is disabled by default. When enabled, the **Configure Kubeadm** button appears. | + | **Configure Kubeadm** | _Only applicable to worker node pools._ Available only when **Override Kubeadm Configuration** is enabled. Select this option to override `kubeadmconfig.kubeletExtraArgs` and `kubeadmconfig.preKubeadmConfig` commands configured in the Kubernetes layer of your cluster profile. Any changes made post-cluster deployment will trigger a cluster repave. | + | **Taints (Optional)** | (Optional) Apply optional taint labels to a node pool during cluster creation or edit taint labels on an existing cluster. Select **Add New Taint** to create a taint label, and complete the following fields:

    - **Key** - Enter the key in the taint key-value pair.
    - **Value** - Enter the value in the taint key-value pair.
    - **Effect** - Choose from among the following **Effect** options: **NoSchedule**, **PreferNoSchedule**, and **NoExecute**.

    - **NoSchedule** - Pods are not scheduled onto nodes with this taint.
    - **PreferNoSchedule** - Kubernetes attempts to avoid scheduling pods onto nodes with this taint, but scheduling is not prohibited.
    - **NoExecute** - New pods that do not tolerate the taint will not be scheduled on the node, and existing pods on the node, if any, will be evicted if they do not tolerate the taint.

    Review our [Node Pool](../../cluster-management/node-pool.md) and [Taints and Tolerations](../../cluster-management/taints.md) guides to learn more. | #### Cloud Configuration Settings diff --git a/docs/docs-content/downloads/cli-tools.md b/docs/docs-content/downloads/cli-tools.md index 5277def559d..781be41261f 100644 --- a/docs/docs-content/downloads/cli-tools.md +++ b/docs/docs-content/downloads/cli-tools.md @@ -27,6 +27,7 @@ The Palette CLI is supported on Linux operating systems running on AMD64 (x86_64 | Palette Release | Recommended CLI Version | Download URL | Checksum (SHA256) | | -------------------------------------------------- | -------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------------------------ | +| 4.9.22 | 4.9.8 | https://software.spectrocloud.com/palette-cli/v4.9.8/linux/cli/palette | `cdaf494b40791b9b9d04228ad8981387c350e246d1cd77a4f3b1c84d78ba6c10` | | 4.9.14 | 4.9.5 | https://software.spectrocloud.com/palette-cli/v4.9.5/linux/cli/palette | `41427f5d4d58f85933f7cce8ab6b38c9899ec83b74285c15338c2dc0ec55e44a` | | 4.9.5 | 4.9.2 | https://software.spectrocloud.com/palette-cli/v4.9.2/linux/cli/palette | `5d1e004aa4b124029fedcc3eebe442af20a8a447cd95a4aad9e7357d0b28e516` | | 4.8.47 | 4.8.10 | https://software.spectrocloud.com/palette-cli/v4.8.10/linux/cli/palette | `06e3d139fcfec018830ab2a9e03ee0c760dfc8cd8b0283eca93a43c86ae68b24` | diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/airgap-install/install.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/airgap-install/install.md index c48f16a2fba..1e93685896a 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/airgap-install/install.md +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/airgap-install/install.md @@ -9,887 +9,121 @@ tags: ["self-hosted", "enterprise", "airgap"] keywords: ["self-hosted", "enterprise"] --- -You can use the Palette Helm Chart to install Palette in a multi-node Kubernetes cluster in your airgap production +You can use the Palette Helm chart to install Palette in a multi-node Kubernetes cluster in your airgap production environment. This installation method is common in secure environments with restricted network access that prohibits using Palette SaaS. Review our [architecture diagrams](../../../../architecture/networking-ports.md) to ensure your Kubernetes cluster has the necessary network connectivity for self-hosted Palette to operate successfully. -:::warning - -Complete the [Environment Setup](./kubernetes-airgap-instructions.md) steps before proceeding with the installation. - -::: - ## Prerequisites -- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available. - -- [Helm](https://helm.sh/docs/intro/install/) is installed and available. - -- Access to the target Kubernetes cluster's kubeconfig file. You must be able to interact with the cluster using - `kubectl` commands and have sufficient permissions to install Palette. We recommend using a role with `cluster-admin` - permissions to install Palette. - -- Ensure `unzip` or a similar extraction utility is installed on your system. - -- The Kubernetes cluster must be set up on a supported version of Kubernetes. Refer to the - [Kubernetes Requirements](../../install-palette.md#kubernetes-requirements) section to find the version required for - your Palette installation. - -- Ensure the Kubernetes cluster does not have Cert Manager installed. Palette requires a unique Cert Manager - configuration to be installed as part of the installation process. If Cert Manager is already installed, you must - uninstall it before installing Palette. - -- Palette requires a Container Storage Interface (CSI) to create Persistent Volumes, which are used to store persistent - data. You may install any CSI that is compatible with your Kubernetes cluster. - -- If you are using a _self-hosted MongoDB_ instance, such as MongoDB Atlas, ensure the MongoDB database has a user named - `hubble` with the permission `readWriteAnyDatabase`. Refer to the - [Add a Database User](https://www.mongodb.com/docs/guides/atlas/db-user/) guide for guidance on how to create a - database user in Atlas. - -- We recommended the following resources for Palette. Refer to the - [Palette size guidelines](../../install-palette.md#size-guidelines) for additional sizing information. - - - 8 CPUs per node. - - - 16 GB Memory per node. - - - 110 GB Disk Space per node. - - - A minimum of three worker nodes or three untainted control plane nodes. - - - AMD64 (also known as x86_64) architecture. ARM-based nodes are not supported. - -- The following network ports must be accessible for Palette to operate successfully. - - - TCP/443: Inbound and outbound to and from the Palette management cluster. - - - TCP/6443: Outbound traffic from the Palette management cluster to the deployed clusters' Kubernetes API server. - -- Ensure you have an SSL certificate that matches the domain name you will assign to Palette. You will need this to - enable HTTPS encryption for Palette. Reach out to your network administrator or security team to obtain the SSL - certificate. You need the following files: - - - x509 SSL certificate file in the base64 format. - - - x509 SSL certificate key file in the base64 format. - - - x509 SSL certificate authority file in the base64 format. - -- A [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) to manage persistent storage, with the - annotation `storageclass.kubernetes.io/is-default-class` set to `true`. To override the default StorageClass for a - workload, modify the `storageClass` parameter. Check out the - [Change the default StorageClass](https://kubernetes.io/docs/tasks/administer-cluster/change-default-storage-class/) - page to learn more about modifying StorageClasses. - -- Palette uses Traefik as the ingress controller. If you already have an ingress controller deployed in the cluster, set - the `ingress.enabled` parameter to `false` in the `values.yaml` file. - -- A custom domain and the ability to update Domain Name System (DNS) records. You will need this to enable HTTPS - encryption for Palette. - -- If you are installing Palette behind a network proxy server, ensure you have the Certificate Authority (CA) - certificate file in the base64 format. You will need this to enable Palette to communicate with the network proxy - server. - -- Access to the Palette Helm Charts. Refer to the [Access Palette](../../../enterprise-version.md#access-palette) for - instructions on how to request access to the Helm Chart. - :::warning -Do not use a Palette-managed Kubernetes cluster when installing Palette. Palette-managed clusters contain the Palette -agent and Palette-created Kubernetes resources that will interfere with the installation. - -::: - -## Install Palette - -The following instructions are agnostic to the Kubernetes distribution you are using. Depending on the underlying -infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match your -environment. Reach out to our support team if you need assistance. - -1. Open a terminal session and navigate to the directory where you downloaded the Palette installation zip file - provided by our support. Unzip the file to a directory named **palette-install**. - - ```shell - unzip release-*.zip -d palette-install - ``` - -2. Navigate to the release folder inside the **palette-install** directory. - - ```shell - cd palette-install/charts/release-* - ``` - -3. Open the file **extras/cert-manager/values.yaml** in a text editor and append the URL to your OCI registry, which - also includes the namespace or project that is hosting the Spectro Cloud images. The URL should be in the format - `/`. In the example configuration below, the value `my-oci-registry.com/spectro-images` is - prefixed to each URL. Save the file after you have appended the URL. - - ```yaml hideClipboard - image: - cainjectorImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.17.0-spectro-4.6.1" - controllerImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.17.0-spectro-4.6.1" - webhookImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.17.0-spectro-4.6.1" - amceResolverImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.17.0-spectro-4.6.1" - ``` - -4. Install Cert Manager using the following command. Replace the actual file name of the Cert Manager Helm Chart with - the one you downloaded, as the version number may be different. - - ```shell - helm upgrade --values extras/cert-manager/values.yaml \ - cert-manager extras/cert-manager/cert-manager-*.tgz --install - ``` - - ```shell hideClipboard - Release "cert-manager" does not exist. Installing it now. - NAME: cert-manager - LAST DEPLOYED: Mon Jan 29 16:32:33 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -5. Open the file **extras/image-swap/values.yaml** in a text editor and append the URL to your OCI registry that also - includes the namespace or project that is hosting the Spectro Cloud images. - - ```yaml hideClipboard - config: - imageSwapImages: - imageSwapInitImage: "my-oci-registry.com/spectro-images/gcr.io/spectro-images-public/release/thewebroot/imageswap-init:v1.5.3-spectro-4.5.1" - imageSwapImage: "my-oci-registry.com/spectro-images/gcr.io/spectro-images-public/release/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - ``` - -6. Update the `ociImageRegistry` section with the proper configuration values to your OCI registry. The - `ociImageRegistry` section should look similar to the following example. - - :::info - - Include `/v2` in your endpoints if you are using a - [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. - Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other - registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. Including `/v2` - for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: - `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. - - ::: - - ```yaml hideClipboard - ociImageRegistry: - endpoint: "my-oci-registry.com" - name: "Airgap Images OCI" - password: "" - username: "" - baseContentPath: "spectro-images" - insecureSkipVerify: true - caCert: "" - mirrorRegistries: "docker.io::my-oci-registry.com/spectro-images/docker.io,gcr.io::my-oci-registry.com/spectro-images/gcr.io,ghcr.io::my-oci-registry.com/spectro-images/ghcr.io,k8s.gcr.io::my-oci-registry.com/spectro-images/k8s.gcr.io,registry.k8s.io::my-oci-registry.com/spectro-images/registry.k8s.io,quay.io::my-oci-registry.com/spectro-images/quay.io,us-docker.pkg.dev::my-oci-registry.com/spectro-images/us-docker.pkg.dev" - ``` - -7. Go ahead and install the image-swap chart using the following command. Point to the **values.yaml** file you - configured in steps five through six. - - ```shell - helm upgrade --values extras/image-swap/values.yaml \ - image-swap extras/image-swap/image-swap-*.tgz --install - ``` - - ```shell hideClipboard - Release "image-swap" does not exist. Installing it now. - NAME: image-swap - LAST DEPLOYED: Mon Jan 29 17:04:23 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - - :::tip - - If you need to override the image-swap registry configuration post-deployment, refer to the - [Override Registry Configuration](../../../system-management/registry-override.md) page for instructions. - - ::: - -8. Install the Spectro Management CRDs chart. This chart contains Custom Resource Definitions (CRDs) required by - Palette, including Traefik CRDs, and must be installed before the main Palette Helm chart. - - ```shell - helm upgrade --install spectro-mgmt-crds extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz - ``` - - ```shell hideClipboard title="Example output" - Release "spectro-mgmt-crds" does not exist. Installing it now. - NAME: spectro-mgmt-crds - LAST DEPLOYED: Mon Jan 29 16:35:00 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -9. Open the **values.yaml** file in the **spectro-mgmt-plane** folder with a text editor of your choice. The - **values.yaml** file contains the default values for the Palette installation parameters. However, you must populate - the following parameters before installing Palette. You can learn more about the parameters on the **values.yaml** - file on the [Helm Configuration Reference](../palette-helm-ref.md) page. - - Ensure you provide the proper `ociImageRegistry.mirrorRegistries` values if you are using a self-hosted OCI - registry. You can find the placeholder string in the `ociImageRegistry` section of the **values.yaml** file. - - | **Parameter** | **Description** | **Type** | - | ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | - | `env.rootDomain` | The URL name or IP address you will use for the Palette installation. | string | - | `config.installationMode` | The installation mode for Palette. The values can be `connected` or `airgap`. Set this value to `airgap`. | string | - | `ociPackEcrRegistry` | The OCI registry credentials for the Palette FIPS packs repository. | object | - | `ociImageRegistry` | The OCI registry credentials for the Palette images repository. | object | - | `ociImageRegistry.mirrorRegistries` | A comma-separated list of mirror registries in [image swap format](https://github.com/phenixblue/imageswap-webhook/blob/master/docs/configuration.md) to use for pulling images. For example: `docker.io::harbor.example.org/airgap-images/docker.io,gcr.io::harbor.example.org/airgap-images/gcr.io`.

    **NOTE:** Include `/v2` in your endpoints if you are using a [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. Including `/v2` for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. | string | - | `imageSwapImages` | The image swap configuration for Palette. If you are using an OCI registry, such as Harbor, replace the prefix URLs with your OCI registry URL that includes the image namespace or project: `/`. | object | - | `imageSwapConfig.isEKSCluster` | If you are NOT installing Palette on an EKS cluster, set this value to `false`. | boolean | - | `ingress.enabled` | Whether to install the Traefik ingress controller. Set to `false` if you already have an ingress controller deployed in the cluster. | boolean | - | `reach-system` | Set `reach-system.enabled` to `true` and configure the `reach-system.proxySettings` parameters for Palette to use a network proxy in your environment. | object | - - :::info - - If you are installing Palette by pulling required images from a private mirror registry, you will need to provide - the credentials to your registry in the **values.yaml** file. For more information, refer to - [Helm Configuration Reference](../palette-helm-ref.md#image-pull-secret). - - ::: - - Save the **values.yaml** file after you have populated the required parameters mentioned in the table. Select one of - the following tabs to review an example of the **values.yaml** file with the required parameters highlighted. - - - - - - - ```yaml {30,60,75-82,94-102,118-120} - ######################### - # Spectro Cloud Palette # - ######################### - - global: - imagePullSecret: - create: false - # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication - dockerConfigJson: "" - - # MongoDB Configuration - mongo: - # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas - internal: true - - # Mongodb URL. Only change if using Mongo Atlas. - databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo" - # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. - databasePassword: "" - - #No. of mongo replicas to run, default is 3 - replicas: 3 - # The following only apply if mongo.internal == true - cpuLimit: "2000m" - memoryLimit: "4Gi" - pvcSize: "20Gi" - storageClass: "" # leave empty to use the default storage class - - config: - installationMode: "airgap" #values can be connected or airgap. - - # SSO SAML Configuration (Optional for self-hosted type) - sso: - saml: - enabled: false - acsUrlRoot: "myfirstpalette.spectrocloud.com" - acsUrlScheme: "https" - audienceUrl: "https://www.spectrocloud.com" - entityId: "https://www.spectrocloud.com" - apiVersion: "v1" - - # Email Configurations. (Optional for self-hosted type) - email: - enabled: false - emailId: "noreply@spectrocloud.com" - smtpServer: "smtp.gmail.com" - smtpPort: 587 - insecureSkipVerifyTls: true - fromEmailId: "noreply@spectrocloud.com" - password: "" # base64 encoded SMTP password - - env: - # rootDomain is a DNS record which will be mapped to the traefik-ingress-controller load balancer - # E.g., myfirstpalette.spectrocloud.com - # - Mandatory if ingress.internal == false - # - Optional if ingress.internal == true (leave empty) - # - # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes - # E.g., *.myfirstpalette.spectrocloud.com - rootDomain: "palette.example.com" - - # stableEndpointAccess is used when deploying EKS clusters in Private network type. - # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true - cluster: - stableEndpointAccess: false - - # registry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # insecureSkipVerify: false - # caCert: "" - - ociPackRegistry: - endpoint: "my-oci-registry.com" # - name: "Airgap Packs OCI" # - password: "" # - username: "" # - baseContentPath: "spectro-packs" # - insecureSkipVerify: false - caCert: "" - - # ociPackEcrRegistry: - # endpoint: "" # - # name: "" # - # accessKey: "" # - # secretKey: "" # - # baseContentPath: "" # - # isPrivate: true - # insecureSkipVerify: false - # caCert: "" - - ociImageRegistry: - endpoint: "my-oci-registry.com" # - name: "Airgap Images OCI" # - password: "" # - username: "" # - baseContentPath: "spectro-images" # - insecureSkipVerify: true - caCert: "" - mirrorRegistries: "docker.io::my-oci-registry.com/spectro-images/docker.io,gcr.io::my-oci-registry.com/spectro-images/gcr.io,ghcr.io::my-oci-registry.com/spectro-images/ghcr.io,k8s.gcr.io::my-oci-registry.com/spectro-images/k8s.gcr.io,registry.k8s.io::my-oci-registry.com/spectro-images/registry.k8s.io,quay.io::my-oci-registry.com/spectro-images/quay.io,us-docker.pkg.dev::my-oci-registry.com/spectro-images/us-docker.pkg.dev" # See instructions below. +- Complete the [Environment Setup](./kubernetes-airgap-instructions.md) steps before proceeding with the installation. - # Instruction for mirrorRegistries. - # ---------------------------------- - # Please provide the registry endpoint for the following registries, separated by double colons (::): - # docker.io - # gcr.io - # ghcr.io - # k8s.gcr.io - # registry.k8s.io - # quay.io - # For each registry, follow this example format: - # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ - # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. +- Do not use a Palette-managed Kubernetes cluster when installing Palette. Palette-managed clusters contain the Palette + agent and Palette-created Kubernetes resources that will interfere with the installation of Palette. +::: - imageSwapImages: - imageSwapInitImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - imageSwapImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - - imageSwapConfig: - isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false - - grpc: - external: false - endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. - grpcStaticIP: "" - caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert - serverCrtBase64: "" - serverKeyBase64: "" - insecureSkipVerify: false - - ingress: - # When enabled, the Traefik ingress controller is installed. - enabled: true - - ingress: - # Default SSL certificate and key for the ingress controller (Optional) - # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com - # If left blank, a self-signed cert is generated. - certificate: "" - key: "" - - #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. - ingressStaticIP: "" - - # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. - terminateHTTPSAtLoadBalancer: false - - frps: - frps: - enabled: false - frpHostURL: proxy.sample.spectrocloud.com - server: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - ca: - crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - service: - annotations: {} - - ui-system: - enabled: true - ui: - nocUI: - enable: true - mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette - mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID - - reachSystem: - enabled: false - proxySettings: - http_proxy: "" - https_proxy: "" - no_proxy: "" - ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. - scheduleOnControlPlane: true - ``` - - - - - - ```yaml {30,60,84-92,94-102,117-119} - ######################### - # Spectro Cloud Palette # - ######################### - - global: - imagePullSecret: - create: false - # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication - dockerConfigJson: "" - - # MongoDB Configuration - mongo: - # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas - internal: true - - # Mongodb URL. Only change if using Mongo Atlas. - databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo" - # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. - databasePassword: "" - - #No. of mongo replicas to run, default is 3 - replicas: 3 - # The following only apply if mongo.internal == true - cpuLimit: "2000m" - memoryLimit: "4Gi" - pvcSize: "20Gi" - storageClass: "" # leave empty to use the default storage class - - config: - installationMode: "airgap" #values can be connected or airgap. - - # SSO SAML Configuration (Optional for self-hosted type) - sso: - saml: - enabled: false - acsUrlRoot: "myfirstpalette.spectrocloud.com" - acsUrlScheme: "https" - audienceUrl: "https://www.spectrocloud.com" - entityId: "https://www.spectrocloud.com" - apiVersion: "v1" - - # Email Configurations. (Optional for self-hosted type) - email: - enabled: false - emailId: "noreply@spectrocloud.com" - smtpServer: "smtp.gmail.com" - smtpPort: 587 - insecureSkipVerifyTls: true - fromEmailId: "noreply@spectrocloud.com" - password: "" # base64 encoded SMTP password - - env: - # rootDomain is a DNS record which will be mapped to the traefik-ingress-controller load balancer - # E.g., myfirstpalette.spectrocloud.com - # - Mandatory if ingress.internal == false - # - Optional if ingress.internal == true (leave empty) - # - # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes - # E.g., *.myfirstpalette.spectrocloud.com - rootDomain: "palette.example.com" - - # stableEndpointAccess is used when deploying EKS clusters in Private network type. - # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true - cluster: - stableEndpointAccess: false - - # registry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # insecureSkipVerify: false - # caCert: "" - - # ociPackRegistry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # baseContentPath: "" # - # insecureSkipVerify: false - # caCert: "" - - ociPackEcrRegistry: - endpoint: "123456789.dkr.ecr.us-east-1.amazonaws.com" # - name: "Airgap Packs OCI" # - accessKey: "**************" # - secretKey: "**************" # - baseContentPath: "spectro-packs" # - isPrivate: true - insecureSkipVerify: true - caCert: "" - - ociImageRegistry: - endpoint: "public.ecr.aws/123456789" # - name: "Airgap Images OCI" # - password: "" # - username: "" # - baseContentPath: "spectro-images" # - insecureSkipVerify: false - caCert: "" - mirrorRegistries: "docker.io::public.ecr.aws/123456789/spectro-images/docker.io,gcr.io::public.ecr.aws/123456789/spectro-images/gcr.io,ghcr.io::public.ecr.aws/123456789/spectro-images/ghcr.io,k8s.gcr.io::public.ecr.aws/123456789/spectro-images/k8s.gcr.io,registry.k8s.io::public.ecr.aws/123456789/spectro-images/registry.k8s.io,quay.io::public.ecr.aws/123456789/spectro-images/quay.io,us-docker.pkg.dev::public.ecr.aws/123456789/spectro-images/us-docker.pkg.dev" # See instructions below. - - # Instruction for mirrorRegistries. - # ---------------------------------- - # Please provide the registry endpoint for the following registries, separated by double colons (::): - # docker.io - # gcr.io - # ghcr.io - # k8s.gcr.io - # registry.k8s.io - # quay.io - # For each registry, follow this example format: - # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ - # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. - - imageSwapImages: - imageSwapInitImage: "public.ecr.aws/123456789/us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - imageSwapImage: "public.ecr.aws/123456789/us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - - imageSwapConfig: - isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false - - grpc: - external: false - endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. - grpcStaticIP: "" - caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert - serverCrtBase64: "" - serverKeyBase64: "" - insecureSkipVerify: false - - ingress: - # When enabled, the Traefik ingress controller is installed. - enabled: true - - ingress: - # Default SSL certificate and key for the ingress controller (Optional) - # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com - # If left blank, a self-signed cert is generated. - certificate: "" - key: "" - - #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. - ingressStaticIP: "" - - # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. - terminateHTTPSAtLoadBalancer: false - - frps: - frps: - enabled: false - frpHostURL: proxy.sample.spectrocloud.com - server: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - ca: - crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - service: - annotations: {} - - ui-system: - enabled: true - ui: - nocUI: - enable: true - mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette - mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID - - reachSystem: - enabled: false - proxySettings: - http_proxy: "" - https_proxy: "" - no_proxy: "" - ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. - scheduleOnControlPlane: true - ``` - - - - - - :::warning - - Ensure you have configured the `values.yaml` file with the required parameters before proceeding to the next steps. - For the parameter `ociImageRegistry.mirrorRegistries`, include `/v2` in your endpoints if you are using a - [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. - Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other - registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. Including `/v2` - for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: - `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. - - ::: - -10. This step is only required if you are installing Palette in an environment where a network proxy must be configured - for Palette to access the internet. If you are not using a network proxy, skip to the next step. - - Install the reach-system chart using the following command. Point to the **values.yaml** file you configured in - step 9. - - ```shell - helm upgrade --values palette/values.yaml \ - reach-system extras/reach-system/reach-system-*.tgz --install - ``` - - ```shell hideClipboard - Release "reach-system" does not exist. Installing it now. - NAME: reach-system - LAST DEPLOYED: Mon Jan 29 17:04:23 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - - -
    - How to update containerd to use proxy configurations - - If your Kubernetes cluster is behind a network proxy, ensure the containerd service is configured to use proxy - settings. You can do this by updating the containerd configuration file on each node in the cluster. The - configuration file is typically located at ` /etc/systemd/system/containerd.service.d/http-proxy.conf`. Below is an - example of the configuration file. Replace the values with your proxy settings. Ask your network administrator for - guidance. - - ``` - [Service] - Environment="HTTP_PROXY=http://example.com:9090" - Environment="HTTPS_PROXY=http://example.com:9090" - Environment="NO_PROXY=127.0.0.1,localhost,100.64.0.0/17,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,,.cluster.local" - ``` - -
    - -11. Install the Palette Helm Chart using the following command. - - ```shell - helm upgrade --values palette/values.yaml \ - hubble palette/spectro-mgmt-plane-*.tgz --install - ``` - - ```shell hideClipboard - Release "hubble" does not exist. Installing it now. - NAME: hubble - LAST DEPLOYED: Mon Jan 29 17:07:51 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -12. Track the installation process using the command below. Palette is ready when the deployments in the namespaces - `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` reach the _Ready_ state. The - installation takes two to three minutes to complete. - - - - ```shell - kubectl get pods --all-namespaces --watch - ``` - - :::tip - - For a more user-friendly experience, use the open source tool [k9s](https://k9scli.io/) to monitor the installation - process. - - ::: - -13. Create a DNS CNAME record that is mapped to the Palette `traefik-ingress-controller` load balancer. You can use the - following command to retrieve the load balancer IP address. You may require the assistance of your network - administrator to create the DNS record. - - ```shell - kubectl get service traefik-ingress-controller --namespace ingress-traefik \ - --output jsonpath='{.status.loadBalancer.ingress[0].hostname}' - ``` - - :::warning - - If Palette has only one tenant and you use local accounts with Single Sign-On (SSO) disabled, you can access Palette - using the IP address or any domain name that resolves to that IP. However, once you enable SSO, users must log in - using the tenant-specific subdomain. For example, if you create a tenant named `tenant1` and the domain name you - assigned to Palette is `palette.example.com`, the tenant URL will be `tenant1.palette.example.com`. We recommend you - create an additional wildcard DNS record to map all tenant URLs to the Palette load balancer. For example, - `*.palette.example.com`. - - ::: - -14. Use the custom domain name or the IP address of the load balancer to visit the Palette system console. To access the - system console, open a web browser, paste the custom domain URL in the address bar, and append the value `/system`. - - The first time you visit the Palette system console, a warning message about a not-trusted SSL certificate may - appear. This is expected, as you have not yet uploaded your SSL certificate to Palette. You can ignore this warning - message and proceed. - - ![Screenshot of the Palette system console showing Username and Password fields.](/palette_installation_install-on-vmware_palette-system-console.webp) - -15. Log in to the system console using the following default credentials. Refer to the - [password requirements](../../../system-management/account-management/credentials.md#password-requirements-and-security) - documentation page to learn more about password requirements. +### Kubernetes Cluster - | **Parameter** | **Value** | - | ------------- | --------- | - | Username | `admin` | - | Password | `admin` | + - After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be - redirected to the Palette system console. Use the username `admin` and your new password to log in to the system - console. You can create additional system administrator accounts and assign roles to users in the system console. - Refer to the [Account Management](../../../system-management/account-management/account-management.md) documentation - page for more information. +### Local Environment -16. After login, a summary page is displayed. Palette is installed with a self-signed SSL certificate. To assign a - different SSL certificate, you must upload the SSL certificate, SSL certificate key, and SSL certificate authority - files to Palette. You can upload the files using the Palette system console. Refer to the - [Configure HTTPS Encryption](../../../system-management/ssl-certificate-management.md) page for instructions on how - to upload the SSL certificate files to Palette. + - :::warning +### Other Prerequisites - If you plan to deploy host clusters into different networks, you may require a reverse proxy. Check out the - [Configure Reverse Proxy](../../../system-management/reverse-proxy.md) guide for instructions on how to configure a - reverse proxy for Palette. + - ::: +## Install Palette -You now have a self-hosted instance of Palette installed in a Kubernetes cluster. Make sure you retain the -**values.yaml** file, as you may need it for future upgrades. + + +### Cert-Manager Helm Chart + +3. + +### Spectro Management CRDs Helm Chart + +7. + +### Palette Helm Chart + +8. + +### Image Swap Helm Chart + +11. + +### Reach System Helm Chart + +12. + +### Installation + +13. ## Validate -Use the following steps to validate the Palette installation. - -1. Open up a web browser and navigate to the Palette system console. To access the system console, open a web browser, - paste the `env.rootDomain` value you provided in the address bar, and append the value `/system` in the following - format: `/system`. You can also use the IP address of the load balancer. - -2. Log in using the credentials you received from our support team. After login, you will be prompted to create a new - password. Enter a new password and save your changes. You will be redirected to the Palette system console. - -3. Open a terminal session and issue the following command to verify the Palette installation. The command should return - a list of deployments in the `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` - namespaces. - - ```shell - kubectl get pods --all-namespaces --output custom-columns="NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.phase" \ - | grep --extended-regexp '^(cp-system|hubble-system|ingress-traefik|jet-system|ui-system)\s' - ``` - - Your output should look similar to the following. - - ```shell hideClipboard - cp-system spectro-cp-ui-689984f88d-54wsw Running - hubble-system auth-85b748cbf4-6drkn Running - hubble-system auth-85b748cbf4-dwhw2 Running - hubble-system cloud-fb74b8558-lqjq5 Running - hubble-system cloud-fb74b8558-zkfp5 Running - hubble-system configserver-685fcc5b6d-t8f8h Running - hubble-system event-68568f54c7-jzx5t Running - hubble-system event-68568f54c7-w9rnh Running - hubble-system foreq-6b689f54fb-vxjts Running - hubble-system hashboard-897bc9884-pxpvn Running - hubble-system hashboard-897bc9884-rmn69 Running - hubble-system hutil-6d7c478c96-td8q4 Running - hubble-system hutil-6d7c478c96-zjhk4 Running - hubble-system mgmt-85dbf6bf9c-jbggc Running - hubble-system mongo-0 Running - hubble-system mongo-1 Running - hubble-system mongo-2 Running - hubble-system msgbroker-6c9b9fbf8b-mcsn5 Running - hubble-system oci-proxy-7789cf9bd8-qcjkl Running - hubble-system packsync-28205220-bmzcg Succeeded - hubble-system spectrocluster-6c57f5775d-dcm2q Running - hubble-system spectrocluster-6c57f5775d-gmdt2 Running - hubble-system spectrocluster-6c57f5775d-sxks5 Running - hubble-system system-686d77b947-8949z Running - hubble-system system-686d77b947-cgzx6 Running - hubble-system timeseries-7865bc9c56-5q87l Running - hubble-system timeseries-7865bc9c56-scncb Running - hubble-system timeseries-7865bc9c56-sxmgb Running - hubble-system user-5c9f6c6f4b-9dgqz Running - hubble-system user-5c9f6c6f4b-hxkj6 Running - ingress-traefik traefik-ingress-controller-9dmzq Running - ingress-traefik traefik-ingress-controller-tpwtf Running - ingress-traefik traefik-ingress-controller-xz4jf Running - jet-system jet-6599b9856d-t9mr4 Running - ui-system spectro-ui-76ffdf67fb-rkgx8 Running - ``` + ## Next Steps diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md index e350c7344e0..5e4c4dd095e 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md @@ -9,87 +9,10 @@ tags: ["self-hosted", "enterprise"] keywords: ["self-hosted", "enterprise"] --- -You can use the Palette Helm Chart to install Palette in a multi-node Kubernetes cluster in your production environment. +You can use the Palette Helm chart to install Palette in a multi-node Kubernetes cluster in your production environment. ## Prerequisites -- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available. - -- [Helm](https://helm.sh/docs/intro/install/) is installed and available. - -- Access to the target Kubernetes cluster's kubeconfig file. You must be able to interact with the cluster using - `kubectl` commands and have sufficient permissions to install Palette. We recommend using a role with cluster-admin - permissions to install Palette. - -- Ensure `unzip` or a similar extraction utility is installed on your system. - -- The Kubernetes cluster must be set up on a supported version of Kubernetes. Refer to the - [Kubernetes Requirements](../install-palette.md#kubernetes-requirements) section to find the version required for your - Palette installation. - -- Ensure the Kubernetes cluster does not have Cert Manager installed. Palette requires a unique Cert Manager - configuration to be installed as part of the installation process. If Cert Manager is already installed, you must - uninstall it before installing Palette. - -- Palette requires a Container Storage Interface (CSI) to create Persistent Volumes, which are used to store persistent - data. You may install any CSI that is compatible with your Kubernetes cluster. - -- If you are using a _self-hosted MongoDB_ instance, such as MongoDB Atlas, ensure the MongoDB database has a user named - `hubble` with the permission `readWriteAnyDatabase`. Refer to the - [Add a Database User](https://www.mongodb.com/docs/guides/atlas/db-user/) guide for guidance on how to create a - database user in Atlas. - -- We recommended the following resources for Palette. Refer to the - [Palette size guidelines](../install-palette.md#size-guidelines) for additional sizing information. - - - 8 CPUs per node. - - - 16 GB Memory per node. - - - 110 GB Disk Space per node. - - - A minimum of three worker nodes or three untainted control plane nodes. - - - AMD64 (also known as x86_64) architecture. ARM-based nodes are not supported. - -- The following network ports must be accessible for Palette to operate successfully. - - - TCP/443: Inbound and outbound to and from the Palette management cluster. - - - TCP/6443: Outbound traffic from the Palette management cluster to the deployed clusters' Kubernetes API server. - -- Ensure you have an SSL certificate that matches the domain name you will assign to Palette. You will need this to - enable HTTPS encryption for Palette. Reach out to your network administrator or security team to obtain the SSL - certificate. You need the following files: - - - x509 SSL certificate file in base64 format. - - - x509 SSL certificate key file in base64 format. - - - x509 SSL certificate authority file in base64 format. - -- A [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) to manage persistent storage, with the - annotation `storageclass.kubernetes.io/is-default-class` set to `true`. To override the default StorageClass for a - workload, modify the `storageClass` parameter. Check out the - [Change the default StorageClass](https://kubernetes.io/docs/tasks/administer-cluster/change-default-storage-class/) - page to learn more about modifying StorageClasses. - -- Palette uses Traefik as the ingress controller. If you already have an ingress controller deployed in the cluster, set - the `ingress.enabled` parameter to `false` in the `values.yaml` file. - -- A custom domain and the ability to update Domain Name System (DNS) records. You will need this to enable HTTPS - encryption for Palette. - -- If you are installing Palette behind a network proxy server, ensure you have the Certificate Authority (CA) - certificate file in the base64 format. You will need this to enable Palette to communicate with the network proxy - server. - -- Ensure Palette has access to the required domains and ports. Refer to the - [Required Domains](../install-palette.md#proxy-requirements) section for more information. - -- Access to the Palette Helm Charts. Refer to the [Access Palette](../../enterprise-version.md#access-palette) for - instructions on how to request access to the Helm Chart - :::warning Do not use a Palette-managed Kubernetes cluster when installing Palette. Palette-managed clusters contain the Palette @@ -97,735 +20,109 @@ agent and Palette-created Kubernetes resources that will interfere with the inst ::: -## Install Palette - -The following instructions are written agnostic to the Kubernetes distribution you are using. Depending on the -underlying infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match -your environment. Reach out to our support team if you need assistance. - -1. Open a terminal session and navigate to the directory where you downloaded the Palette install zip file provided by - our support. Unzip the file to a directory named **palette-install**. - - ```shell - unzip charts.zip -d palette-install - ``` - -2. Navigate to the **palette-install** directory. - - ```shell - cd palette-install - ``` - -3. Install Cert Manager using the following command. Replace the actual file name of the Cert Manager Helm Chart with - the one you downloaded, as the version number may be different. - - ```shell - helm upgrade --values extras/cert-manager/values.yaml \ - cert-manager extras/cert-manager/cert-manager-*.tgz --install - ``` - - ```shell hideClipboard - Release "cert-manager" does not exist. Installing it now. - NAME: cert-manager - LAST DEPLOYED: Fri Jan 30 18:40:57 2026 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - DESCRIPTION: Install complete - TEST SUITE: None - ``` - -4. Install the Spectro Management CRDs chart. This chart contains Custom Resource Definitions (CRDs) required by - Palette, including Traefik CRDs, and must be installed _before_ the main Palette Helm chart. When the chart is - installed, the custom resource types are registered with the Kubernetes API server; no pods are deployed. - - ```shell - helm upgrade --install spectro-mgmt-crds extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz - ``` - - ```shell hideClipboard title="Example output" - Release "spectro-mgmt-crds" does not exist. Installing it now. - NAME: spectro-mgmt-crds - LAST DEPLOYED: Fri Jan 30 18:42:30 2026 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - DESCRIPTION: Install complete - TEST SUITE: None - ``` - -5. Open the **values.yaml** in the **palette/spectro-mgmt-plane** folder with a text editor of your choice. The - **values.yaml** contains the default values for the Palette installation parameters, however, you must populate the - following parameters before installing Palette. You can learn more about the parameters in the **values.yaml** file - in the [Helm Configuration Reference](palette-helm-ref.md) page. - - | **Parameter** | **Description** | **Type** | - | ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | - | `env.rootDomain` | The URL name or IP address you will use for the Palette installation. | string | - | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for Palette FIPS packs. These credentials are provided by our support team. | object | - | `ingress.enabled` | Whether to install the Traefik ingress controller. Set to `false` if you already have an ingress controller deployed in the cluster. | boolean | - | `reachSystem` | Set `reach-system.enabled` to `true` and configure the `reach-system.proxySettings` parameters to configure Palette to use a network proxy in your environment | object | - - :::info - - If you are installing Palette by pulling required images from a private mirror registry, you will need to provide - the credentials to your registry in the **values.yaml** file. For more information, refer to - [Helm Configuration Reference](palette-helm-ref.md#image-pull-secret). - - ::: - - Save the **values.yaml** file after you have populated the required parameters mentioned in the table. Expand the - following sections to review an example of the **values.yaml** file with the required parameters highlighted. - - - - - - - ```yaml {60,84-92} - ######################### - # Spectro Cloud Palette # - ######################### - - global: - imagePullSecret: - create: false - # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication - dockerConfigJson: "" - - # MongoDB Configuration - mongo: - # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas - internal: true - - # Mongodb URL. Only change if using Mongo Atlas. - databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo" - # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. - databasePassword: "" - - #No. of mongo replicas to run, default is 3 - replicas: 3 - # The following only apply if mongo.internal == true - cpuLimit: "2000m" - memoryLimit: "4Gi" - pvcSize: "20Gi" - storageClass: "" # leave empty to use the default storage class - - config: - installationMode: "central" #values can be connected or airgap. - - # SSO SAML Configuration (Optional for self-hosted type) - sso: - saml: - enabled: false - acsUrlRoot: "myfirstpalette.spectrocloud.com" - acsUrlScheme: "https" - audienceUrl: "https://www.spectrocloud.com" - entityId: "https://www.spectrocloud.com" - apiVersion: "v1" - - # Email Configurations. (Optional for self-hosted type) - email: - enabled: false - emailId: "noreply@spectrocloud.com" - smtpServer: "smtp.gmail.com" - smtpPort: 587 - insecureSkipVerifyTls: true - fromEmailId: "noreply@spectrocloud.com" - password: "" # base64 encoded SMTP password - - env: - # rootDomain is a DNS record which will be mapped to the traefik-ingress-controller load balancer - # E.g., myfirstpalette.spectrocloud.com - # - Mandatory if ingress.internal == false - # - Optional if ingress.internal == true (leave empty) - # - # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes - # E.g., *.myfirstpalette.spectrocloud.com - rootDomain: "palette.example.com" - - # stableEndpointAccess is used when deploying EKS clusters in Private network type. - # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true - cluster: - stableEndpointAccess: false - - # registry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # insecureSkipVerify: false - # caCert: "" - - # ociPackRegistry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # baseContentPath: "" # - # insecureSkipVerify: false - # caCert: "" - - ociPackEcrRegistry: - endpoint: "15789037893.dkr.ecr.us-east-1.amazonaws.com" # - name: "Palette Packs OCI" # - accessKey: "**************" # - secretKey: "**************" # - baseContentPath: "production" # - isPrivate: true - insecureSkipVerify: false - caCert: "" - - # ociImageRegistry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # baseContentPath: "" # - # insecureSkipVerify: false - # caCert: "" - # mirrorRegistries: "" # See instructions below. - - # Instruction for mirrorRegistries. - # ---------------------------------- - # Please provide the registry endpoint for the following registries, separated by double colons (::): - # docker.io - # gcr.io - # ghcr.io - # k8s.gcr.io - # registry.k8s.io - # quay.io - # For each registry, follow this example format: - # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ - # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. - - imageSwapImages: - imageSwapInitImage: "us-docker.pkg.dev/palette-images/third-party/thewebroot/imageswap-init:v1.5.3-spectro-4.8.a-v2" - imageSwapImage: "us-docker.pkg.dev/palette-images/third-party/thewebroot/imageswap:v1.5.3-spectro-4.8.a-v2" - - imageSwapConfig: - isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false - - grpc: - external: false - endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. - grpcStaticIP: "" - caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert - serverCrtBase64: "" - serverKeyBase64: "" - insecureSkipVerify: false - tunnel: - preferredServer: - endpoint: "" - servers: - - endpoint: "" - ingress: - msgbroker: - proxyBodySize: "15m" # Default proxy body size for msgbroker ingress - # When enabled, the Traefik ingress controller is installed. - enabled: true - - ingress: - # Default SSL certificate and key for the ingress controller (Optional) - # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com - # If left blank, a self-signed cert is generated. - certificate: "" - key: "" - - #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. - ingressStaticIP: "" +### Kubernetes Cluster - # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. - terminateHTTPSAtLoadBalancer: false + - frps: - frps: - enabled: false - frpHostURL: proxy.sample.spectrocloud.com - server: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - ca: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - service: - annotations: {} +### Local Environment - ui-system: - enabled: true - ui: - nocUI: - enable: true - mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette - mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID + - reachSystem: - enabled: false - proxySettings: - http_proxy: "" - https_proxy: "" - no_proxy: "" - ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. - scheduleOnControlPlane: true - ``` +- An image pull secret from Spectro Cloud customer support, required to pull images from Spectro Cloud OCI registries. + This is not required if you plan to use [mirror registries](../../system-management/registry-override.md) or + [image swap](../../../clusters/cluster-management/image-swap.md) when pulling images. Refer to + [Configure Image Pull Secret for Security-Hardened Images](../../system-management/configure-image-pull-secret.md) for + more information. - +### Other Prerequisites - + - ```yaml {61,76-83,95-103} - ######################### - # Spectro Cloud Palette # - ######################### - - global: - imagePullSecret: - create: false - # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication - dockerConfigJson: "" - - # MongoDB Configuration - mongo: - # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas - internal: true - - # Mongodb URL. Only change if using Mongo Atlas. - databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo" - # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. - databasePassword: "" - - #No. of mongo replicas to run, default is 3 - replicas: 3 - # The following only apply if mongo.internal == true - cpuLimit: "2000m" - memoryLimit: "4Gi" - pvcSize: "20Gi" - storageClass: "" # leave empty to use the default storage class - - config: - installationMode: "connected" #values can be connected or airgap. - isPaletteBaseCluster: false - - # SSO SAML Configuration (Optional for self-hosted type) - sso: - saml: - enabled: false - acsUrlRoot: "myfirstpalette.spectrocloud.com" - acsUrlScheme: "https" - audienceUrl: "https://www.spectrocloud.com" - entityId: "https://www.spectrocloud.com" - apiVersion: "v1" - - # Email Configurations. (Optional for self-hosted type) - email: - enabled: false - emailId: "noreply@spectrocloud.com" - smtpServer: "smtp.gmail.com" - smtpPort: 587 - insecureSkipVerifyTls: true - fromEmailId: "noreply@spectrocloud.com" - password: "" # base64 encoded SMTP password - - env: - # rootDomain is a DNS record which will be mapped to the traefik-ingress-controller load balancer - # E.g., myfirstpalette.spectrocloud.com - # - Mandatory if ingress.internal == false - # - Optional if ingress.internal == true (leave empty) - # - # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes - # E.g., *.myfirstpalette.spectrocloud.com - rootDomain: "palette.example.com" - - # stableEndpointAccess is used when deploying EKS clusters in Private network type. - # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true - cluster: - stableEndpointAccess: false - - # registry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # insecureSkipVerify: false - # caCert: "" - - ociPackRegistry: - endpoint: "example.harbor.org" # - name: "Palette Packs OCI" # - password: "**************" # - username: "**************" # - baseContentPath: "spectro-packs" # - insecureSkipVerify: false - caCert: "" - - # ociPackEcrRegistry: - # endpoint: "" # - # name: "" # - # accessKey: "" # - # secretKey: "" # - # baseContentPath: "" # - # isPrivate: true - # insecureSkipVerify: false - # caCert: "" - - ociImageRegistry: - endpoint: "" # - name: "" # - password: "" # - username: "" # - baseContentPath: "" # - insecureSkipVerify: false - caCert: "" - mirrorRegistries: "" # See instructions below. - - # Instruction for mirrorRegistries. - # ---------------------------------- - # Please provide the registry endpoint for the following registries, separated by double colons (::): - # docker.io - # gcr.io - # ghcr.io - # k8s.gcr.io - # registry.k8s.io - # quay.io - # For each registry, follow this example format: - # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ - # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. - - imageSwapImages: - imageSwapInitImage: "us-docker.pkg.dev/palette-images/third-party/thewebroot/imageswap-init:v1.5.3-spectro-4.8.a-v2" - imageSwapImage: "us-docker.pkg.dev/palette-images/third-party/thewebroot/imageswap:v1.5.3-spectro-4.8.a-v2" - - imageSwapConfig: - isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false - - grpc: - external: false - endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. - grpcStaticIP: "" - caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert - serverCrtBase64: "" - serverKeyBase64: "" - insecureSkipVerify: false - tunnel: - preferredServer: - endpoint: "" - servers: - - endpoint: "" - ingress: - msgbroker: - proxyBodySize: "15m" # Default proxy body size for msgbroker ingress - # When enabled, the Traefik ingress controller is installed. - enabled: true - - ingress: - # Default SSL certificate and key for the ingress controller (Optional) - # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com - # If left blank, a self-signed cert is generated. - certificate: "" - key: "" - - #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. - ingressStaticIP: "" - - # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. - terminateHTTPSAtLoadBalancer: false - - frps: - frps: - enabled: false - frpHostURL: proxy.sample.spectrocloud.com - server: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - ca: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - service: - annotations: {} - - ui-system: - enabled: true - ui: - nocUI: - enable: true - mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette - mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID - - reachSystem: - enabled: false - proxySettings: - http_proxy: "" - https_proxy: "" - no_proxy: "" - ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. - scheduleOnControlPlane: true - ``` - - - - - - :::warning - - Ensure you have configured the **values.yaml** file with the required parameters before proceeding to the next - steps. - - ::: - -6. This step is only required if you are installing Palette in an environment where a network proxy must be configured - for Palette to access the internet. If you are not using a network proxy, skip to the next step. - - Install the reach-system chart using the following command. Point to the **values.yaml** file you configured in - step 5. Make sure you configure the `reach-system.enable` section in the **values.yaml** file. - - ```shell - helm upgrade --values palette/values.yaml \ - reach-system extras/reach-system/reach-system-*.tgz --install - ``` - - ```shell hideClipboard - Release "reach-system" does not exist. Installing it now. - NAME: reach-system - LAST DEPLOYED: Fri Jan 30 18:40:57 2026 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - - -
    - How to update containerd to use proxy configurations - - If your Kubernetes cluster is behind a network proxy, ensure the containerd service is configured to use proxy - settings. You can do this by updating the containerd configuration file on each node in the cluster. The - configuration file is typically located at ` /etc/systemd/system/containerd.service.d/http-proxy.conf`. Below is an - example of the configuration file. Replace the values with your proxy settings. Ask your network administrator for - guidance. - - ``` - [Service] - Environment="HTTP_PROXY=http://example.com:9090" - Environment="HTTPS_PROXY=http://example.com:9090" - Environment="NO_PROXY=127.0.0.1,localhost,100.64.0.0/17,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,,.cluster.local" - ``` - -
    - -7. Install the Palette Helm Chart using the following command. - - ```shell - helm upgrade --values palette/values.yaml \ - hubble palette/spectro-mgmt-plane-*.tgz --install - ``` - - ```shell hideClipboard - Release "hubble" does not exist. Installing it now. - NAME: hubble - LAST DEPLOYED: Fri Jan 30 18:46:53 2026 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - DESCRIPTION: Install complete - TEST SUITE: None - ``` - -8. Track the installation process using the command below. Palette is ready when the deployments in the namespaces - `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` reach the _Ready_ state. The - installation takes between two to three minutes to complete. - - - - ```shell - kubectl get pods --all-namespaces --watch - ``` - - :::tip - - For a more user-friendly experience, use the open source tool [k9s](https://k9scli.io/) to monitor the installation - process. - - ::: - -9. Create a DNS CNAME record that is mapped to the Palette `traefik-ingress-controller` load balancer. You can use the - following command to retrieve the load balancer IP address. You may require the assistance of your network - administrator to create the DNS record. - - ```shell - kubectl get service traefik-ingress-controller --namespace ingress-traefik \ - --output jsonpath='{.status.loadBalancer.ingress[0].hostname}' - ``` - - :::warning - - If Palette has only one tenant and you use local accounts with Single Sign-On (SSO) disabled, you can access Palette - using the IP address or any domain name that resolves to that IP. However, once you enable SSO, users must log in - using the tenant-specific subdomain. For example, if you create a tenant named `tenant1` and the domain name you - assigned to Palette is `palette.example.com`, the tenant URL will be `tenant1.palette.example.com`. We recommend you - create an additional wildcard DNS record to map all tenant URLs to the Palette load balancer. For example, - `*.palette.example.com`. - - ::: - -10. Use the custom domain name or the IP address of the load balancer to visit the Palette system console. system - console, open a web browser and paste the custom domain URL in the address bar and append the value `/system`. - Replace the domain name in the URL with your custom domain name or the IP address of the load balancer. - Alternatively, you can use the load balancer IP address with the appended value `/system` to access the system - console. - - The first time you visit the Palette system console, a warning message about a not trusted SSL certificate may - appear. This is expected, as you have not yet uploaded your SSL certificate to Palette. You can ignore this warning - message and proceed. - - ![Screenshot of the Palette system console showing Username and Password fields.](/palette_installation_install-on-vmware_palette-system-console.webp) - -11. Log in to the system console using the following default credentials. Refer to the - [password requirements](../../system-management/account-management/credentials.md#password-requirements-and-security) - documentation page to learn more about password requirements - - | **Parameter** | **Value** | - | ------------- | --------- | - | Username | `admin` | - | Password | `admin` | - - After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be - redirected to the Palette system console. Use the username `admin` and your new password to log in to the system - console. You can create additional system administrator accounts and assign roles to users in the system console. - Refer to the [Account Management](../../system-management/account-management/account-management.md) documentation - page for more information. - -12. After login, a summary page is displayed. Palette is installed with a self-signed SSL certificate. To assign a - different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority - files to Palette. You can upload the files using the Palette system console. Refer to the - [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to - upload the SSL certificate files to Palette. - - :::warning - - If you plan to deploy host clusters into different networks, you may require a reverse proxy. Check out the - [Configure Reverse Proxy](../../system-management/reverse-proxy.md) guide for instructions on how to configure a - reverse proxy for Palette. - - ::: +## Install Palette -You now have a self-hosted instance of Palette installed in a Kubernetes cluster. Make sure you retain the -**values.yaml** file as you may need it for future upgrades. + + +### Cert-Manager Helm Chart + +3. + +### Spectro Management CRDs Helm Chart + +6. + +### Palette Helm Chart + +7. + +### Image Swap Helm Chart + +10. + +### Reach System Helm Chart + +11. + +### Installation + +12. ## Validate -Use the following steps to validate the Palette installation. - -1. Open up a web browser and navigate to the Palette system console. To access the system console, open a web browser - and paste the `env.rootDomain` value you provided in the address bar and append the value `/system`. You can also use - the IP address of the load balancer. - -2. Log in using the credentials you received from our support team. After login, you will be prompted to create a new - password. Enter a new password and save your changes. You will be redirected to the Palette system console. - -3. Open a terminal session and issue the following command to verify the Palette installation. The command should return - a list of deployments in the `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` - namespaces. - - ```shell - kubectl get pods --all-namespaces --output custom-columns="NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.phase" \ - | grep --extended-regexp '^(cp-system|hubble-system|ingress-traefik|jet-system|ui-system)\s' - ``` - - Your output should look similar to the following. - - ```shell hideClipboard - cp-system spectro-cp-ui-78c9b7dcc5-q8ln4 Running - hubble-system auth-58bc56bc79-68lbg Running - hubble-system auth-58bc56bc79-r2md8 Running - hubble-system cloud-8475845cff-dnq27 Running - hubble-system cloud-8475845cff-v2cww Running - hubble-system configserver-74dd648bf5-6tvmv Running - hubble-system event-68cfb57f6d-9dx5b Running - hubble-system event-68cfb57f6d-g5zrl Running - hubble-system event-68cfb57f6d-rz4sz Running - hubble-system foreq-6c75b84554-x4f7h Running - hubble-system hashboard-7b69cc685f-d8mmw Running - hubble-system hashboard-7b69cc685f-mbb57 Running - hubble-system hutil-5456dfbdd7-68p4m Running - hubble-system hutil-5456dfbdd7-dllfj Running - hubble-system memstore-8654b49cfd-npqbv Running - hubble-system mgmt-55985b7ccb-gpvnr Running - hubble-system mongo-0 Running - hubble-system mongo-1 Running - hubble-system mongo-2 Pending - hubble-system mongodb-key-manager-helm-4z2mw Running - hubble-system msgbroker-0 Running - hubble-system msgbroker-1 Running - hubble-system oci-proxy-787fd499d4-f772t Running - hubble-system specman-0 Running - hubble-system spectro-tunnel-69448888-qn7kk Running - hubble-system spectrocluster-54fb864b48-8fhkr Running - hubble-system spectrocluster-54fb864b48-9hkgg Running - hubble-system spectrocluster-54fb864b48-w5dwr Running - hubble-system spectrocluster-jobs-6ddfbddcd6-j9xb8 Running - hubble-system spectrocluster-reconciler-d448fc8cf-qr6bp Running - hubble-system spectroclusterop-89968785d-6n48l Running - hubble-system spectroclusterop-89968785d-gzd5w Running - hubble-system spectrossh-d5fd6b49-wfcgc Running - hubble-system system-6f7767845d-lm5zn Running - hubble-system system-6f7767845d-xf2hl Running - hubble-system timeseries-6f5bf98c5c-fcqnh Running - hubble-system timeseries-6f5bf98c5c-vmb5h Running - hubble-system timeseries-6f5bf98c5c-xm8s6 Running - hubble-system user-796c877b57-6rcdp Running - hubble-system user-796c877b57-ptbg4 Running - ingress-traefik traefik-ingress-controller-9dmzq Running - ingress-traefik traefik-ingress-controller-tpwtf Running - ingress-traefik traefik-ingress-controller-xz4jf Running - jet-system jet-555cdf78f5-4l2s2 Running - ui-system spectro-ui-8658f85c85-9lkhs Running - ``` + ## Next Steps diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md index fd5d3b7c829..48c57a4d7ba 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md @@ -36,34 +36,51 @@ The global block allows you to provide configurations that apply globally to the ### Image Pull Secret -The `imagePullSecret` block allows you to provide image pull secrets that will be used to authenticate with private -registries to obtain the images required for Palette installation. This is relevant if you have your own mirror -registries you use for Palette installation. +:::warning -| **Parameters** | **Description** | **Type** | **Default value** | -| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | -| `create` | Specifies whether to create a secret containing credentials to your own private image registry. | Boolean | `false` | -| `dockerConfigJson` | The **config.json** file value containing the registry URL and credentials for your image registry in base64 encoded format on a single line. For more information about the **config.json** file, refer to [Kubernetes Documentation](https://kubernetes.io/docs/concepts/containers/images/#config-json). | String | None | +Spectro Cloud's image pull secret will be required in an upcoming release for any users pulling images from a Spectro +Cloud-owned registry. This is a breaking change. We recommend obtaining your secret as soon as possible to avoid service +disruptions. Refer to +[Configure Image Pull Secret for Security-Hardened Images](../../system-management/configure-image-pull-secret.md) for +more information. -:::info +::: -To obtain the base-64 encoded version of the credential `config.json` file, you can issue the following command. Replace -`` with the path to your `config.json` file. The `tr -d '\n'` removes new line characters -and produce the output on a single line. +The `imagePullSecret` block configures the image pull secret used to authenticate with private registries. Palette +always creates a Kubernetes Secret named `spectro-image-pull-secret` from this value and distributes it to the +management plane, workload clusters, and PCGs. The secret serves the following purposes: -```shell -cat | base64 | tr -d '\n' -``` +- **Spectro Cloud registry authentication** - Authenticates with Spectro Cloud's registries to pull security-hardened + images. These images are used by the management plane, workload clusters, and PCGs. To obtain this secret, contact + your Spectro Cloud customer support representative. Refer to + [Configure Image Pull Secret for Security-Hardened Images](../../system-management/configure-image-pull-secret.md) for + more information. -::: +- **Private registry authentication** - If you host Palette images in your own private registry, the secret provides the + credentials needed to pull those images. + +| **Parameters** | **Description** | **Type** | **Default value** | +| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | +| `dockerConfigJson` | The values of the `config.json` file encoded in base64 as a single string, containing the registry URL and credentials for your image registry. For more information about the `config.json` file, refer to the [Kubernetes Documentation](https://kubernetes.io/docs/concepts/containers/images/#config-json). | String | `""` | ```yaml global: imagePullSecret: - create: true dockerConfigJson: ewoJImF1dGhzHsKCQkiaG9va3......MiOiAidHJ1ZSIKCX0KfQ # Base64 encoded config.json ``` +:::info + +To obtain the base64-encoded version of your `config.json` file, use the following command. Replace +`` with the path to your `config.json` file. The `tr --delete '\n'` removes new line +characters and produces the output on a single line. + +```shell +cat | base64 | tr --delete '\n' +``` + +::: + ## MongoDB Palette uses MongoDB Enterprise as its internal database and supports two modes of deployment: @@ -316,8 +333,8 @@ config: ### Image Swap Configuration You can configure Palette to use image swap to download the required images. This is an advanced configuration option, -and it is only required for air-gapped deployments. You must also install the Palette Image Swap Helm chart to use this -option, otherwise, Palette will ignore the configuration. +and it is only required for airgapped deployments or when you use a self-hosted OCI registry. You must also install the +Palette Image Swap Helm chart to use this option, otherwise, Palette will ignore the configuration. | **Parameters** | **Description** | **Type** | **Default value** | | ------------------------------ | ----------------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------- | diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/uninstall.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/uninstall.md index 33b3a886f9b..96e015c4943 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/uninstall.md +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/uninstall.md @@ -41,27 +41,34 @@ to install Palette, this process does not apply. ``` 2. Issue the following command to start uninstalling the Palette management plane. This will only remove the resources - managed by Helm and the remaining resources will require additional manual intervention. + managed by Helm. The remaining resources will require additional manual intervention. ```shell helm uninstall hubble ``` -3. Issue the following command to remove the namespace and custom resource definitions related to the Palette management - plane. +3. Remove the namespace and custom resource definitions related to the Palette management plane. ```shell - kubectl delete namespace hubble-system || kubectl delete crd spectroclusteractions.jet.cluster.spectrocloud.com + kubectl delete namespace hubble-system + kubectl delete crd spectroclusteractions.jet.cluster.spectrocloud.com ``` -4. Issue the following command to uninstall Cert Manager. Cert Manager does not reply on any Helm hooks and the Helm - uninstall command will uninstall all related resources. +4. Uninstall Cert Manager. ```shell helm uninstall cert-manager + kubectl delete namespace cert-manager ``` -5. (Optional) If you installed Reach, issue the following command to start uninstalling Reach. This will remove all +5. Uninstall the Spectro Management CRDs chart. + + ```shell + helm uninstall spectro-mgmt-crds + ``` + +6. _(Proxy environments only)_ If you installed Palette in an environment where a network proxy is configured for + Palette to access the internet, issue the following command to start uninstalling Reach. This will remove all resources related to Reach that are managed by Helm. However, some resources created by Helm hooks are not managed by Helm and will require additional manual intervention to remove. @@ -69,7 +76,7 @@ to install Palette, this process does not apply. helm uninstall reach-system ``` -6. (Optional) Issue the following commands to remove the remaining Reach system resources. +7. _(Proxy environments only)_ Issue the following commands to remove the remaining Reach system resources. ```shell kubectl delete ns reach-system @@ -83,13 +90,15 @@ to install Palette, this process does not apply. kubectl delete clusterrole reach-proxy-role ``` -7. (Optional) If you installed Image Swap, issue the following command to remove the `image-swap` chart. +8. _(Self-hosted OCI registry only)_ If you use image swap for self-hosted OCI registries, issue the following command + to remove the `image-swap` chart. ```shell helm uninstall image-swap ``` -8. (Optional) Issue the following commands to remove the remaining resources related to `image-swap`. +9. _(Self-hosted OCI registry only)_ Issue the following commands to remove the remaining resources related to + `image-swap`. ```shell kubectl delete ns imageswap-system diff --git a/docs/docs-content/enterprise-version/install-palette/install-palette.md b/docs/docs-content/enterprise-version/install-palette/install-palette.md index ab9776c01aa..f47d6267673 100644 --- a/docs/docs-content/enterprise-version/install-palette/install-palette.md +++ b/docs/docs-content/enterprise-version/install-palette/install-palette.md @@ -63,6 +63,7 @@ distribution OVA. | **Palette Version** | **Kubernetes Version** | | ------------------- | ---------------------- | +| 4.9.21 | 1.34.9 | | 4.9.14 | 1.34.6 | | 4.9.5 | 1.34.6 | | 4.8.47 | 1.33.9 | diff --git a/docs/docs-content/enterprise-version/system-management/configure-image-pull-secret.md b/docs/docs-content/enterprise-version/system-management/configure-image-pull-secret.md new file mode 100644 index 00000000000..d8d81a426db --- /dev/null +++ b/docs/docs-content/enterprise-version/system-management/configure-image-pull-secret.md @@ -0,0 +1,112 @@ +--- +sidebar_label: "Configure Image Pull Secret" +title: "Configure Image Pull Secret for Security-Hardened Images" +description: + "Learn how to request and configure an image pull secret from Spectro Cloud, used for retrieving security-hardened + images." +icon: "" +hide_table_of_contents: false +sidebar_position: 35 +tags: ["self-hosted", "account", "image pull secret", "hardened images", "security"] +keywords: ["self-hosted", "palette", "image pull secret", "hardened images", "security"] +--- + + + +## When to Configure Image Pull Secret + +Depending on how your environment retrieves images, you may or may not need to configure Spectro Cloud's image pull +secret. + +Review the following sections to learn if your environment requires configuration. + +### Configuration Required + + + +### Configuration Not Required + + + +## Configure Image Pull Secret + +Depending on your installation method, you can configure Spectro Cloud's image pull secret during or after installing +self-hosted Palette. + +### During Installation + + + +#### Helm Chart Installations + + + +### Post-Installation + + + +#### Prerequisites + + + +#### Enablement + + + +#### Validate + + diff --git a/docs/docs-content/enterprise-version/upgrade/upgrade-k8s/airgap.md b/docs/docs-content/enterprise-version/upgrade/upgrade-k8s/airgap.md index 2da2c9add5d..36cb5472bb4 100644 --- a/docs/docs-content/enterprise-version/upgrade/upgrade-k8s/airgap.md +++ b/docs/docs-content/enterprise-version/upgrade/upgrade-k8s/airgap.md @@ -253,54 +253,56 @@ This guide takes you through the process of upgrading a self-hosted airgap Palet ::: -8. Navigate to the directory with the Palette installation zip file. Unzip the file to a **palette-install** directory. +8. Navigate to the directory where you downloaded the Palette install zip file provided by our support team. Unzip the + file to a directory named `palette-install`. ```shell - unzip release-*.zip -d palette-install + unzip charts.zip -d palette-install ``` -9. Navigate to the release directory inside **palette-install**. +9. Navigate to the `palette-install` directory. ```shell - cd palette-install/charts/release-* + cd palette-install ``` -10. In a code editor of your choice, open the **extras/cert-manager/values.yaml** file and replace the - `cainjectorImage`,`controllerImage`, `webhookImage`, and `amceResolverImage` image URLs and with your OCI image - registry URL and the `/spectro-images/` namespace. +10. Open the file `extras/cert-manager/values.yaml` with a text editor of your choice. This example uses Vim. - ```yaml {2-5} - image: - cainjectorImage: "/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.17.0-spectro-4.6.1" - controllerImage: "/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.17.0-spectro-4.6.1" - webhookImage: "/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.17.0-spectro-4.6.1" - amceResolverImage: "/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.17.0-spectro-4.6.1" - - featureGates: "AdditionalCertificateOutputFormats=true" + ```shell + vim extras/cert-manager/values.yaml ``` - Consider the following example for reference. +11. Append `` to each image, along with the `` where you want to store your images. - ```yaml {2-5} + ```yaml image: - cainjectorImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.17.0-spectro-4.6.1" - controllerImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.17.0-spectro-4.6.1" - webhookImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.17.0-spectro-4.6.1" - amceResolverImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.17.0-spectro-4.6.1" - - featureGates: "AdditionalCertificateOutputFormats=true" + cainjectorImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.19.3-spectro-4.8.b" + controllerImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.19.3-spectro-4.8.b" + webhookImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.19.3-spectro-4.8.b" + amceResolverImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.19.3-spectro-4.8.b" ``` -11. Update the cert-manager chart using the following command. + In the example below, we used `harbor.docs.spectro.dev` for the registry and `spectro-images` for the repository. - ```shell - helm upgrade --values extras/cert-manager/values.yaml \ - cert-manager extras/cert-manager/cert-manager-*.tgz --install + ```yaml {2-5} hideClipboard title="Example output" + image: + cainjectorImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.19.3-spectro-4.8.b" + controllerImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.19.3-spectro-4.8.b" + webhookImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.19.3-spectro-4.8.b" + amceResolverImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.19.3-spectro-4.8.b" ``` - You should receive an output similar to the following. +12. Update the cert-manager chart using the following command. ```shell + helm upgrade --install cert-manager \ + ./extras/cert-manager/cert-manager-*.tgz \ + --namespace cert-manager \ + --create-namespace \ + --values ./extras/cert-manager/values.yaml + ``` + + ```shell hideClipboard title="Example output" Release "cert-manager" has been upgraded. Happy Helming! NAME: cert-manager LAST DEPLOYED: Thu Feb 22 19:42:33 2024 @@ -310,29 +312,28 @@ This guide takes you through the process of upgrading a self-hosted airgap Palet TEST SUITE: None ``` -12. Prepare the Palette configuration file `values.yaml`. If you saved `values.yaml` used during the Palette - installation, you can reuse it for the upgrade. Alternatively, follow the - [Kubernetes Installation Instructions](../../install-palette/install-on-kubernetes/install.md) to populate your - `values.yaml`. +13. Open the file `palette/values.yaml` with a text editor of your choice. This example uses Vim. - :::warning - - Ensure that the `values.yaml` file is ready before proceeding. Specifically, make sure that the `ociPackEcrRegistry` - and `ociImageRegistry` configurations include the parameters necessary to interact with your `spectro-images` and - `spectro-packs` repositories. + ```shell + vim palette/values.yaml + ``` - ::: +14. Prepare the Palette configuration `palette/values.yaml` file. If you saved your `values.yaml` used during the + Palette installation, you can refer to it when upgrading. Ensure you carry over any necessary configurations, such + as root domains, certificates, image-swap paths, and registries. Refer to + [Kubernetes Installation Instructions](../../install-palette/install-on-kubernetes/airgap-install/install.md) for + basic `values.yaml` guidance. For a full list of parameters, refer to + [Helm Configuration Reference](../../install-palette/install-on-kubernetes/palette-helm-ref.md). -13. Upgrade the image-swap chart with the following command. Point to the `palette/values.yaml` file from step 12. +15. _(Self-hosted OCI registry only)_ If you use image swap for self-hosted OCI registries, upgrade the image-swap chart + with the following command. Point to the `palette/values.yaml` file from step 14. ```shell helm upgrade --values palette/values.yaml \ image-swap extras/image-swap/image-swap-*.tgz --install ``` - You should receive an output similar to the following. - - ```shell + ```shell hideClipboard title="Example output" Release "image-swap" has been upgraded. Happy Helming! NAME: image-swap LAST DEPLOYED: Thu Feb 22 19:44:13 2024 @@ -342,16 +343,16 @@ This guide takes you through the process of upgrading a self-hosted airgap Palet TEST SUITE: None ``` -14. Upgrade the reach-system chart with the following command. Point to the `palette/values.yaml` file from step 12. +16. _(Proxy environments only)_ If you are upgrading a Palette instance in an environment where a network proxy must be + configured for Palette to access the internet, upgrade the reach-system chart with the following command. Point to + the `palette/values.yaml` file from step 14. ```shell helm upgrade --values palette/values.yaml \ - reach-system extras/reach-system/reach-system-\*.tgz --install + reach-system extras/reach-system/reach-system-*.tgz --install ``` - You should receive an output similar to the following. - - ```shell + ```shell hideClipboard title="Example output" Release "reach-system" has been upgraded. Happy Helming! NAME: reach-system LAST DEPLOYED: Thu Feb 22 19:47:10 2024 @@ -361,7 +362,7 @@ This guide takes you through the process of upgrading a self-hosted airgap Palet TEST SUITE: None ``` -15. Upgrade the Spectro Management CRDs chart. +17. Upgrade the Spectro Management CRDs chart. ```shell helm upgrade --install spectro-mgmt-crds \ @@ -369,9 +370,7 @@ This guide takes you through the process of upgrading a self-hosted airgap Palet --values extras/spectro-mgmt-crds/values.yaml ``` - You should receive an output similar to the following. - - ```shell + ```shell hideClipboard title="Example output" Release "spectro-mgmt-crds" has been upgraded. Happy Helming! NAME: spectro-mgmt-crds LAST DEPLOYED: Thu Feb 22 19:43:00 2024 @@ -381,16 +380,14 @@ This guide takes you through the process of upgrading a self-hosted airgap Palet TEST SUITE: None ``` -16. Upgrade Palette with the following command. +18. Upgrade Palette with the following command. ```shell helm upgrade --values palette/values.yaml \ - hubble palette/spectro-mgmt-plane-\*.tgz --install + hubble palette/spectro-mgmt-plane-*.tgz --install ``` - You should receive an output similar to the following. - - ```shell + ```shell hideClipboard title="Example output" Release "hubble" has been upgraded. Happy Helming! NAME: hubble LAST DEPLOYED: Thu Feb 22 20:05:24 2024 @@ -400,7 +397,7 @@ This guide takes you through the process of upgrading a self-hosted airgap Palet TEST SUITE: None ``` -17. Use the following command to track the upgrade process. +19. Use the following command to track the upgrade process. ```shell kubectl get pods --all-namespaces --watch diff --git a/docs/docs-content/enterprise-version/upgrade/upgrade-k8s/non-airgap.md b/docs/docs-content/enterprise-version/upgrade/upgrade-k8s/non-airgap.md index 35ef8109607..594c932a4ac 100644 --- a/docs/docs-content/enterprise-version/upgrade/upgrade-k8s/non-airgap.md +++ b/docs/docs-content/enterprise-version/upgrade/upgrade-k8s/non-airgap.md @@ -59,150 +59,133 @@ match your environment. ::: -1. Open a terminal session and navigate to the directory with the Palette installation zip file. Unzip the file to a - **palette-install** directory. - - ```shell - unzip release-*.zip -d palette-install - ``` - -2. Navigate to the release directory inside **palette-install**. - - ```shell - cd palette-install/charts/release-* - ``` - -3. Update the cert-manager chart using the following command. - - ```shell - helm upgrade --values extras/cert-manager/values.yaml \ - cert-manager extras/cert-manager/cert-manager-*.tgz --install - ``` - - You should receive an output similar to the following. - - ```shell - Release "cert-manager" has been upgraded. Happy Helming! - NAME: cert-manager - LAST DEPLOYED: Thu Feb 22 19:42:33 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 2 - TEST SUITE: None - ``` - -4. Upgrade the Spectro Management CRDs chart. - - ```shell - helm upgrade --install spectro-mgmt-crds \ - extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz \ - --values extras/spectro-mgmt-crds/values.yaml - ``` - - You should receive an output similar to the following. - - ```shell - Release "spectro-mgmt-crds" has been upgraded. Happy Helming! - NAME: spectro-mgmt-crds - LAST DEPLOYED: Thu Feb 22 19:43:00 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 2 - TEST SUITE: None - ``` - -5. Prepare the Palette configuration file `values.yaml`. If you saved `values.yaml` used during the Palette - installation, you can reuse it for the upgrade. Alternatively, follow the - [Kubernetes Installation Instructions](../../install-palette/install-on-kubernetes/install.md) to populate your - `values.yaml`. - - :::warning - - Ensure that the `values.yaml` file is ready before proceeding. If you are using a self-hosted OCI registry, make sure - that the `ociImageRegistry.mirrorRegistries` parameter in your `values.yaml` includes the necessary mirror links. - - Include `/v2` in your endpoints if you are using a - [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. - Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other - registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. Including `/v2` - for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: - `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. - - ::: - -6. If you are using a self-hosted OCI registry, upgrade the image-swap chart with the following command. Point to the - `palette/values.yaml` file from step 5. - - ```shell - helm upgrade --values palette/values.yaml \ - image-swap extras/image-swap/image-swap-*.tgz --install - ``` - - You should receive an output similar to the following. - - ```shell - Release "image-swap" has been upgraded. Happy Helming! - NAME: image-swap - LAST DEPLOYED: Thu Feb 22 19:44:13 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 2 - TEST SUITE: None - ``` - -7. If you are upgrading a Palette instance in an environment that requires network proxy configuration, upgrade the - reach-system chart with the following command. Point to the `palette/values.yaml` file from step 5. - - ```shell - helm upgrade --values palette/values.yaml \ - reach-system extras/reach-system/reach-system-\*.tgz --install - ``` - - You should receive an output similar to the following. - - ```shell - Release "reach-system" has been upgraded. Happy Helming! - NAME: reach-system - LAST DEPLOYED: Thu Feb 22 19:47:10 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 2 - TEST SUITE: None - ``` - -8. Upgrade Palette with the following command. - - ```shell - helm upgrade --values palette/values.yaml \ - hubble palette/spectro-mgmt-plane-\*.tgz --install - ``` - - You should receive an output similar to the following. - - ```shell - Release "hubble" has been upgraded. Happy Helming! - NAME: hubble - LAST DEPLOYED: Thu Feb 22 20:05:24 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 2 - TEST SUITE: None - ``` - -9. Use the following command to track the upgrade process. - - ```shell - kubectl get pods --all-namespaces --watch - ``` - - :::tip - - For a more user-friendly experience, consider using [K9s](https://k9scli.io/) or a similar tool to track the upgrade. - - ::: - - The upgrade usually takes up to five minutes. Palette is upgraded when the deployments in the namespaces `cp-system`, - `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` are in the **Ready** status. +1. Open a terminal session and navigate to the directory where you downloaded the Palette install ZIP file provided by + our support. Unzip the file to a directory named `palette-install`. + + ```shell + unzip charts.zip -d palette-install + ``` + +2. Navigate to the `palette-install` directory. + + ```shell + cd palette-install + ``` + +3. Update the cert-manager chart using the following command. + + ```shell + helm upgrade --install cert-manager \ + ./extras/cert-manager/cert-manager-*.tgz \ + --namespace cert-manager \ + --create-namespace \ + --values ./extras/cert-manager/values.yaml + ``` + + ```shell hideClipboard title="Example output" + Release "cert-manager" has been upgraded. Happy Helming! + NAME: cert-manager + LAST DEPLOYED: Wed Jun 17 14:54:45 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 2 + TEST SUITE: None + ``` + +4. Upgrade the Spectro Management CRDs chart. + + ```shell + helm upgrade --install spectro-mgmt-crds \ + extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz \ + --values extras/spectro-mgmt-crds/values.yaml + ``` + + ```shell hideClipboard title="Example output" + Release "spectro-mgmt-crds" has been upgraded. Happy Helming! + NAME: spectro-mgmt-crds + LAST DEPLOYED: Wed Jun 17 14:55:28 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 2 + TEST SUITE: None + ``` + +5. Prepare the Palette configuration file `values.yaml`. If you saved your `values.yaml` used during the Palette + installation, you can refer to it when upgrading. Ensure you carry over any necessary configurations, such as root + domains, certificates, image-swap paths, and registries. Refer to + [Kubernetes Installation Instructions](../../install-palette/install-on-kubernetes/install.md) for basic + `values.yaml` guidance. For a full list of parameters, refer to + [Helm Configuration Reference](../../install-palette/install-on-kubernetes/palette-helm-ref.md). + +6. _(Self-hosted OCI registry only)_ If you use image swap for self-hosted OCI registries, upgrade the image-swap chart + with the following command. Point to the `palette/values.yaml` file from step 5. + + ```shell + helm upgrade --values palette/values.yaml \ + image-swap extras/image-swap/image-swap-*.tgz --install + ``` + + ```shell hideClipboard title="Example output" + Release "image-swap" has been upgraded. Happy Helming! + NAME: image-swap + LAST DEPLOYED: Thu Feb 22 19:44:13 2024 + NAMESPACE: default + STATUS: deployed + REVISION: 2 + TEST SUITE: None + ``` + +7. _(Proxy environments only)_ If you are upgrading a Palette instance in an environment where a network proxy must be + configured for Palette to access the internet, upgrade the reach-system chart with the following command. Point to + the `palette/values.yaml` file from step 5. + + ```shell + helm upgrade --values palette/values.yaml \ + reach-system extras/reach-system/reach-system-*.tgz --install + ``` + + ```shell hideClipboard title="Example output" + Release "reach-system" has been upgraded. Happy Helming! + NAME: reach-system + LAST DEPLOYED: Thu Feb 22 19:47:10 2024 + NAMESPACE: default + STATUS: deployed + REVISION: 2 + TEST SUITE: None + ``` + +8. Upgrade Palette with the following command. + + ```shell + helm upgrade --values palette/values.yaml \ + hubble palette/spectro-mgmt-plane-*.tgz --install + ``` + + ```shell hideClipboard title="Example output" + Release "hubble" has been upgraded. Happy Helming! + NAME: hubble + LAST DEPLOYED: Wed Jun 17 15:44:47 2026 + NAMESPACE: default + STATUS: deployed + REVISION: 2 + TEST SUITE: None + ``` + +9. Use the following command to track the upgrade process. + + ```shell + kubectl get pods --all-namespaces --watch + ``` + + :::tip + + For a more user-friendly experience, consider using [K9s](https://k9scli.io/) or a similar tool to track the + upgrade. + + ::: + + The upgrade usually takes up to five minutes. Palette is upgraded when the deployments in the namespaces + `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` are in the **Ready** status. ## Validate @@ -216,7 +199,7 @@ match your environment. `App Version` column of `cert-manager`, `image-swap`, `reach-system`, and `hubble` to verify that they have the expected versions. - ```shell + ```shell hideClipboard title="Example output" NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cert-manager default 2 2024-02-22 19:42:33.776829 +0100 CET deployed cert-manager-1.11.0 1.11.0 image-swap default 2 2024-02-22 19:44:13.209592 +0100 CET deployed image-swap-v1.5.2-spectro-4.1.1 1.5.2 @@ -234,7 +217,7 @@ match your environment. The command should return a list of deployments in the `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` namespaces. All deployments should have the status `Running`. - ```shell + ```shell hideClipboard title="Example output" cp-system spectro-cp-ui-689984f88d-54wsw Running hubble-system auth-85b748cbf4-6drkn Running hubble-system auth-85b748cbf4-dwhw2 Running diff --git a/docs/docs-content/integrations/cni-cilium-oss.mdx b/docs/docs-content/integrations/cni-cilium-oss.mdx index 04765b6c60d..1baa3ab5e7b 100644 --- a/docs/docs-content/integrations/cni-cilium-oss.mdx +++ b/docs/docs-content/integrations/cni-cilium-oss.mdx @@ -159,6 +159,34 @@ You can work around the issue by using one of the two following methods: +## Configure Cilium for Canonical Kubernetes Clusters on MAAS + +:::warning + +Existing Canonical Kubernetes 1.35 clusters that use Cilium CNI (Canonical K8s) pack carry a +repave risk. Updating to a release that includes Cilium support does not start a new repave, but it does +resume any repave that was previously intercepted. To avoid an unexpected repave, enable +[Pause Agent Upgrades](../clusters/cluster-management/platform-settings/pause-platform-upgrades.md), allow any pending +repaves to complete, and then resume agent upgrades. + +::: + + clusters on MAAS support the +Cilium pack as a Container Network Interface (CNI). This support is available for Canonical Kubernetes 1.35 +and later. Use the Cilium pack to model and manage Cilium declaratively in your cluster profile instead of relying on the +Cilium CNI bundled with the Canonical Kubernetes pack. + +To configure the Cilium pack for a Canonical Kubernetes cluster, complete the following steps in the pack settings. + +1. In the **Presets** section, set the **Mode** to **Cluster Pool**. + +2. Set the pod CIDR range that the cluster pool uses. The following example uses the `192.168.0.0/16` range. + + ```yaml + clusterPoolIPv4PodCIDRList: + - "192.168.0.0/16" + ``` + ## Terraform You can reference the Cilium pack in Terraform with the following data resource. diff --git a/docs/docs-content/legal-licenses/oss-licenses-index/oss-licenses.md b/docs/docs-content/legal-licenses/oss-licenses-index/oss-licenses.md index aefe4f7aed2..ca567509206 100644 --- a/docs/docs-content/legal-licenses/oss-licenses-index/oss-licenses.md +++ b/docs/docs-content/legal-licenses/oss-licenses-index/oss-licenses.md @@ -18,8 +18,10 @@ The following table lists the open source licenses tied to the libraries and mod | @dnd-kit/core | 6.3.1 | [MIT](https://opensource.org/license/mit/) | | @dnd-kit/sortable | 8.0.0 | [MIT](https://opensource.org/license/mit/) | | @elastic/apm-rum | 5.17.4 | [MIT](https://opensource.org/license/mit/) | +| @fontsource-variable/plus-jakarta-sans | 5.2.8 | [OFL-1.1](https://opensource.org/license/ofl-1-1) | | @fontsource/fira-code | 5.2.7 | [OFL-1.1](https://opensource.org/license/ofl-1-1) | | @fontsource/inter | 5.2.8 | [OFL-1.1](https://opensource.org/license/ofl-1-1) | +| @fontsource/poppins | 5.2.7 | [OFL-1.1](https://opensource.org/license/ofl-1-1) | | @fortawesome/fontawesome-free | 5.9.0 | [MIT](https://opensource.org/license/mit/) | | @fortawesome/fontawesome-svg-core | 6.7.2 | [MIT](https://opensource.org/license/mit/) | | @fortawesome/fontawesome-svg-core | 1.2.36 | [MIT](https://opensource.org/license/mit/) | @@ -55,19 +57,20 @@ The following table lists the open source licenses tied to the libraries and mod | @radix-ui/react-accordion | 1.2.12 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-checkbox | 1.3.3 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-dialog | 1.1.15 | [MIT](https://opensource.org/license/mit/) | +| @radix-ui/react-dropdown-menu | 2.1.17 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-dropdown-menu | 2.1.16 | [MIT](https://opensource.org/license/mit/) | -| @radix-ui/react-popover | 1.1.15 | [MIT](https://opensource.org/license/mit/) | +| @radix-ui/react-popover | 1.1.16 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-progress | 1.1.8 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-radio-group | 1.3.8 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-select | 1.2.2 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-switch | 1.2.6 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-tabs | 1.1.13 | [MIT](https://opensource.org/license/mit/) | | @radix-ui/react-toast | 1.2.15 | [MIT](https://opensource.org/license/mit/) | -| @react-spring/core | 10.0.3 | [MIT](https://opensource.org/license/mit/) | +| @react-spring/core | 10.1.0 | [MIT](https://opensource.org/license/mit/) | | @react-spring/core | 9.7.5 | [MIT](https://opensource.org/license/mit/) | -| @react-spring/three | 10.0.3 | [MIT](https://opensource.org/license/mit/) | +| @react-spring/three | 10.1.0 | [MIT](https://opensource.org/license/mit/) | | @react-spring/three | 9.7.5 | [MIT](https://opensource.org/license/mit/) | -| @react-spring/web | 10.0.3 | [MIT](https://opensource.org/license/mit/) | +| @react-spring/web | 10.1.0 | [MIT](https://opensource.org/license/mit/) | | @react-spring/web | 9.7.5 | [MIT](https://opensource.org/license/mit/) | | @react-three/fiber | 8.18.0 | [MIT](https://opensource.org/license/mit/) | | @react-three/fiber | 7.0.29 | [MIT](https://opensource.org/license/mit/) | @@ -80,7 +83,7 @@ The following table lists the open source licenses tied to the libraries and mod | @stripe/stripe-js | 1.54.2 | [MIT](https://opensource.org/license/mit/) | | @swc/helpers | 0.5.18 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | @types/node | 17.0.45 | [MIT](https://opensource.org/license/mit/) | -| @types/react | 18.3.28 | [MIT](https://opensource.org/license/mit/) | +| @types/react | 18.3.31 | [MIT](https://opensource.org/license/mit/) | | @types/react-dom | 18.3.7 | [MIT](https://opensource.org/license/mit/) | | @types/react-redux | 7.1.34 | [MIT](https://opensource.org/license/mit/) | | @types/react-router-dom | 5.3.3 | [MIT](https://opensource.org/license/mit/) | @@ -101,6 +104,7 @@ The following table lists the open source licenses tied to the libraries and mod | @visx/tooltip | 2.17.0 | [MIT](https://opensource.org/license/mit/) | | @xterm/xterm | 5.5.0 | [MIT](https://opensource.org/license/mit/) | | abort-controller | 3.0.0 | [MIT](https://opensource.org/license/mit/) | +| ajv | 8.20.0 | [MIT](https://opensource.org/license/mit/) | | ajv | 8.18.0 | [MIT](https://opensource.org/license/mit/) | | ajv | 5.5.2 | [MIT](https://opensource.org/license/mit/) | | antd | 5.29.3 | [MIT](https://opensource.org/license/mit/) | @@ -112,6 +116,7 @@ The following table lists the open source licenses tied to the libraries and mod | atomicgo.dev/cursor | v0.2.0 | [MIT](https://opensource.org/license/mit/) | | atomicgo.dev/keyboard | v0.2.9 | [MIT](https://opensource.org/license/mit/) | | atomicgo.dev/schedule | v0.1.0 | [MIT](https://opensource.org/license/mit/) | +| axios | 1.17.0 | [MIT](https://opensource.org/license/mit/) | | axios | 1.15.0 | [MIT](https://opensource.org/license/mit/) | | axios-retry | 4.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | axios-retry | 3.9.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -235,6 +240,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/awslabs/goformation/v4 | v4.19.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/aybabtme/rgbterm | v0.0.0-20170906152045-cc83f3b3ce59 | [MIT](https://opensource.org/license/mit/) | | github.com/Azure/azure-sdk-for-go | v68.0.0+incompatible | [MIT](https://opensource.org/license/mit/) | +| github.com/Azure/azure-sdk-for-go/sdk/azcore | v1.21.0 | [MIT](https://opensource.org/license/mit/) | | github.com/Azure/azure-sdk-for-go/sdk/azcore | v1.20.0 | [MIT](https://opensource.org/license/mit/) | | github.com/Azure/azure-sdk-for-go/sdk/azcore | v1.18.0 | [MIT](https://opensource.org/license/mit/) | | github.com/Azure/azure-sdk-for-go/sdk/azcore | v1.17.0 | [MIT](https://opensource.org/license/mit/) | @@ -310,6 +316,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/chuckpreslar/emission | v0.0.0-20170206194824-a7ddd980baf9 | [MIT](https://opensource.org/license/mit/) | | github.com/clbanning/mxj/v2 | v2.7.0 | [MIT](https://opensource.org/license/mit/) | | github.com/clipperhouse/stringish | v0.1.1 | [MIT](https://opensource.org/license/mit/) | +| github.com/clipperhouse/uax29/v2 | v2.6.0 | [MIT](https://opensource.org/license/mit/) | | github.com/clipperhouse/uax29/v2 | v2.3.0 | [MIT](https://opensource.org/license/mit/) | | github.com/cloudevents/sdk-go/v2 | v2.15.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/cloudflare/circl | v1.6.3 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -320,11 +327,13 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/containerd/cgroups/v3 | v3.0.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/console | v1.0.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/console | v1.0.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/containerd/containerd | v1.7.32 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/containerd | v1.7.30 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/containerd | v1.7.29 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/containerd | v1.7.25 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/containerd/api | v1.10.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/containerd/api | v1.8.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/containerd/containerd/v2 | v2.2.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/continuity | v0.4.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/continuity | v0.4.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/errdefs | v1.0.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -335,7 +344,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/containerd/platforms | v1.0.0-rc.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/platforms | v1.0.0-rc.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/platforms | v0.2.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/containerd/stargz-snapshotter/estargz | v0.18.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/containerd/plugin | v1.0.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/stargz-snapshotter/estargz | v0.18.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/stargz-snapshotter/estargz | v0.16.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/ttrpc | v1.2.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -357,6 +366,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/creack/pty | v1.1.21 | [MIT](https://opensource.org/license/mit/) | | github.com/cyberphone/json-canonicalization | v0.0.0-20241213102144-19d51d7fe467 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/cyphar/filepath-securejoin | v0.6.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| github.com/cyphar/filepath-securejoin | v0.5.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/cyphar/filepath-securejoin | v0.4.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/cyphar/filepath-securejoin | v0.4.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/danieljoos/wincred | v1.2.1 | [MIT](https://opensource.org/license/mit/) | @@ -377,7 +387,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/diskfs/go-diskfs | v1.7.0 | [MIT](https://opensource.org/license/mit/) | | github.com/distribution/reference | v0.6.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/djherbis/times | v1.6.0 | [MIT](https://opensource.org/license/mit/) | -| github.com/docker/cli | v29.3.0+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/docker/cli | v29.4.3+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/docker/cli | v29.2.0+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/docker/cli | v29.0.3+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/docker/cli | v27.5.0+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -386,9 +396,10 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/docker/docker | v28.5.2+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/docker/docker | v28.0.0+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/docker/docker | v27.5.0+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/docker/docker-credential-helpers | v0.9.5 | [MIT](https://opensource.org/license/mit/) | | github.com/docker/docker-credential-helpers | v0.9.3 | [MIT](https://opensource.org/license/mit/) | | github.com/docker/docker-credential-helpers | v0.8.2 | [MIT](https://opensource.org/license/mit/) | -| github.com/docker/go-connections | v0.6.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/docker/go-connections | v0.7.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/docker/go-connections | v0.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/docker/go-events | v0.0.0-20190806004212-e31b211e4f1c | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/docker/go-metrics | v0.0.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -397,7 +408,6 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/drone/envsubst/v2 | v2.0.0-20210730161058-179042472c46 | [MIT](https://opensource.org/license/mit/) | | github.com/dsnet/compress | v0.0.2-0.20230904184137-39efe44ab707 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/dustin/go-humanize | v1.0.1 | [MIT](https://opensource.org/license/mit/) | -| github.com/dustin/go-humanize | v1.0.0 | [MIT](https://opensource.org/license/mit/) | | github.com/edsrzf/mmap-go | v1.2.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/elastic/go-licenser | v0.3.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/elastic/go-sysinfo | v1.1.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -419,12 +429,12 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/evanphx/json-patch/v5 | v5.9.11 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/evanphx/json-patch/v5 | v5.9.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/evanphx/json-patch/v5 | v5.6.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| github.com/evanphx/json-patch/v5 | v5.5.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/exponent-io/jsonpath | v0.0.0-20210407135951-1de76d718b3f | [MIT](https://opensource.org/license/mit/) | | github.com/fatih/color | v1.18.0 | [MIT](https://opensource.org/license/mit/) | | github.com/fatih/color | v1.16.0 | [MIT](https://opensource.org/license/mit/) | | github.com/felixge/httpsnoop | v1.0.4 | [MIT](https://opensource.org/license/mit/) | | github.com/foxboron/go-uefi | v0.0.0-20251010190908-d29549a44f29 | [MIT](https://opensource.org/license/mit/) | +| github.com/foxcpp/go-mockdns | v1.2.0 | [MIT](https://opensource.org/license/mit/) | | github.com/fsnotify/fsnotify | v1.9.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/fsnotify/fsnotify | v1.8.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/fsnotify/fsnotify | v1.7.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -432,9 +442,9 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/fxamacker/cbor/v2 | v2.9.0 | [MIT](https://opensource.org/license/mit/) | | github.com/fxamacker/cbor/v2 | v2.8.0 | [MIT](https://opensource.org/license/mit/) | | github.com/fxamacker/cbor/v2 | v2.7.0 | [MIT](https://opensource.org/license/mit/) | -| github.com/gabriel-vasile/mimetype | v1.4.10 | [MIT](https://opensource.org/license/mit/) | -| github.com/gdamore/encoding | v1.0.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/gdamore/tcell/v2 | v2.6.1-0.20231203215052-2917c3801e73 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/gabriel-vasile/mimetype | v1.4.12 | [MIT](https://opensource.org/license/mit/) | +| github.com/gdamore/encoding | v1.0.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/gdamore/tcell/v2 | v2.13.8 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/ghodss/yaml | v1.0.1-0.20190212211648-25d852aebe32 | [MIT](https://opensource.org/license/mit/) | | github.com/ghodss/yaml | v1.0.0 | [MIT](https://opensource.org/license/mit/) | | github.com/go-chi/chi | v4.1.2+incompatible | [MIT](https://opensource.org/license/mit/) | @@ -450,9 +460,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/go-gorp/gorp/v3 | v3.1.0 | [MIT](https://opensource.org/license/mit/) | | github.com/go-ini/ini | v1.67.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-jose/go-jose/v3 | v3.0.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/go-jose/go-jose/v3 | v3.0.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-jose/go-jose/v4 | v4.1.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/go-jose/go-jose/v4 | v4.1.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-jose/go-jose/v4 | v4.0.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-kit/kit | v0.13.0 | [MIT](https://opensource.org/license/mit/) | | github.com/go-kit/log | v0.2.1 | [MIT](https://opensource.org/license/mit/) | @@ -467,60 +475,81 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/go-mail/mail | v2.3.1+incompatible | [MIT](https://opensource.org/license/mit/) | | github.com/go-ole/go-ole | v1.3.0 | [MIT](https://opensource.org/license/mit/) | | github.com/go-ole/go-ole | v1.2.6 | [MIT](https://opensource.org/license/mit/) | +| github.com/go-openapi/analysis | v0.24.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/analysis | v0.24.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/analysis | v0.23.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/analysis | v0.20.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/errors | v0.22.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/errors | v0.22.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/errors | v0.22.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/errors | v0.22.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/errors | v0.19.9 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/jsonpointer | v0.22.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonpointer | v0.22.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonpointer | v0.22.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonpointer | v0.21.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonpointer | v0.21.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonpointer | v0.19.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/jsonreference | v0.21.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonreference | v0.21.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonreference | v0.21.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonreference | v0.21.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/jsonreference | v0.20.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/loads | v0.23.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/loads | v0.23.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/loads | v0.22.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/loads | v0.20.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/runtime | v0.29.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/runtime | v0.29.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/runtime | v0.28.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/runtime | v0.19.24 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/spec | v0.22.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/spec | v0.22.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/spec | v0.22.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/spec | v0.21.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/spec | v0.20.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/strfmt | v0.26.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/strfmt | v0.25.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/strfmt | v0.23.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/strfmt | v0.20.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag | v0.23.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag | v0.23.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag | v0.22.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag | v0.19.14 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/cmdutils | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/cmdutils | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/conv | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/conv | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/conv | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/fileutils | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/fileutils | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/fileutils | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/jsonname | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/jsonname | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/jsonname | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/jsonutils | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/jsonutils | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/jsonutils | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/loading | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/loading | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/loading | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/mangling | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/mangling | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/mangling | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/netutils | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/netutils | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/stringutils | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/stringutils | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/stringutils | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/typeutils | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/typeutils | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/typeutils | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/swag/yamlutils | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/yamlutils | v0.25.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/swag/yamlutils | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/go-openapi/validate | v0.25.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/validate | v0.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/validate | v0.24.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/go-openapi/validate | v0.20.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -528,8 +557,9 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/go-playground/locales | v0.14.1 | [MIT](https://opensource.org/license/mit/) | | github.com/go-playground/universal-translator | v0.18.1 | [MIT](https://opensource.org/license/mit/) | | github.com/go-playground/validator | v9.31.0+incompatible | [MIT](https://opensource.org/license/mit/) | -| github.com/go-playground/validator/v10 | v10.28.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/go-playground/validator/v10 | v10.30.1 | [MIT](https://opensource.org/license/mit/) | | github.com/go-task/slim-sprig/v3 | v3.0.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/go-viper/mapstructure/v2 | v2.5.0 | [MIT](https://opensource.org/license/mit/) | | github.com/go-viper/mapstructure/v2 | v2.4.0 | [MIT](https://opensource.org/license/mit/) | | github.com/go-webauthn/webauthn | v0.8.6 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/go-webauthn/x | v0.1.20 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -556,6 +586,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/google/cel-go | v0.26.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/cel-go | v0.25.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/cel-go | v0.23.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/google/certificate-transparency-go | v1.3.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/certificate-transparency-go | v1.3.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/gnostic | v0.6.9 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/gnostic | v0.5.7-v3refs | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -566,15 +597,15 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/google/go-cmp | v0.7.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/google/go-cmp | v0.6.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/google/go-cmp | v0.5.9 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| github.com/google/go-containerregistry | v0.21.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/google/go-containerregistry | v0.21.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/go-containerregistry | v0.20.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/go-github/v30 | v30.1.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/google/go-github/v53 | v53.2.1-0.20230815134205-bb00f570d301 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/google/go-github/v55 | v55.0.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/google/go-querystring | v1.1.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| github.com/google/go-tpm | v0.9.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/google/go-tpm | v0.9.8 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/go-tpm | v0.9.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/google/go-tpm-tools | v0.4.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/google/go-tpm-tools | v0.4.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/go-tspi | v0.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/gofuzz | v1.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/google/martian | v2.1.1-0.20190517191504-25dcb96d9e51+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -591,7 +622,6 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/googleapis/gax-go/v2 | v2.16.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/googleapis/gax-go/v2 | v2.14.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/googleapis/gax-go/v2 | v2.12.2 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| github.com/googleapis/gnostic | v0.5.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/gookit/color | v1.5.4 | [MIT](https://opensource.org/license/mit/) | | github.com/gophercloud/gophercloud | v1.8.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/gophercloud/gophercloud/v2 | v2.4.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -619,7 +649,6 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/hashicorp/go-version | v1.7.0 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | github.com/hashicorp/go-version | v1.6.0 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | github.com/hashicorp/go-version | v1.4.0 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | -| github.com/hashicorp/golang-lru | v1.0.2 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | github.com/hashicorp/golang-lru/v2 | v2.0.7 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | github.com/hashicorp/hcl | v1.0.0 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | github.com/helm/chart-testing/v3 | v3.9.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -629,8 +658,8 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/imdario/mergo | v0.3.13 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/imdario/mergo | v0.3.12 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/in-toto/attestation | v1.1.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/in-toto/in-toto-golang | v0.10.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/in-toto/in-toto-golang | v0.9.1-0.20240317085821-8e2966059a09 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/in-toto/in-toto-golang | v0.9.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/inconshreveable/go-update | v0.0.0-20160112193335-8152e7eb6ccf | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/inconshreveable/mousetrap | v1.1.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/itchyny/gojq | v0.12.18 | [MIT](https://opensource.org/license/mit/) | @@ -647,7 +676,6 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/jellydator/ttlcache/v3 | v3.4.0 | [MIT](https://opensource.org/license/mit/) | | github.com/jellydator/ttlcache/v3 | v3.3.0 | [MIT](https://opensource.org/license/mit/) | | github.com/jessevdk/go-flags | v1.6.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| github.com/jessevdk/go-flags | v1.5.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/jinzhu/copier | v0.4.0 | [MIT](https://opensource.org/license/mit/) | | github.com/jlaffaye/ftp | v0.0.0-20210307004419-5d4190119067 | [ISC](https://opensource.org/license/isc-license-txt) | | github.com/jmespath/go-jmespath | v0.4.1-0.20220621161143-b0104c826a24 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -674,7 +702,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/kelseyhightower/envconfig | v1.4.0 | [MIT](https://opensource.org/license/mit/) | | github.com/kendru/darwin/go/depgraph | v0.0.0-20230809052043-4d1c7e9d1767 | [MIT](https://opensource.org/license/mit/) | | github.com/kevinburke/ssh_config | v1.2.0 | [MIT](https://opensource.org/license/mit/) | -| github.com/klauspost/compress | v1.18.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/klauspost/compress | v1.18.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/klauspost/compress | v1.18.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/klauspost/compress | v1.18.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/klauspost/compress | v1.17.11 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -699,7 +727,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/loft-sh/log | v0.0.0-20240219160058-26d83ffb46ac | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/loft-sh/vcluster | v0.27.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/logrusorgru/aurora | v2.0.3+incompatible | [Unlicense](https://unlicense.org/) | -| github.com/lucasb-eyer/go-colorful | v1.2.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/lucasb-eyer/go-colorful | v1.3.0 | [MIT](https://opensource.org/license/mit/) | | github.com/lufia/plan9stats | v0.0.0-20211012122336-39d0f177ccd0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/magiconair/properties | v1.8.8 | [BSD-2-Clause](https://opensource.org/license/bsd-2-clause) | | github.com/magiconair/properties | v1.8.7 | [BSD-2-Clause](https://opensource.org/license/bsd-2-clause) | @@ -722,6 +750,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/mattn/go-runewidth | v0.0.16 | [MIT](https://opensource.org/license/mit/) | | github.com/mattn/go-runewidth | v0.0.9 | [MIT](https://opensource.org/license/mit/) | | github.com/mattn/go-shellwords | v1.0.12 | [MIT](https://opensource.org/license/mit/) | +| github.com/mattn/go-sqlite3 | v1.14.28 | [MIT](https://opensource.org/license/mit/) | | github.com/matttproud/golang_protobuf_extensions | v1.0.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/matttproud/golang_protobuf_extensions | v1.0.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/mauromorales/xpasswd | v0.4.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -731,7 +760,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/mholt/archives | v0.1.5 | [MIT](https://opensource.org/license/mit/) | | github.com/mholt/archives | v0.1.4 | [MIT](https://opensource.org/license/mit/) | | github.com/Microsoft/go-winio | v0.6.2 | [MIT](https://opensource.org/license/mit/) | -| github.com/Microsoft/hcsshim | v0.14.0-rc.1 | [MIT](https://opensource.org/license/mit/) | +| github.com/Microsoft/hcsshim | v0.14.1 | [MIT](https://opensource.org/license/mit/) | | github.com/Microsoft/hcsshim | v0.12.9 | [MIT](https://opensource.org/license/mit/) | | github.com/miekg/dns | v1.1.61 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/miekg/pkcs11 | v1.1.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -750,6 +779,8 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/moby/docker-image-spec | v1.3.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/moby/go-archive | v0.1.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/moby/locker | v1.0.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/moby/moby/api | v1.54.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/moby/moby/client | v0.4.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/moby/patternmatcher | v0.6.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/moby/spdystream | v0.5.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/moby/spdystream | v0.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -786,10 +817,12 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/nxadm/tail | v1.4.11 | [MIT](https://opensource.org/license/mit/) | | github.com/nxadm/tail | v1.4.8 | [MIT](https://opensource.org/license/mit/) | | github.com/oklog/ulid | v1.3.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/oklog/ulid/v2 | v2.1.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/oleiade/reflections | v1.1.0 | [MIT](https://opensource.org/license/mit/) | | github.com/oliveagle/jsonpath | v0.0.0-20180606110733-2e52cf6e6852 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/ginkgo | v1.16.5 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/ginkgo/v2 | v2.23.4 | [MIT](https://opensource.org/license/mit/) | +| github.com/onsi/gomega | v1.39.0 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/gomega | v1.38.3 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/gomega | v1.38.0 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/gomega | v1.37.0 | [MIT](https://opensource.org/license/mit/) | @@ -803,6 +836,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/opencontainers/go-digest | v1.0.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opencontainers/image-spec | v1.1.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opencontainers/image-spec | v1.1.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/opencontainers/runtime-spec | v1.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opencontainers/runtime-spec | v1.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opencontainers/selinux | v1.13.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opencontainers/selinux | v1.11.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -820,7 +854,6 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/PaesslerAG/gval | v1.0.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/PaesslerAG/jsonpath | v0.1.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/pborman/uuid | v1.2.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| github.com/pelletier/go-toml | v1.9.5 | [MIT](https://opensource.org/license/mit/) | | github.com/pelletier/go-toml/v2 | v2.2.4 | [MIT](https://opensource.org/license/mit/) | | github.com/pelletier/go-toml/v2 | v2.2.3 | [MIT](https://opensource.org/license/mit/) | | github.com/pelletier/go-toml/v2 | v2.1.1 | [MIT](https://opensource.org/license/mit/) | @@ -850,13 +883,13 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/prometheus/client_model | v0.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.67.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.66.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/prometheus/common | v0.64.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.63.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.62.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.61.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.55.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.42.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.37.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/prometheus/procfs | v0.19.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/procfs | v0.17.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/procfs | v0.16.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/procfs | v0.16.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -879,7 +912,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/redis/go-redis/extra/rediscmd/v9 | v9.5.3 | [BSD-2-Clause](https://opensource.org/license/bsd-2-clause) | | github.com/redis/go-redis/extra/redisotel/v9 | v9.5.3 | [BSD-2-Clause](https://opensource.org/license/bsd-2-clause) | | github.com/rhysd/go-github-selfupdate | v1.2.3 | [MIT](https://opensource.org/license/mit/) | -| github.com/rivo/tview | v0.0.0-20240101144852-b3bd1aa5e9f2 | [MIT](https://opensource.org/license/mit/) | +| github.com/rivo/tview | v0.42.0 | [MIT](https://opensource.org/license/mit/) | | github.com/rivo/uniseg | v0.4.7 | [MIT](https://opensource.org/license/mit/) | | github.com/robfig/cron | v1.2.0 | [MIT](https://opensource.org/license/mit/) | | github.com/rogpeppe/go-internal | v1.14.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -907,6 +940,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/secure-systems-lab/go-securesystemslib | v0.10.0 | [MIT](https://opensource.org/license/mit/) | | github.com/secure-systems-lab/go-securesystemslib | v0.9.1 | [MIT](https://opensource.org/license/mit/) | | github.com/secure-systems-lab/go-securesystemslib | v0.9.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/sergi/go-diff | v1.4.0 | [MIT](https://opensource.org/license/mit/) | | github.com/sergi/go-diff | v1.3.2-0.20230802210424-5b0b94c5c0d3 | [MIT](https://opensource.org/license/mit/) | | github.com/shibumi/go-pathspec | v1.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/shirou/gopsutil | v3.21.11+incompatible | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -919,16 +953,18 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/sigstore/k8s-manifest-sigstore | v0.5.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/protobuf-specs | v0.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/protobuf-specs | v0.3.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/sigstore/rekor | v1.5.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/rekor | v1.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/rekor | v1.3.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/sigstore/rekor-tiles/v2 | v2.0.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/sigstore/rekor-tiles/v2 | v2.2.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/sigstore/sigstore | v1.10.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/sigstore | v1.10.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/sigstore | v1.10.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/sigstore | v1.8.12 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/sigstore-go | v1.1.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/sigstore-go | v0.6.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sigstore/timestamp-authority | v1.2.9 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/sigstore/timestamp-authority/v2 | v2.0.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/sigstore/timestamp-authority/v2 | v2.0.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/sirupsen/logrus | v1.9.4 | [MIT](https://opensource.org/license/mit/) | | github.com/sirupsen/logrus | v1.9.4-0.20230606125235-dd1b4c2e81af | [MIT](https://opensource.org/license/mit/) | | github.com/sirupsen/logrus | v1.9.3 | [MIT](https://opensource.org/license/mit/) | @@ -941,6 +977,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/spectrocloud-labs/prompts-tui | v0.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/spectrocloud/cluster-api-provider-maas | v0.6.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/spectrocloud/cluster-api-provider-maas | v0.5.1-0.20251016083536-74f845a6cf29 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/spectrocloud/cosign/v3 | v3.0.0-20260603001130-eb9fd74c2229 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/spectrocloud/go-i18n/v2 | v2.0.0-20221108074601-64936105f172 | [MIT](https://opensource.org/license/mit/) | | github.com/spectrocloud/maas-client-go | v0.1.6-beta1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/spectrocloud/maas-client-go | v0.0.9-beta1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -998,7 +1035,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/twpayne/go-vfs/v4 | v4.3.0 | [MIT](https://opensource.org/license/mit/) | | github.com/txn2/txeh | v1.5.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/ulikunitz/xz | v0.5.15 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| github.com/urfave/cli | v1.22.16 | [MIT](https://opensource.org/license/mit/) | +| github.com/urfave/cli/v2 | v2.27.7 | [MIT](https://opensource.org/license/mit/) | | github.com/validator-labs/validator | v0.1.13 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/validator-labs/validator-plugin-aws | v0.1.10 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/validator-labs/validator-plugin-azure | v0.0.24 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1032,6 +1069,7 @@ The following table lists the open source licenses tied to the libraries and mod | github.com/xi2/xz | v0.0.0-20171230120015-48954b6210f8 | None | | github.com/xlab/treeprint | v1.2.0 | [MIT](https://opensource.org/license/mit/) | | github.com/xo/terminfo | v0.0.0-20220910002029-abceb7e1c41e | [MIT](https://opensource.org/license/mit/) | +| github.com/xrash/smetrics | v0.0.0-20240521201337-686a1a2994c1 | [MIT](https://opensource.org/license/mit/) | | github.com/yashtewari/glob-intersection | v0.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/youmark/pkcs8 | v0.0.0-20240726163527-a2c0da244d78 | [MIT](https://opensource.org/license/mit/) | | github.com/yusufpapurcu/wmi | v1.2.4 | [MIT](https://opensource.org/license/mit/) | @@ -1051,13 +1089,12 @@ The following table lists the open source licenses tied to the libraries and mod | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.63.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.61.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.59.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.65.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.63.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.62.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.60.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.58.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/runtime | v0.62.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/otel | v1.41.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel | v1.40.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel | v1.39.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel | v1.38.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1070,9 +1107,10 @@ The following table lists the open source licenses tied to the libraries and mod | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.40.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.38.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp | v1.40.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel/exporters/stdout/stdoutmetric | v1.38.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/exporters/stdout/stdoutmetric | v1.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/metric | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/otel/metric | v1.41.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/metric | v1.40.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/metric | v1.39.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/metric | v1.38.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1082,7 +1120,6 @@ The following table lists the open source licenses tied to the libraries and mod | go.opentelemetry.io/otel/sdk/metric | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/sdk/metric | v1.40.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/trace | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/otel/trace | v1.41.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/trace | v1.40.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/trace | v1.39.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/trace | v1.38.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1109,10 +1146,9 @@ The following table lists the open source licenses tied to the libraries and mod | go.yaml.in/yaml/v3 | v3.0.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.yaml.in/yaml/v3 | v3.0.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go4.org | v0.0.0-20230225012048-214862532bf5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| golang.org/x/crypto | v0.53.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/crypto | v0.52.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/crypto | v0.51.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/crypto | v0.50.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/crypto | v0.46.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/crypto | v0.35.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/crypto/x509roots/fallback | v0.0.0-20260423152011-b9e53593a607 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/exp | v0.0.0-20260508232706-74f9aab9d74a | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -1120,18 +1156,13 @@ The following table lists the open source licenses tied to the libraries and mod | golang.org/x/exp | v0.0.0-20250305212735-054e65f0b394 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/exp | v0.0.0-20250210185358-939b2ce775ac | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/exp | v0.0.0-20240719175910-8a7402abbf56 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/image | v0.39.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/image | v0.41.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/lint | v0.0.0-20201208152925-83fdc39ff7b5 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/mod | v0.36.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/mod | v0.35.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/mod | v0.34.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/mod | v0.26.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/mod | v0.29.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/mod | v0.23.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/net | v0.55.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/net | v0.54.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/net | v0.53.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/net | v0.48.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/net | v0.38.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/net | v0.35.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/oauth2 | v0.36.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/oauth2 | v0.35.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -1139,27 +1170,15 @@ The following table lists the open source licenses tied to the libraries and mod | golang.org/x/oauth2 | v0.30.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/oauth2 | v0.27.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sync | v0.20.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/sync | v0.19.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sync | v0.18.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/sync | v0.12.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sync | v0.11.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sys | v0.45.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/sys | v0.44.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/sys | v0.43.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/sys | v0.39.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/sys | v0.37.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/sys | v0.31.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sys | v0.30.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/telemetry | v0.0.0-20260311193753-579e4da9a98c | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/telemetry | v0.0.0-20260409153401-be6f6cb8b1fa | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/term | v0.44.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/term | v0.43.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/term | v0.42.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/term | v0.38.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/term | v0.30.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/term | v0.29.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/text | v0.37.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/text | v0.36.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/text | v0.32.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/text | v0.23.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/text | v0.22.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/time | v0.15.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/time | v0.14.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -1167,14 +1186,12 @@ The following table lists the open source licenses tied to the libraries and mod | golang.org/x/time | v0.10.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/time | v0.7.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/tools | v0.44.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/tools | v0.43.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | gomodules.xyz/jsonpatch/v2 | v2.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | gomodules.xyz/jsonpatch/v2 | v2.4.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | gomodules.xyz/jsonpatch/v2 | v2.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/api | v0.260.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | google.golang.org/api | v0.215.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | google.golang.org/api | v0.169.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| google.golang.org/genproto | v0.0.0-20251202230838-ff82c1b0f217 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/genproto | v0.0.0-20241104194629-dd2ea8efbc28 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/genproto/googleapis/api | v0.0.0-20260401024825-9d38bb4040a9 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/genproto/googleapis/api | v0.0.0-20260128011058-8636f8732409 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1197,6 +1214,7 @@ The following table lists the open source licenses tied to the libraries and mod | google.golang.org/protobuf | v1.35.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | google.golang.org/protobuf | v1.33.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | gopkg.in/alexcesaro/quotedprintable.v3 | v3.0.0-20150716171945-2caba252f4dc | [MIT](https://opensource.org/license/mit/) | +| gopkg.in/evanphx/json-patch.v4 | v4.13.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | gopkg.in/evanphx/json-patch.v4 | v4.12.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | gopkg.in/go-jose/go-jose.v2 | v2.6.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | gopkg.in/go-playground/assert.v1 | v1.2.1 | [MIT](https://opensource.org/license/mit/) | @@ -1217,6 +1235,7 @@ The following table lists the open source licenses tied to the libraries and mod | helm.sh/helm/v3 | v3.18.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | helm.sh/helm/v3 | v3.18.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | helm.sh/helm/v3 | v3.11.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| helm.sh/helm/v4 | v4.1.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | history | 4.10.1 | [MIT](https://opensource.org/license/mit/) | | hoist-non-react-statics | 3.3.2 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | howett.net/plist | v1.0.2-0.20250314012144-ee69052608d9 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -1238,7 +1257,8 @@ The following table lists the open source licenses tied to the libraries and mod | js-base64 | 2.5.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | js-yaml | 3.14.0 | [MIT](https://opensource.org/license/mit/) | | json-schema | 0.4.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| k8s.io/api | v0.34.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/api | v0.35.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/api | v0.35.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/api | v0.33.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/api | v0.33.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/api | v0.33.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1246,6 +1266,7 @@ The following table lists the open source licenses tied to the libraries and mod | k8s.io/api | v0.32.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/api | v0.26.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/api | v0.25.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/apiextensions-apiserver | v0.35.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apiextensions-apiserver | v0.34.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apiextensions-apiserver | v0.33.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apiextensions-apiserver | v0.33.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1254,7 +1275,8 @@ The following table lists the open source licenses tied to the libraries and mod | k8s.io/apiextensions-apiserver | v0.26.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apiextensions-apiserver | v0.25.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apiextensions-apiserver | v0.24.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/apimachinery | v0.34.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/apimachinery | v0.35.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/apimachinery | v0.35.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apimachinery | v0.33.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apimachinery | v0.33.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apimachinery | v0.33.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1267,7 +1289,8 @@ The following table lists the open source licenses tied to the libraries and mod | k8s.io/cli-runtime | v0.33.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/cli-runtime | v0.33.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/cli-runtime | v0.32.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/client-go | v0.34.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/client-go | v0.35.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/client-go | v0.35.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/client-go | v0.33.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/client-go | v0.33.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/client-go | v0.33.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1286,7 +1309,7 @@ The following table lists the open source licenses tied to the libraries and mod | k8s.io/klog | v1.0.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/klog/v2 | v2.130.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/klog/v2 | v2.90.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/kube-openapi | v0.0.0-20250710124328-f3f2b991d03b | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/kube-openapi | v0.0.0-20250910181357-589584f1c912 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kube-openapi | v0.0.0-20250701173324-9bd5c66d9911 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kube-openapi | v0.0.0-20250318190949-c8a335a9a2ff | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kube-openapi | v0.0.0-20241105132330-32ad38e42d3f | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1298,11 +1321,12 @@ The following table lists the open source licenses tied to the libraries and mod | k8s.io/kubectl | v0.33.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kubelet | v0.32.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kubernetes | v1.32.10 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/metrics | v0.35.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/metrics | v0.34.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/metrics | v0.33.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/metrics | v0.21.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/pod-security-admission | v0.33.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/pod-security-admission | v0.31.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/utils | v0.0.0-20251002143259-bc988d571ff4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/utils | v0.0.0-20250820121507-0af2bda4dd1d | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/utils | v0.0.0-20250604170112-4c0f3b243397 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/utils | v0.0.0-20250321185631-1f6e0b77f77e | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1332,7 +1356,6 @@ The following table lists the open source licenses tied to the libraries and mod | monaco-themes | 0.4.8 | [MIT](https://opensource.org/license/mit/) | | monaco-yaml | 5.4.0 | [MIT](https://opensource.org/license/mit/) | | monaco-yaml | 4.0.4 | [MIT](https://opensource.org/license/mit/) | -| msw | 2.13.2 | [MIT](https://opensource.org/license/mit/) | | msw-storybook-addon | 2.0.7 | [MIT](https://opensource.org/license/mit/) | | murmurhash-js | 1.0.0 | [MIT](https://opensource.org/license/mit/) | | nanoid | 5.1.6 | [MIT](https://opensource.org/license/mit/) | @@ -1356,7 +1379,7 @@ The following table lists the open source licenses tied to the libraries and mod | prettier | 2.8.8 | [MIT](https://opensource.org/license/mit/) | | prop-types | 15.8.1 | [MIT](https://opensource.org/license/mit/) | | prop-types | 15.7.2 | [MIT](https://opensource.org/license/mit/) | -| qs | 6.15.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| qs | 6.15.2 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | query-string | 7.1.3 | [MIT](https://opensource.org/license/mit/) | | rc-pagination | 4.3.0 | [MIT](https://opensource.org/license/mit/) | | rc-table | 7.54.0 | [MIT](https://opensource.org/license/mit/) | @@ -1389,7 +1412,7 @@ The following table lists the open source licenses tied to the libraries and mod | react-redux | 8.1.3 | [MIT](https://opensource.org/license/mit/) | | react-redux | 7.2.9 | [MIT](https://opensource.org/license/mit/) | | react-redux | 7.2.2 | [MIT](https://opensource.org/license/mit/) | -| react-resizable | 3.1.3 | [MIT](https://opensource.org/license/mit/) | +| react-resizable | 3.2.0 | [MIT](https://opensource.org/license/mit/) | | react-rnd | 10.3.4 | [MIT](https://opensource.org/license/mit/) | | react-router | 5.3.4 | [MIT](https://opensource.org/license/mit/) | | react-router-dom | 6.30.3 | [MIT](https://opensource.org/license/mit/) | @@ -1412,7 +1435,7 @@ The following table lists the open source licenses tied to the libraries and mod | redux-thunk | 2.4.0 | [MIT](https://opensource.org/license/mit/) | | regenerator-runtime | 0.14.1 | [MIT](https://opensource.org/license/mit/) | | remark-gfm | 3.0.1 | [MIT](https://opensource.org/license/mit/) | -| reselect | 5.1.1 | [MIT](https://opensource.org/license/mit/) | +| reselect | 5.2.0 | [MIT](https://opensource.org/license/mit/) | | reselect | 4.1.8 | [MIT](https://opensource.org/license/mit/) | | reselect | 4.0.0 | [MIT](https://opensource.org/license/mit/) | | sanitize-html | 2.7.1 | [MIT](https://opensource.org/license/mit/) | @@ -1445,6 +1468,7 @@ The following table lists the open source licenses tied to the libraries and mod | sigs.k8s.io/controller-runtime/tools/setup-envtest | v0.0.0-20231212192121-eeaa31c3933f | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/gateway-api | v0.7.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/gateway-api | v0.4.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| sigs.k8s.io/json | v0.0.0-20250730193827-2d320260d730 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/json | v0.0.0-20241014173422-cfa47c3a1cc8 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/json | v0.0.0-20241010143419-9aa6b5e7a4b3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/json | v0.0.0-20221116044647-bc3834ca7abd | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -1462,6 +1486,7 @@ The following table lists the open source licenses tied to the libraries and mod | sigs.k8s.io/structured-merge-diff/v4 | v4.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/structured-merge-diff/v4 | v4.4.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/structured-merge-diff/v4 | v4.2.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| sigs.k8s.io/structured-merge-diff/v6 | v6.3.2-0.20260122202528-d9cc6641c482 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/structured-merge-diff/v6 | v6.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/yaml | v1.6.0 | [MIT](https://opensource.org/license/mit/) | | sigs.k8s.io/yaml | v1.5.0 | [MIT](https://opensource.org/license/mit/) | @@ -1484,7 +1509,6 @@ The following table lists the open source licenses tied to the libraries and mod | validator | 13.15.26 | [MIT](https://opensource.org/license/mit/) | | vest | 5.4.6 | [MIT](https://opensource.org/license/mit/) | | virtua | 0.40.4 | [MIT](https://opensource.org/license/mit/) | -| vite-plugin-svgr | 4.5.0 | [MIT](https://opensource.org/license/mit/) | | vscode-languageserver-types | 3.14.0 | [MIT](https://opensource.org/license/mit/) | | whatwg-fetch | 2.0.4 | [MIT](https://opensource.org/license/mit/) | | xterm | 4.10.0 | [MIT](https://opensource.org/license/mit/) | diff --git a/docs/docs-content/legal-licenses/oss-licenses-index/pxk-oss-licenses.md b/docs/docs-content/legal-licenses/oss-licenses-index/pxk-oss-licenses.md index 21d3dd95549..4e157dc9b1c 100644 --- a/docs/docs-content/legal-licenses/oss-licenses-index/pxk-oss-licenses.md +++ b/docs/docs-content/legal-licenses/oss-licenses-index/pxk-oss-licenses.md @@ -64,30 +64,31 @@ Processing Standards (FIPS) compliant version of PXK. | cloud.google.com/go/auth | v0.20.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | cloud.google.com/go/auth/oauth2adapt | v0.2.8 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | cloud.google.com/go/compute/metadata | v0.9.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| cyphar.com/go-pathrs | v0.2.4 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | +| cyphar.com/go-pathrs | v0.2.5 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | cyphar.com/go-pathrs | v0.2.2 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | cyphar.com/go-pathrs | v0.2.1 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | dario.cat/mergo | v1.0.2 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/AdaLogics/go-fuzz-headers | v0.0.0-20240806141605-e8a1dd7889d6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/alexflint/go-filemutex | v1.3.0 | [MIT](https://opensource.org/license/mit/) | | github.com/antlr4-go/antlr/v4 | v4.13.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| github.com/aperturerobotics/protobuf-go-lite | v0.14.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/apparentlymart/go-cidr | v1.1.1 | [MIT](https://opensource.org/license/mit/) | -| github.com/aws/aws-sdk-go-v2 | v1.41.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/config | v1.32.17 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/credentials | v1.19.16 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/feature/ec2/imds | v1.18.23 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/internal/configsources | v1.4.23 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 | v2.7.23 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/internal/v4a | v1.4.24 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding | v1.13.9 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/service/internal/presigned-url | v1.13.23 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/service/route53 | v1.62.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/service/secretsmanager | v1.41.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/service/signin | v1.0.11 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/service/sso | v1.30.17 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/service/ssooidc | v1.35.21 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/aws-sdk-go-v2/service/sts | v1.42.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/aws/smithy-go | v1.25.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2 | v1.42.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/config | v1.32.22 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/credentials | v1.19.24 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/feature/ec2/imds | v1.18.29 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/internal/configsources | v1.4.29 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 | v2.7.29 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/internal/v4a | v1.4.30 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding | v1.13.12 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/service/internal/presigned-url | v1.13.29 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/service/route53 | v1.63.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/service/secretsmanager | v1.42.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/service/signin | v1.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/service/sso | v1.31.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/service/ssooidc | v1.36.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/aws-sdk-go-v2/service/sts | v1.43.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/aws/smithy-go | v1.27.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/Azure/azure-sdk-for-go | v68.0.0+incompatible | [MIT](https://opensource.org/license/mit/) | | github.com/Azure/go-ansiterm | v0.0.0-20250102033503-faa5f7b0171c | [MIT](https://opensource.org/license/mit/) | | github.com/Azure/go-autorest | v14.2.0+incompatible | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -109,12 +110,13 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/chai2010/gettext-go | v1.0.2 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/checkpoint-restore/checkpointctl | v1.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/checkpoint-restore/go-criu/v7 | v7.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/checkpoint-restore/go-criu/v8 | v8.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/cheggaaa/pb/v3 | v3.1.7 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/cihub/seelog | v0.0.0-20170130134532-f561c5e57575 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/cilium/ebpf | v0.17.3 | [MIT](https://opensource.org/license/mit/) | | github.com/cilium/ebpf | v0.16.0 | [MIT](https://opensource.org/license/mit/) | -| github.com/clipperhouse/displaywidth | v0.10.0 | [MIT](https://opensource.org/license/mit/) | -| github.com/clipperhouse/uax29/v2 | v2.6.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/clipperhouse/displaywidth | v0.11.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/clipperhouse/uax29/v2 | v2.7.0 | [MIT](https://opensource.org/license/mit/) | | github.com/container-storage-interface/spec | v1.9.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/btrfs/v2 | v2.0.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/cgroups/v3 | v3.1.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -136,6 +138,7 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/containerd/plugin | v1.1.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/ttrpc | v1.2.8 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/ttrpc | v1.2.7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/containerd/typeurl/v2 | v2.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/typeurl/v2 | v2.2.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containerd/zfs/v2 | v2.0.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/containernetworking/cni | v1.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -150,6 +153,7 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/coreos/go-systemd/v22 | v22.7.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/cpuguy83/go-md2man/v2 | v2.0.7 | [MIT](https://opensource.org/license/mit/) | | github.com/cpuguy83/go-md2man/v2 | v2.0.6 | [MIT](https://opensource.org/license/mit/) | +| github.com/cyphar/filepath-securejoin | v0.7.0 | [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) | | github.com/cyphar/filepath-securejoin | v0.6.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/cyphar/filepath-securejoin | v0.6.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/DataDog/datadog-agent/comp/core/tagger/origindetection | v0.77.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -167,7 +171,7 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/DataDog/datadog-agent/pkg/util/scrubber | v0.77.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/DataDog/datadog-agent/pkg/version | v0.77.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/DataDog/datadog-go/v5 | v5.8.3 | [MIT](https://opensource.org/license/mit/) | -| github.com/DataDog/dd-trace-go/v2 | v2.8.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/DataDog/dd-trace-go/v2 | v2.8.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/DataDog/go-libddwaf/v4 | v4.9.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/DataDog/go-runtime-metrics-internal | v0.0.4-0.20260217080614-b0f4edc38a6d | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/DataDog/go-sqllexer | v0.1.13 | [MIT](https://opensource.org/license/mit/) | @@ -226,7 +230,6 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/gogo/protobuf | v1.3.2 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/golang-jwt/jwt/v4 | v4.5.2 | [MIT](https://opensource.org/license/mit/) | | github.com/golang-jwt/jwt/v5 | v5.3.1 | [MIT](https://opensource.org/license/mit/) | -| github.com/golang-jwt/jwt/v5 | v5.3.0 | [MIT](https://opensource.org/license/mit/) | | github.com/golang/groupcache | v0.0.0-20241129210726-2c02b8208cf8 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/golang/groupcache | v0.0.0-20210331224755-41bb18bfe9da | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/golang/protobuf | v1.5.4 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -244,12 +247,11 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/googleapis/enterprise-certificate-proxy | v0.3.15 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/googleapis/gax-go/v2 | v2.22.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/gorilla/websocket | v1.5.4-0.20250319132907-e064f32e3674 | [BSD-2-Clause](https://opensource.org/license/bsd-2-clause) | -| github.com/gorilla/websocket | v1.5.0 | [BSD-2-Clause](https://opensource.org/license/bsd-2-clause) | +| github.com/gorilla/websocket | v1.5.3 | [BSD-2-Clause](https://opensource.org/license/bsd-2-clause) | | github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus | v1.1.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/grpc-ecosystem/go-grpc-middleware/v2 | v2.3.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/grpc-ecosystem/go-grpc-middleware/v2 | v2.1.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/grpc-ecosystem/grpc-gateway/v2 | v2.29.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| github.com/grpc-ecosystem/grpc-gateway/v2 | v2.28.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/grpc-ecosystem/grpc-gateway/v2 | v2.27.4 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/grpc-ecosystem/grpc-opentracing | v0.0.0-20180507213350-8e809c8a8645 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/hashicorp/cronexpr | v1.1.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -286,7 +288,7 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/Masterminds/semver/v3 | v3.4.0 | [MIT](https://opensource.org/license/mit/) | | github.com/mattn/go-colorable | v0.1.14 | [MIT](https://opensource.org/license/mit/) | | github.com/mattn/go-isatty | v0.0.20 | [MIT](https://opensource.org/license/mit/) | -| github.com/mattn/go-runewidth | v0.0.19 | [MIT](https://opensource.org/license/mit/) | +| github.com/mattn/go-runewidth | v0.0.23 | [MIT](https://opensource.org/license/mit/) | | github.com/mattn/go-shellwords | v1.0.12 | [MIT](https://opensource.org/license/mit/) | | github.com/mdlayher/packet | v1.1.2 | [MIT](https://opensource.org/license/mit/) | | github.com/mdlayher/socket | v0.5.1 | [MIT](https://opensource.org/license/mit/) | @@ -295,7 +297,7 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/Microsoft/go-winio | v0.6.2 | [MIT](https://opensource.org/license/mit/) | | github.com/Microsoft/hcsshim | v0.15.0-rc.1 | [MIT](https://opensource.org/license/mit/) | | github.com/Microsoft/hcsshim | v0.14.0 | [MIT](https://opensource.org/license/mit/) | -| github.com/Microsoft/hnslib | v0.1.2 | [MIT](https://opensource.org/license/mit/) | +| github.com/Microsoft/hnslib | v0.1.3 | [MIT](https://opensource.org/license/mit/) | | github.com/miekg/dns | v1.1.72 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/miekg/pkcs11 | v1.1.1 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/minio/simdjson-go | v0.4.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -329,10 +331,10 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/olekukonko/errors | v1.2.0 | [MIT](https://opensource.org/license/mit/) | | github.com/olekukonko/ll | v0.1.6 | [MIT](https://opensource.org/license/mit/) | | github.com/olekukonko/tablewriter | v1.1.4 | [MIT](https://opensource.org/license/mit/) | -| github.com/onsi/ginkgo/v2 | v2.29.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/onsi/ginkgo/v2 | v2.31.0 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/ginkgo/v2 | v2.28.3 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/ginkgo/v2 | v2.28.1 | [MIT](https://opensource.org/license/mit/) | -| github.com/onsi/gomega | v1.41.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/onsi/gomega | v1.42.0 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/gomega | v1.40.0 | [MIT](https://opensource.org/license/mit/) | | github.com/onsi/gomega | v1.39.1 | [MIT](https://opensource.org/license/mit/) | | github.com/opencontainers/cgroups | v0.0.6 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -340,15 +342,14 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/opencontainers/image-spec | v1.1.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opencontainers/runtime-spec | v1.3.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opencontainers/runtime-tools | v0.9.1-0.20251114084447-edf4cb3d2116 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/opencontainers/selinux | v1.15.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/opencontainers/selinux | v1.14.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/opencontainers/selinux | v1.15.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opencontainers/selinux | v1.13.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opentracing-contrib/go-observer | v0.0.0-20170622124052-a52f23424492 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/opentracing/opentracing-go | v1.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/openzipkin-contrib/zipkin-go-opentracing | v0.5.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/openzipkin/zipkin-go | v0.4.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| github.com/oschwald/geoip2-golang/v2 | v2.1.0 | [ISC](https://opensource.org/license/isc-license-txt) | -| github.com/oschwald/maxminddb-golang/v2 | v2.1.1 | [ISC](https://opensource.org/license/isc-license-txt) | +| github.com/oschwald/geoip2-golang/v2 | v2.2.0 | [ISC](https://opensource.org/license/isc-license-txt) | +| github.com/oschwald/maxminddb-golang/v2 | v2.3.0 | [ISC](https://opensource.org/license/isc-license-txt) | | github.com/outcaste-io/ristretto | v0.2.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/pb33f/ordered-map/v2 | v2.3.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/pelletier/go-toml/v2 | v2.3.1 | [MIT](https://opensource.org/license/mit/) | @@ -365,13 +366,14 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/pquerna/cachecontrol | v0.1.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/client_golang | v1.23.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/client_model | v0.6.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| github.com/prometheus/common | v0.68.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/common | v0.67.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/exporter-toolkit | v0.16.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/procfs | v0.19.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/prometheus/procfs | v0.16.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/puzpuzpuz/xsync/v3 | v3.5.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/quic-go/qpack | v0.6.0 | [MIT](https://opensource.org/license/mit/) | -| github.com/quic-go/quic-go | v0.59.1 | [MIT](https://opensource.org/license/mit/) | +| github.com/quic-go/quic-go | v0.60.0 | [MIT](https://opensource.org/license/mit/) | | github.com/robfig/cron/v3 | v3.0.1 | [MIT](https://opensource.org/license/mit/) | | github.com/russross/blackfriday/v2 | v2.1.0 | [BSD-2-Clause](https://opensource.org/license/bsd-2-clause) | | github.com/safchain/ethtool | v0.7.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -395,49 +397,54 @@ Processing Standards (FIPS) compliant version of PXK. | github.com/tklauser/go-sysconf | v0.3.16 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/tklauser/numcpus | v0.11.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/tmc/grpc-websocket-proxy | v0.0.0-20220101234140-673ab2c3ae75 | [MIT](https://opensource.org/license/mit/) | -| github.com/tmc/grpc-websocket-proxy | v0.0.0-20201229170055-e5319fda7802 | [MIT](https://opensource.org/license/mit/) | | github.com/trailofbits/go-mutexasserts | v0.0.0-20250514102930-c1f3d2e37561 | [MIT](https://opensource.org/license/mit/) | | github.com/u-root/uio | v0.0.0-20240224005618-d2acac8f3701 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | github.com/urfave/cli/v2 | v2.27.7 | [MIT](https://opensource.org/license/mit/) | -| github.com/urfave/cli/v3 | v3.9.0 | [MIT](https://opensource.org/license/mit/) | +| github.com/urfave/cli/v3 | v3.10.0 | [MIT](https://opensource.org/license/mit/) | | github.com/vishvananda/netlink | v1.3.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/vishvananda/netns | v0.0.5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | github.com/VividCortex/ewma | v1.2.0 | [MIT](https://opensource.org/license/mit/) | | github.com/x448/float16 | v0.8.4 | [MIT](https://opensource.org/license/mit/) | | github.com/xiang90/probing | v0.0.0-20221125231312-a49e3df8f510 | [MIT](https://opensource.org/license/mit/) | -| github.com/xiang90/probing | v0.0.0-20190116061207-43a291ad63a2 | [MIT](https://opensource.org/license/mit/) | | github.com/xlab/treeprint | v1.2.0 | [MIT](https://opensource.org/license/mit/) | | github.com/xrash/smetrics | v0.0.0-20240521201337-686a1a2994c1 | [MIT](https://opensource.org/license/mit/) | | github.com/yusufpapurcu/wmi | v1.2.4 | [MIT](https://opensource.org/license/mit/) | -| go.etcd.io/bbolt | v1.5.0-beta.0 | [MIT](https://opensource.org/license/mit/) | +| go.etcd.io/bbolt | v1.5.0-rc.0 | [MIT](https://opensource.org/license/mit/) | | go.etcd.io/bbolt | v1.4.3 | [MIT](https://opensource.org/license/mit/) | -| go.etcd.io/etcd/api/v3 | v3.6.11 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.etcd.io/etcd/client/pkg/v3 | v3.6.11 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.etcd.io/etcd/client/v3 | v3.6.11 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.etcd.io/etcd/pkg/v3 | v3.6.11 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.etcd.io/etcd/server/v3 | v3.6.11 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/etcd/api/v3 | v3.7.0-rc.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/etcd/api/v3 | v3.6.12 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/etcd/client/pkg/v3 | v3.7.0-rc.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/etcd/client/pkg/v3 | v3.6.12 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/etcd/client/v3 | v3.7.0-rc.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/etcd/client/v3 | v3.6.12 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/etcd/pkg/v3 | v3.7.0-rc.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/etcd/server/v3 | v3.7.0-rc.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.etcd.io/gofail | v0.2.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.etcd.io/raft/v3 | v3.6.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.etcd.io/raft/v3 | v3.6.0-beta.0.0.20260116184858-6d944ca211ee | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.etcd.io/raft/v3 | v3.7.0-rc.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opencensus.io | v0.24.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/auto/sdk | v1.2.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/collector/component | v1.51.1-0.20260205185216-81bc641f26c0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/collector/featuregate | v1.51.1-0.20260205185216-81bc641f26c0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/collector/pdata | v1.51.1-0.20260205185216-81bc641f26c0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/collector/pdata/pprofile | v0.145.1-0.20260205185216-81bc641f26c0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful | v0.68.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful | v0.69.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.69.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.68.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | v0.65.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.68.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.69.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | v0.67.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel | v1.44.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel/exporters/otlp/otlptrace | v1.44.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/exporters/otlp/otlptrace | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/otel/exporters/otlp/otlptrace | v1.42.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.44.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc | v1.42.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp | v1.44.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel/metric | v1.44.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/metric | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel/sdk | v1.44.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/sdk | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| go.opentelemetry.io/otel/trace | v1.44.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/otel/trace | v1.43.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/proto/otlp | v1.10.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.opentelemetry.io/proto/otlp | v1.9.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | @@ -450,50 +457,48 @@ Processing Standards (FIPS) compliant version of PXK. | go.yaml.in/yaml/v2 | v2.4.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.yaml.in/yaml/v3 | v3.0.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | go.yaml.in/yaml/v4 | v4.0.0-rc.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| golang.org/x/crypto | v0.53.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/crypto | v0.52.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/crypto | v0.51.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/crypto | v0.50.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/crypto | v0.49.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/exp | v0.0.0-20260410095643-746e56fc9e2f | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/exp | v0.0.0-20260209203927-2842357ff358 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/exp | v0.0.0-20241108190413-2d47ceb2692f | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/mod | v0.37.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/mod | v0.36.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/mod | v0.35.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/mod | v0.32.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/net | v0.56.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/net | v0.55.1-0.20260602153038-42abb857022c | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/net | v0.55.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/net | v0.54.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/net | v0.53.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/net | v0.52.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/net | v0.49.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/oauth2 | v0.36.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/sync | v0.21.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sync | v0.20.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sync | v0.19.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/sys | v0.46.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sys | v0.45.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/sys | v0.44.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/sys | v0.42.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/term | v0.44.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/term | v0.43.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/term | v0.41.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/text | v0.38.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/text | v0.37.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/text | v0.36.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| golang.org/x/text | v0.35.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/text | v0.33.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/time | v0.15.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/time | v0.14.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| golang.org/x/tools | v0.45.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/tools | v0.44.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/tools | v0.41.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | golang.org/x/xerrors | v0.0.0-20240903120638-7835f813f4da | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | -| google.golang.org/api | v0.279.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| google.golang.org/api | v0.280.0 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | +| google.golang.org/genproto/googleapis/api | v0.0.0-20260526163538-3dc84a4a5aaa | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/genproto/googleapis/api | v0.0.0-20260414002931-afd174a4e478 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| google.golang.org/genproto/googleapis/api | v0.0.0-20260401024825-9d38bb4040a9 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/genproto/googleapis/api | v0.0.0-20260319201613-d00831a3d3e7 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| google.golang.org/genproto/googleapis/rpc | v0.0.0-20260427160629-7cedc36a6bc4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| google.golang.org/genproto/googleapis/rpc | v0.0.0-20260526163538-3dc84a4a5aaa | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| google.golang.org/genproto/googleapis/rpc | v0.0.0-20260511170946-3700d4141b60 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/genproto/googleapis/rpc | v0.0.0-20260414002931-afd174a4e478 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| google.golang.org/genproto/googleapis/rpc | v0.0.0-20260406210006-6f92a3bedf2d | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| google.golang.org/genproto/googleapis/rpc | v0.0.0-20260401024825-9d38bb4040a9 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/genproto/googleapis/rpc | v0.0.0-20251202230838-ff82c1b0f217 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/grpc | v1.81.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/grpc | v1.81.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| google.golang.org/grpc | v1.80.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/grpc | v1.79.3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | google.golang.org/protobuf | v1.36.12-0.20260120151049-f2248ac996af | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | | google.golang.org/protobuf | v1.36.11 | [BSD-3-Clause](https://opensource.org/license/bsd-3-clause) | @@ -505,37 +510,32 @@ Processing Standards (FIPS) compliant version of PXK. | gopkg.in/natefinch/lumberjack.v2 | v2.2.1 | [MIT](https://opensource.org/license/mit/) | | gopkg.in/yaml.v3 | v3.0.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/api | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/api | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/api | v0.35.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apimachinery | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/apimachinery | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/apimachinery | v0.35.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/cli-runtime | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/client-go | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/client-go | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/client-go | v0.35.4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/component-base | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/component-base | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/cri-api | v0.36.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/cri-api | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/cri-api | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/cri-client | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/cri-client | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/cri-streaming | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/cri-streaming | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/gengo/v2 | v2.0.0-20260408192533-25e2208e0dc3 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/klog/v2 | v2.140.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/kube-openapi | v0.0.0-20260519202549-bbf5c5577288 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/kube-openapi | v0.0.0-20260618221249-bc653b64f974 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kube-openapi | v0.0.0-20260319004828-5883c5ee87b9 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kube-openapi | v0.0.0-20250910181357-589584f1c912 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kubectl | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/kubelet | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| k8s.io/streaming | v0.36.2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/streaming | v0.36.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| k8s.io/streaming | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/system-validators | v1.12.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/utils | v0.0.0-20260319190234-28399d86e0b5 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/utils | v0.0.0-20260210185600-b8788abfbbc2 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/utils | v0.0.0-20260108192941-914a6e750570 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | k8s.io/utils | v0.0.0-20251002143259-bc988d571ff4 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | -| sigs.k8s.io/apiserver-network-proxy/konnectivity-client | v0.34.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | +| sigs.k8s.io/apiserver-network-proxy/konnectivity-client | v0.36.0 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/json | v0.0.0-20250730193827-2d320260d730 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/knftables | v0.0.21 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | | sigs.k8s.io/kustomize/api | v0.21.1 | [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) | diff --git a/docs/docs-content/registries-and-packs/advanced-configuration.md b/docs/docs-content/registries-and-packs/advanced-configuration.md index 092cb32298a..bcdf78ad940 100644 --- a/docs/docs-content/registries-and-packs/advanced-configuration.md +++ b/docs/docs-content/registries-and-packs/advanced-configuration.md @@ -75,7 +75,7 @@ docker run -d \ -e REGISTRY_LOG_LEVEL=debug \ -e REGISTRY_AUTH=htpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALM="My Enterprise Realm" \ - us-docker.pkg.dev/palette-images/palette/spectro-registry:4.9.2 + us-docker.pkg.dev/palette-images/palette/spectro-registry:4.9.3 ``` Alternatively, you can start the container by mounting a directory with a new configuration file and pointing the server @@ -89,7 +89,7 @@ docker run -d \ -p 443:5000 \ --name spectro-registry \ --volume $(pwd)/myconfig.yml:/etc/myconfig.yml \ - us-docker.pkg.dev/palette-images/palette/spectro-registry:4.9.2 \ + us-docker.pkg.dev/palette-images/palette/spectro-registry:4.9.3 \ serve /etc/spectropaxconfig/myconfig.yml ``` diff --git a/docs/docs-content/release-notes/announcements.md b/docs/docs-content/release-notes/announcements.md index 31fb984b8dd..224f34f8363 100644 --- a/docs/docs-content/release-notes/announcements.md +++ b/docs/docs-content/release-notes/announcements.md @@ -24,9 +24,10 @@ Use the [Find Breaking Changes](breaking-changes.md) page to list all the breaki Stay informed about the upcoming breaking changes in Palette and Palette VerteX. Use the information below to prepare for the changes in your environment. -| Change | Target Date | Published Date | -| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------- | -------------- | -| [AWS GovCloud](../clusters/public-cloud/aws/add-aws-accounts.md#aws-govcloud) and [Azure Government cloud](../clusters/public-cloud/azure/azure-cloud.md#azure-government-cloud), currently disabled in the Palette UI, will be removed from the [Palette API](/api/category/palette-api-v1/), [Spectro Cloud Terraform provider](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs), and [Spectro Cloud Crossplane provider](https://marketplace.upbound.io/providers/crossplane-contrib/provider-palette) in an upcoming release. To continue deploying and managing clusters using AWS GovCloud or Azure Government cloud, use [Palette VerteX](../vertex/vertex.md) instead. | _To be announced_ | May 3, 2026 | +| Change | Target Date | Published Date | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -------------- | +| Spectro Cloud is transitioning to the use of security-hardened images. As a result, retrieving images from Spectro Cloud OCI registries will now require a Spectro Cloud image pull secret. This secret is intended for long-term use and is configured once. Image pulls from Spectro Cloud registries will not be allowed unless a valid image pull secret is configured.

    This change primarily affects non-airgap environments that do not configure mirror registries or image swap; it does not apply to airgapped environments, which pull images from their own registries. To obtain your image pull secret, contact your Spectro Cloud customer support representative. Refer to [Configure Image Pull Secret](../enterprise-version/system-management/configure-image-pull-secret.md) for more information. | _To be announced_ | June 28, 2026 | +| [AWS GovCloud](../clusters/public-cloud/aws/add-aws-accounts.md#aws-govcloud) and [Azure Government cloud](../clusters/public-cloud/azure/azure-cloud.md#azure-government-cloud), currently disabled in the Palette UI, will be removed from the [Palette API](/api/category/palette-api-v1/), [Spectro Cloud Terraform provider](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs), and [Spectro Cloud Crossplane provider](https://marketplace.upbound.io/providers/crossplane-contrib/provider-palette) in an upcoming release. To continue deploying and managing clusters using AWS GovCloud or Azure Government cloud, use [Palette VerteX](../vertex/vertex.md) instead. | _To be announced_ | May 3, 2026 | @@ -39,6 +40,7 @@ necessary actions to avoid any disruptions in your environment. | Change | Target Removal Date | Published Date | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | ----------------- | +| The `v1/projects` Palette [API endpoint](/api/introduction) is now deprecated. Use the `/v1/dashboard/projects` endpoint instead. | December 13, 2026 | June 28, 2026 | | [EKS Hybrid Nodes](../clusters/public-cloud/aws/eks-hybrid-nodes/eks-hybrid-nodes.md) are now deprecated in Palette and Palette VerteX. We recommend that customers deploy their workloads to [EKS clusters](../clusters/public-cloud/aws/eks.md) instead. | December 13, 2026 | May 31, 2026 | | The `/clusterprofiles`[API endpoint](/api/introduction) is now deprecated. Use the `/dashboard/clusterprofiles` endpoint instead, which includes improved data retrieval capabilities. | November 15, 2026 | May 3, 2026 | | Support for Red Hat Enterprise Linux (RHEL) 8.x in Edge workflows has been deprecated, including FIPS-enabled configurations. We recommend using RHEL 9.x or RHEL 10.x. | _To be announced_ | May 3, 2026 | diff --git a/docs/docs-content/release-notes/known-issues.md b/docs/docs-content/release-notes/known-issues.md index 070fe2ae29d..f18a825c2b4 100644 --- a/docs/docs-content/release-notes/known-issues.md +++ b/docs/docs-content/release-notes/known-issues.md @@ -16,10 +16,9 @@ The following table lists all known issues that are currently active and affecti | Description | Workaround | Publish Date | Product Component | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | ----------------------------------------- | -| During [Launchpad for VMs cluster installation](../vm-management/launchpad-for-vms/install-vmla-iso.md#create-cluster), you must enter a complex password in all three Keycloak fields. The installation fails if any password does not meet the complexity requirements. | When creating the Launchpad for VMs cluster, each Keycloak password must contain 6 to 64 characters and include at least one uppercase letter, one lowercase letter, one number, and one special character. | June 11, 2026 | Launchpad for VMs | +| GCP clusters intermittently take far longer to provision than expected. This is due to the control plane being repeatedly repaved due to a timing dependency between `kubeadm init` and the GCP load balancer. | Lower the API load balancer health check thresholds so the control plane is marked healthy sooner. Use the command `gcloud compute health-checks update https -apiserver --global --project= --healthy-threshold=2 --check-interval=5`, then repave the control plane. | June 28, 2026 | Clusters | | Cluster nodes fail to become `Ready` on Kubernetes v1.35.x on OSes that default to cgroup v1 because kubelet fails to start. Affected OSes include Ubuntu 20.04 and earlier, RHEL/CentOS 7–8, SLES 15 SP3 and earlier, Debian 10 and earlier, and Amazon Linux 2. | For all Kubernetes v1.35.x clusters, enable cgroup v2 instead of cgroup v1, or configure kubelet with `failCgroupV1: false` where supported. For a detailed workaround for Edge clusters, refer to [Troubleshooting - Edge](../troubleshooting/edge/edge.md#scenario---cluster-nodes-fail-to-become-ready-on-kubernetes-v135x). | May 3, 2026 | Clusters | | [EKS hybrid clusters](../clusters/public-cloud/aws/eks-hybrid-nodes/eks-hybrid-nodes.md) are not compatible with EKS control plane version 1.35. The bundled pack supports Kubernetes up to version 1.31. Kubernetes allows a maximum skew of three minor versions between nodes and control plane, which is exceeded with EKS 1.35. | Use an EKS control plane version within the supported skew range for the bundled Nodeadm pack. For example, Nodeadm 1.31 supports up to EKS version 1.34. | May 3, 2026 | Clusters, Packs | -| Headlamp does not support the **Custom** or **Inherit from Tenant** OIDC Identity Provider options configured in the pack of your cluster profile. | No workaround available. | May 3, 2026 | Packs | | Zot registry content may appear missing after storage changes or Helm upgrades, even though the original content bundle still exists on the node. | Force a re-sync by deleting the `/usr/local/spectrocloud/.local-sync-state` file. For Palette and VerteX Management Appliance, delete this file on all Management Appliance nodes in the cluster. `stylus-operator` automatically detects the change and re-syncs the content to Zot. Confirm that the content appears in the Local UI **Content** tab. | April 5, 2026 | Edge | | The cluster's **Virtual Machines** tab or the Virtual Machine Orchestrator (VMO) Graphical UI (GUI) may fail to load for [self-hosted Palette](../enterprise-version/enterprise-version.md) and [Palette VerteX](../vertex/vertex.md) installations. This issue applies to all installation methods but does not apply to self-hosted environments that use an IP address instead of a domain name. | Refer to [Scenario - VMO Loading Errors in Self-Hosted Palette](../troubleshooting/vmo-issues.md#scenario---vmo-loading-errors-in-self-hosted-palette) for the workaround. | April 5, 2026 | Self-Hosted, Virtual Machine Orchestrator | | Edge hosts that rely on multipath storage configurations may experience storage accessibility issues due to a missing `multipath-tools` package on Edge installer and provider images built with [CanvOS](https://github.com/spectrocloud/CanvOS/blob/main/README.md) version 4.8.8 and later. This issue is caused by the underlying [Kairos](https://kairos.io/) base image (v3.5.9) used by CanvOS, where a system cleanup step inadvertently removes the `multipath-tools` package. | Add `multipath-tools` to your CanvOS `Dockerfile` before building the installer ISO or provider images. For example, add `RUN apt-get update && apt-get install --yes multipath-tools` for Ubuntu-based builds. For FIPS builds, add the package to the base image Dockerfile for the respective operating system. Refer to [Build Edge Artifacts](../clusters/edge/edgeforge-workflow/palette-canvos/palette-canvos.md) for more information on customizing your `Dockerfile`.

    **NOTE:** The `multipath-tools` package is known to cause issues on Ubuntu 20.04. If unexpected behavior occurs, remove `multipath-tools`. | March 18, 2026 | Edge | @@ -34,7 +33,7 @@ The following table lists all known issues that are currently active and affecti | In self-hosted [Palette](../enterprise-version/install-palette/palette-management-appliance.md) and [Vertex Management Appliance](../vertex/install-palette-vertex/vertex-management-appliance.md) environments, uploading the same pack as both a FIPS and non-FIPS version to the same registry overwrites the original pack.

    For example, if you have a non-FIPS version of the `byoi-2.1.0` pack in your Zot registry and you upload the FIPS version of `byoi-2.1.0`, the new version will overwrite the existing one. This results in a SHA mismatch between the pack stored in the registry and the pack referenced in the cluster profile, which can lead to cluster creation failures. | Upload either a FIPS or non-FIPS version of a pack to your registry. Do not upload both to the same registry. | September 1, 2025 | Clusters, Self-Hosted | | Container runtime may fail to run with the message `Failed to run CRI service error=failed to recover state: failed to get metadata for stored sandbox` after a node is upgraded to 1.29.14. This is related to an [upstream issue with containerd](https://github.com/containerd/containerd/issues/10848). | Remove the container runtime folder with `rm -rf /var/lib/containerd`. Then restart containerd and Kubelet using `systemctl restart containerd && systemctl restart kublet`. | August 17, 2025 | Edge | | Due to [an upstream issue with a Go library and CLIs for working with container registries](https://github.com/google/go-containerregistry/issues/2124), unintended or non-graceful reboots during content push operations to registries can cause consistency issues. This leads to content sync in locally managed clusters throwing the `content-length: 0 ` error. | Refer to [Troubleshooting - Edge](../troubleshooting/edge/edge.md#scenario---content-length-0-errors-during-content-synchronization) for the workaround. | August 17, 2025 | Edge | -| Controller mode MAAS deployments using the automatically install the Cilium CNI. This happens because of a known issue with the Canonical Kubernetes Cluster API (CAPI) bootstrap provider and cannot be disabled. However, Palette still requires users to explicitly configure a CNI in the cluster profile. | Select the **Cilium CNI (Canonical Kubernetes)** pack when creating a cluster profile to fulfill the CNI requirement. Palette recognizes this selection and allows cluster creation to proceed, even though Cilium is installed by the bootstrap process. | August 17, 2025 | Clusters, Packs | +| Controller mode MAAS deployments using Canonical Kubernetes versions earlier than 1.35 with the automatically install the Cilium CNI. This happens because of a known issue with the Canonical Kubernetes Cluster API (CAPI) bootstrap provider and cannot be disabled. However, Palette still requires users to explicitly configure a CNI in the cluster profile. | Select the **Cilium CNI (Canonical Kubernetes)** pack when creating a cluster profile to fulfill the CNI requirement. Palette recognizes this selection and allows cluster creation to proceed, even though Cilium is installed by the bootstrap process. Canonical Kubernetes 1.35 and later support the first-class pack, which you can configure and manage directly in the cluster profile. | August 17, 2025 | Clusters, Packs | | When deploying an Edge RKE2 cluster on Rocky Linux, a worker node may fail to join the cluster if TCP port 9345 is not open on the control plane node. This port is required for communication between the RKE2 agent and the control plane. | Verify if the port is open by running `firewall-cmd --list-all` on the control plane node. If 9345/tcp is not listed in the output, open it with `firewall-cmd --zone=public --add-port=9345/tcp --permanent` and apply the change using `firewall-cmd --reload`. | July 21, 2025 | Edge | | When using the Palette/VerteX Management Appliance, clicking on the Zot service link in Local UI results in a new tab displaying `Client sent an HTTP request to an HTTPS server`. | Change the prefix of the URL in your web browser to `https://` instead of `http://`. | July 21, 2025 | Clusters, Packs | | [Cloning a virtual machine](../vm-management/vmo-pack/create-manage-vm/create-manage-vm.md) using KubeVirt 1.5 or later may hang if [volume snapshots](../vm-management/vmo-pack/create-manage-vm/take-snapshot-of-vm.md) are not configured. | Ensure that you configure a `VolumeSnapshotClass` in the `charts.virtual-machine-orchestrator.snapshot-controller.volumeSnapshotClass` resource in the pack. | July 19, 2025 | Virtual Machine Orchestrator | @@ -118,6 +117,8 @@ for information on the fix version and the date the issue was resolved. | Description | Publish Date | Product Component | Fix Version | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------ | ---------------------------- | ----------- | +| During [Launchpad for VMs cluster installation](../vm-management/launchpad-for-vms/install-vmla-iso.md#create-cluster), you must enter a complex password in all three Keycloak fields. The installation fails if any password does not meet the complexity requirements. | June 11, 2026 | Launchpad for VMs | 4.9.22 | +| Headlamp does not support the **Custom** or **Inherit from Tenant** OIDC Identity Provider options configured in the pack of your cluster profile. | May 3, 2026 | Packs | 4.9.22 | | [MAAS clusters](../clusters/data-center/maas/maas.md) deployed or repaved on Palette versions 4.9.14 or 4.9.16 lose the default `ubuntu` user. The SSH key injection feature introduced in 4.9.14 removed the default user due to a known issue in `cloud-init`, preventing SSH access to nodes using the default user. To regain SSH access, users should configure SSH keys for the cluster through Palette, creating the `spectro` user on all nodes. Nodes already affected will not recover the default user automatically after upgrading to Palette version 4.9.18 and must be repaved to restore the default user. [Self-hosted Palette](../enterprise-version/enterprise-version.md) and dedicated SaaS customers must skip versions 4.9.14 and 4.9.16 to avoid being impacted by this issue. | June 11, 2026 | Clusters | 4.9.18 | | Azure IaaS clusters using version 1.32.13 or earlier get stuck when upgrading to a PXK version in the 1.33.x series. | May 3, 2026 | Clusters, Packs | 4.9.6 | | When upgrading a self-hosted Palette instance from 4.8.35 to 4.8.37, MongoDB replica pods may crash with a `CrashLoopBackOff` error. This may be due to MongoDB replication lag or a cluster split-brain state, resulting in a stuck upgrade. Refer to [Scenario - MongoDB Replica Pods Crash during Palette Upgrade](../troubleshooting/enterprise-install.md#scenario---mongodb-replica-pods-crash-during-palette-upgrade) for the workaround. | March 12, 2026 | Self-Hosted Palette | 4.9.5 | diff --git a/docs/docs-content/release-notes/release-notes.md b/docs/docs-content/release-notes/release-notes.md index 616792a0805..e528d358bd7 100644 --- a/docs/docs-content/release-notes/release-notes.md +++ b/docs/docs-content/release-notes/release-notes.md @@ -11,6 +11,485 @@ tags: ["release-notes"] +## June 28, 2026 - Release 4.9.22 {#release-notes-4.9.b} + +### Security Notices + +- Review the [Security Bulletins](../security-bulletins/reports/reports.mdx) page for the latest security advisories. + +### Palette Enterprise {#palette-enterprise-4-9-b} + +#### Breaking Changes {#breaking-changes-4-9-b} + + + + +- Palette now validates the `ProjectUid` header on all [API](/api/introduction) requests. Requests that send a project + that does not exist or that you cannot access now return a validation error, such as `ResourceNotFound`, + `ProjectNotFoundInTenant`, or `ResourceAccessDenied`. To avoid errors, remove the `ProjectUid` header when accessing + tenant-level resources, or provide a valid project. Existing resources are not affected. + +#### Features + + + +- Spectro Cloud is transitioning to the use of security-hardened images. As a result, retrieving images from Spectro + Cloud OCI registries will require a Spectro Cloud image pull secret. This secret is intended for long-term use and is + configured once. + + This change primarily affects non-airgap environments that do not configure mirror registries or image swap; it does + not apply to airgapped environments, which pull images from their own registries. While configuring an image pull + secret is not required for the current version of Palette, it is an + [upcoming breaking change](./announcements.md#upcoming-breaking-changes) and will be mandated in a future release. We + recommend that affected environments configure an image pull secret as soon as possible to prevent service disruptions + later. + + To obtain your image pull secret, contact your customer support representative. Refer to + [Configure Image Pull Secret](../enterprise-version/system-management/configure-image-pull-secret.md) for more + information. + + + +- Overriding Cluster API (CAPI) properties is now supported on [AWS + EKS](../clusters/public-cloud/aws/eks.md), [Azure IaaS](../clusters/public-cloud/azure/aks.md), and + [CloudStack](../clusters/data-center/cloudstack/create-manage-cloudstack-clusters.md) clusters. This allows you to + configure advanced provider-specific settings not natively exposed by Palette by supplying YAML that targets the + underlying CAPI provider objects directly. For more information, refer to [Override Cluster API (CAPI) + Properties](../architecture/override-capi-properties/override-capi-properties.md). + + + + - Using CAPI override, you can now apply AWS custom tags at the node pool level on EKS clusters. Node-pool tags are + additive to cluster-level tags and propagate to the pool's managed node group and Auto Scaling group. For more + information, refer to + [Node Pool AWS Tags](../architecture/override-capi-properties/aws-capi-override-reference.md#node-pool-aws-tags). + + + + +- Palette now supports overriding Cluster API Machine Health Check (MHC) settings per node pool on Palette eXtended + Kubernetes (PXK) infrastructure clusters. This capability does not apply to EKS, AKS, or GKE clusters. For more + information, refer to [Node Pools](../clusters/cluster-management/node-pool.md). + + + + + + + +- [Artifact Studio](../downloads/artifact-studio.md) version 4.9.11 is now available. + +#### Improvements + + + +- The deployment of + [MAAS clusters to LXD Virtual Machines (VMs)](../clusters/data-center/maas/create-manage-maas-lxd-clusters.md) has + exited Tech Preview and is now ready for production workloads. + + + +- Palette now supports the configuration of audit trails with + [Splunk](https://help.splunk.com/en/splunk-observability-cloud/get-started). Refer to the + [Audit Logs](../audit-logs/audit-logs.md) guide for more information. + + + +- The **Cluster Endpoint Access** tooltip for Amazon EKS clusters now clarifies how the **Private** option behaves. For + fully private endpoint access, use a self-hosted Private Cloud Gateway (PCG). If you select **Private** without a PCG, + Palette initially creates the cluster in **Private & Public** mode and changes it to **Private** after cluster + provisioning completes. For more information, refer to + [Create and Manage AWS EKS Cluster](../clusters/public-cloud/aws/eks.md). + + + +- The deployment of [Canonical Kubernetes on MAAS](../clusters/data-center/maas/architecture.md) has exited Tech Preview + and is now ready for production workloads. + + + + + +- [Canonical Kubernetes clusters on MAAS](../clusters/data-center/maas/architecture.md) now support the pack as a Container Network Interface + (CNI), available for Canonical Kubernetes 1.35 and later. You can manage Cilium declaratively in your cluster + profile instead of relying on the Cilium CNI bundled with the Canonical Kubernetes pack. For configuration steps, refer + to . + + + + + + +- The **MinIO** backup location provider has been renamed to **S3 Compatible Storage** to reflect that it supports any + S3-compatible object storage, such as MinIO or NetApp StorageGRID. The **S3 URL** field is now labeled **Endpoint + URL**. Existing backup locations continue to work and appear under the new label with their settings preserved. For + more information, refer to [Backup and Restore](../clusters/cluster-management/backup-restore/backup-restore.md). + + + +- Palette now provides the `/v1/tenants/{tenantUid}/idp/palette/config` [API endpoint](/api/introduction) that allows + tenant administrators to retrieve the Palette identity provider (IdP) configuration for their tenant in self-hosted + Palette environments. + + + +- The **View K8s Certificates** page now displays every control plane PKI certificate that Palette includes in its + renewal cycle, instead of only the core API server and certificate authority (CA) entries. The expanded list adds the + kubeconfig-embedded client certificates, the etcd peer and health-check certificates, and the kubelet client and + serving certificates for each control plane node. This applies to Palette eXtended Kubernetes (PXK), RKE2, K3s, and + Canonical Kubernetes clusters. For more information, refer to + [Renew Cluster PKI Certificates](../clusters/cluster-management/certificate-management.md). + + + +- Palette now publishes consistent cluster events for Container Network Interface (CNI) and Container Storage Interface + (CSI) pack installations and upgrades across all cloud types. Palette adds a CNI install success event to match the + existing CSI event, recording the source and target versions in a single upgrade event. For more information, refer to + [Event Stream](../clusters/clusters.md#event-stream). + + + +- The [Pause Agent Upgrades](../clusters/cluster-management/platform-settings/pause-platform-upgrades.md) setting now + applies to all internal components of a Private Cloud Gateway (PCG), including those used to manage the PCG cluster + itself. This applies to MAAS, vSphere, and self-hosted PCGs. + + + +- Palette now generates build attestation documents for Spectro Cloud components as part of the Supply chain Levels for + Software Artifacts (SLSA) Level 2 secure supply chain initiative. These documents provide an audit trail of when, how, + and where the software was produced. + + + +- Palette now generates + [Software Bill Of Materials (SBOM) artifacts](../clusters/cluster-management/compliance-scan.md#sbom-dependencies--vulnerabilities) + for all Spectro Cloud downloadable components in CycloneDX, SPDX, and Syft JSON formats. + + + +- The Palette AI Studio detail view now displays the full contents of the `README.md` file associated with Palette AI + content, which makes extended documentation directly accessible from the details tab. + + + + +- The Palette and VerteX appliance components have been upgraded to their latest patch versions, including the + following: + + - version 1.34.9 + - version 3.32.0 + - version 2.10.7 + - version 2.1.17 + + + +#### Deprecations and Removals + + + +- The `v1/projects` Palette [API endpoint](/api/introduction) is now deprecated. Use the `/v1/dashboard/projects` + endpoint instead. + +#### Bug Fixes + + + +- Fixed an issue where the expanded certificate list did not appear on the **View K8s Certificates** page for newly + provisioned AWS and GCP clusters. + + + +- Fixed an issue that caused [AWS IaaS](../clusters/public-cloud/aws/create-cluster.md) clusters using Cilium as the CNI + to receive incorrect security group rules, which silently dropped cross-node pod traffic and disrupted DNS resolution, + pod-to-pod communication, and API server webhook calls. Palette now applies the correct security group rules based on + the configured CNI, with no manual security group changes required. + + + +- Fixed an issue where the **API Endpoint** field was disabled when adding a MAAS cloud account with a self-hosted + Private Cloud Gateway (PCG), which prevented you from entering the endpoint manually. + + + +- Fixed an issue where a scheduled [OS patch](../clusters/cluster-management/os-patching.md) could loop indefinitely and + leave a node cordoned. The patch no longer stalls on an unnecessary package signing key fetch, so it completes and the + node is returned to service. + + + +- Fixed an issue where the `apply-scheduled-os-patch` pod could continue to start after the **OS Patching Schedule** was + set to **Never**, which could leave a node cordoned. Setting the schedule to **Never** now removes the scheduled task. + + + +- Fixed an issue where the per-cluster `capa-controller-manager` pod was intermittently created without the EKS Pod + Identity credential environment variables when provisioning [Amazon EKS](../clusters/public-cloud/aws/eks.md) clusters + with a Pod Identity cloud account, which could stall provisioning with a VPC reconciliation failure. + + + +- Fixed an issue where EKS Pod Identity associations were not removed when workload clusters were deleted or pivoted, + which caused the list of associations to grow over time. + + + +- Fixed an issue where [Amazon EKS](../clusters/public-cloud/aws/eks.md) cluster provisioning could stall at the worker + node launch phase because of a race condition while updating the `aws-node` DaemonSet. + + + +- Fixed an issue where the Palette agent could delete a Role-Based Access Control (RBAC) managed namespace during a + reconciliation cycle when a transient Kubernetes API error occurred, which briefly disrupted the workloads in that + namespace. + + + +- Fixed an issue where requests to retrieve cluster namespace information could time out and return an HTTP 500 + `ClusterFeatureTimeoutError`. + + + +- Fixed an issue where `GET /v1/cloudaccounts/azure/{uid}` returned a masked `tls.cert` value for `AzurePublicCloud` + accounts that were created without a certificate, causing false drift detection in the Terraform provider. + + + +- Fixed an issue where Helm-based cert-manager installations did not receive image-swap labels, which could prevent + container images from being redirected to a local registry in airgapped environments. + + + +- Fixed an issue where upgrading the Palette Management Appliance did not preserve previously configured settings during + the review step. The upgrade introduced a new profile instead of a new version of the existing profile, which reset + all values to their defaults and prevented a side-by-side comparison of the incoming and existing configuration + values. + +### Edge + +:::info + +The [CanvOS](https://github.com/spectrocloud/CanvOS) version corresponding to the 4.9.22 Palette release is 4.9.19. + +::: + +#### Features + + + + +- Connected (centrally managed) Edge Native clusters now support upgrading the control plane independently from worker + pools. Enable the **Skip worker node update** toggle on a worker pool to defer its Kubernetes upgrade while the + control plane advances. Palette enforces the Kubernetes + [N-3 minor version skew](https://kubernetes.io/releases/version-skew-policy/) to prevent unsupported drift between the + control plane and worker nodes. For more information, refer to + [Skip Worker Node Update](../clusters/cluster-management/node-pool.md#skip-worker-node-update) and + [Edge Cluster Upgrade Behavior](../clusters/edge/cluster-management/upgrade-behavior.md#decoupled-control-plane-and-worker-node-upgrades). + + + + +- The Palette TUI now includes a **Management Interface** drop-down menu on the **Network Adapter** screen. You can use + this option during initial Edge host setup to pin Local UI and host-to-host traffic to a specific network adapter. For + more information, refer to + [Initial Edge Host Configuration with Palette TUI](../clusters/edge/site-deployment/site-installation/initial-setup.md). + + + +- Edge clusters now support the `DisableWorkerNodeCapReconcile` feature gate. For clusters with **Allow worker + capability** disabled, add this value to `stylus.featureGate` in the OS pack to prevent the Palette Edge node agent + from automatically re-adding control plane taints to nodes in the control plane pool after the taint has been manually + removed. For more information, refer to + [Feature Gates](../clusters/edge/edge-configuration/installer-reference.md#feature-gates). + +#### Bug Fixes + + + +- Fixed an issue where `k3s.service` could enter a permanent crash loop with a `no bootstrap data found in datastore` + error during the initial bootstrap of single-node Edge clusters. + + + +- Fixed an issue where Day-2 updates to the `reconcile` stages in an Edge OS or Kubernetes pack did not reliably replace + the existing node configuration in `/oem/85_cluster_config.yaml`. Stale stage entries were retained and newly added + entries under an existing stage were dropped. + + + +- Fixed an issue where reusing an Edge host for a new cluster could leave the cluster stuck in provisioning because the + RKE2 state from the previous cluster was not fully removed. This caused the leftover bootstrap data to conflict with + the new cluster token. + + + +- Fixed an issue where Canonical Kubernetes 1.35 was missing from the `k8s_version.json` file in CanvOS v4.8.18, which + prevented building Canonical provider images for Edge deployments. + +### Launchpad for VMs + + + +#### Features + +- The [Launchpad for VMs Appliance](../vm-management/launchpad-for-vms/launchpad-for-vms.md) now supports live updates + to running VMs. You can hot-plug memory and hot-update CPU sockets on a running VM without a reboot. + +- Running VMs can now be paused and resumed. +- The appliance now displays live-migration progress so you can track a VM's migration between nodes. + +- VMs can now be created using custom YAML files. + + + +- VMs can now be created using golden images and templates across namespace boundaries using the **Create VM** flow. + +#### Improvements + + + +- MetalLB load-balancer images now use the hardened, distroless image variant. + + + +- The default password policy for the VMO Manager profile now requires a minimum of 15 characters, aligning with + Security Technical Implementation Guide (STIG) compliance. + +- VMO profile password fields now enforce complexity requirements at input time. passwords before submission. + +- Fixed an issue where users could delete the account they were currently signed in with. + +- The user-creation form now validates email format and rejects malformed email addresses. + +- VM instance types can now be changed after the VM is built using the edit-configuration flow. + +- The VM creation flow now surfaces the underlying **DataVolume** status, allowing you to monitor disk-provisioning + progress during VM creation. + +#### Bug Fixes + +- Fixed an issue where updating a VM's CPU sockets displayed a spurious "restart required" message for a change that + does not require a restart. + +- Fixed an issue where VMs that failed to start or be scheduled could not be deleted through the UI. + +### VerteX + +#### Features + +- Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the + [Palette section](#palette-enterprise-4-9-b) for more details. + +#### Improvements + + + +- The [system console](../vertex/system-management/system-management.md#system-console) now displays the installed + product version for Helm-based installations of Palette VerteX. + +#### Bug Fixes + + + +- Fixed an issue where deploying a FIPS-enabled [Amazon EKS](../clusters/public-cloud/aws/eks.md) cluster could fail + with a chart installation error because the `aws-node` service account in the `kube-system` namespace already existed + and could not be imported into the Helm release for the `cni-aws-vpc-eks-helm-fips` pack. + +### Automation + +:::info + +Check out the [CLI Tools](/downloads/cli-tools/) page to find the compatible version of the Palette CLI. + +::: + +#### Features + +- Terraform version 0.29.6 of the + [Spectro Cloud Terraform provider](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs) is + now available. For more details, refer to the Terraform provider + [release page](https://github.com/spectrocloud/terraform-provider-spectrocloud/releases). +- Crossplane version 0.29.6 of the + [Spectro Cloud Crossplane provider](https://marketplace.upbound.io/providers/crossplane-contrib/provider-palette) is + now available. + +#### Improvements + + + +- The Spectro Cloud Terraform provider now supports Cluster API (CAPI) property overrides for Amazon EKS, Azure IaaS, + and CloudStack clusters. You can supply key-value overrides for the underlying CAPA or CAPC properties at the cluster + and node pool level. + + + +- The + [`spectrocloud_cluster_eks`](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs/resources/cluster_eks) + Terraform resource now supports custom AWS tags at the node pool level. These tags are applied in addition to any + cluster-level tags. + + + +- The Spectro Cloud Terraform provider now supports overriding Machine Health Check (MHC) configuration at the node pool + level for Palette eXtended Kubernetes (PXK) infrastructure clusters. + + + +- The Spectro Cloud Terraform and Crossplane providers now support decoupled upgrades for worker node pools on Edge + clusters. This allows you to upgrade the control plane and worker nodes independently for Canonical Kubernetes (CK8s) + and Palette eXtended Kubernetes Edge (PXK-E) clusters. + + + +- The Spectro Cloud Terraform provider now supports configuring audit log export to both Amazon CloudWatch and Splunk + for Palette deployments. Refer to [Audit Logs](../audit-logs/audit-logs.md) for more information. + +#### Bug Fixes + + + +- Fixed an issue in the Palette Go SDK where removing all tags from a cluster profile was not applied, because the + `omitempty` annotation on the labels field caused an empty map to be omitted from the API request payload. + +### Packs + + + + +| Pack Name | Layer | Non-FIPS | FIPS | New Version | +| --------- | ----- | -------- | ---- | ----------- | +| | `addon` | :white_check_mark: | :x: | 9.6.0 | +| | `addon` | :white_check_mark: | :white_check_mark: | 1.20.2 | +| | `csi` | :white_check_mark: | :x: | 1.62.0 | +| | `csi` | :white_check_mark: | :x: | 1.26.0 | +| | `addon` | :white_check_mark: | :x: | 0.0.36 | +| | `csi` | :white_check_mark: | :x: | 0.0.36 | +| | `csi` | :white_check_mark: | :x: | 3.7.2 | +| | `addon` | :white_check_mark: | :x: | 1.13.0 | +| | `addon` | :white_check_mark: | :x: | 3.4.0 | +| | `addon` | :x: | :white_check_mark: | 2.10.7 | +| | `csi` | :x: | :white_check_mark: | 2.10.7 | +| | `addon` | :white_check_mark: | :x: | 87.1.0 | +| | `addon` | :white_check_mark: | :x: | 0.2.0 | +| | `addon` | :white_check_mark: | :x: | 41.0.0 | + + + + + +#### Pack Notes + + + + + +- Palette support for the pack has exited Tech Preview and is now ready for production workloads. Refer to the [Headlamp](../clusters/cluster-management/headlamp.md) guide for more information. + + + ## June 19, 2026 - Component Updates {#component-updates-2026-25} diff --git a/docs/docs-content/tutorials/getting-started/palette-edge/central-management/palette-edge.md b/docs/docs-content/tutorials/getting-started/palette-edge/central-management/palette-edge.md index 621cb722085..6161a03689b 100644 --- a/docs/docs-content/tutorials/getting-started/palette-edge/central-management/palette-edge.md +++ b/docs/docs-content/tutorials/getting-started/palette-edge/central-management/palette-edge.md @@ -86,25 +86,25 @@ designed to guide you step-by-step, building on the concepts introduced in the p title: "Build Edge Artifacts", description: "Build the artifacts required for your Edge deployment.", buttonText: "Learn more", - url: "/tutorials/getting-started/palette-edge/entral-management/build-edge-artifacts", + url: "/tutorials/getting-started/palette-edge/central-management/build-edge-artifacts", }, { title: "Create Edge Cluster Profile", description: "Create an Edge native cluster profile to deploy Edge workloads.", buttonText: "Learn more", - url: "/tutorials/getting-started/palette-edge/entral-management/edge-cluster-profile", + url: "/tutorials/getting-started/palette-edge/central-management/edge-cluster-profile", }, { title: "Prepare Edge Host", description: "Install the Palette agent on your Edge host and register the host with Palette.", buttonText: "Learn more", - url: "/tutorials/getting-started/palette-edge/entral-management/prepare-edge-host", + url: "/tutorials/getting-started/palette-edge/central-management/prepare-edge-host", }, { title: "Deploy Edge Cluster", description: "Deploy an Edge cluster with Palette.", buttonText: "Learn more", - url: "/tutorials/getting-started/palette-edge/entral-management/deploy-edge-cluster", + url: "/tutorials/getting-started/palette-edge/central-management/deploy-edge-cluster", }, ]} /> diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/airgap-install/install.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/airgap-install/install.md index 9aa6242a868..a33f320f568 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/airgap-install/install.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/airgap-install/install.md @@ -1,6 +1,6 @@ --- sidebar_label: "Install VerteX" -title: "Install VerteX" +title: "Install Airgap Self-Hosted Palette VerteX" description: "Learn how to deploy airgap VerteX to a Kubernetes cluster using a Helm Chart." icon: "" hide_table_of_contents: false @@ -9,899 +9,134 @@ tags: ["vertex", "enterprise"] keywords: ["self-hosted", "vertex"] --- -You can use the Palette VerteX Helm Chart to install VerteX in a multi-node Kubernetes cluster in your airgap production -environment. +You can use the Palette VerteX Helm chart to install Palette VerteX in a multi-node Kubernetes cluster in your +production environment. -This installation method is common in secure environments with restricted network access that prohibits using VerteX -SaaS. Review our [architecture diagrams](../../../../architecture/networking-ports.md) to ensure your Kubernetes cluster -has the necessary network connectivity for VerteX to operate successfully. - -:::warning - -Complete the [Environment Setup](./kubernetes-airgap-instructions.md) steps before proceeding with the installation. - -::: +This installation method is common in secure environments with restricted network access that prohibits using Palette +VerteX SaaS. Review our [architecture diagrams](../../../../architecture/networking-ports.md) to ensure your Kubernetes +cluster has the necessary network connectivity for Palette VerteX to operate successfully. ## Prerequisites -- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available. - -- [Helm](https://helm.sh/docs/intro/install/) is installed and available. - -- Access to the target Kubernetes cluster's kubeconfig file. You must be able to interact with the cluster using - `kubectl` commands and have sufficient permissions to install VerteX. We recommend using a role with `cluster-admin` - permissions to install VerteX. - -- Ensure `unzip` or a similar extraction utility is installed on your system. - -- The Kubernetes cluster must be set up on a version of Kubernetes that is compatible to your upgraded version. Refer to - the [Kubernetes Requirements](../../install-palette-vertex.md#kubernetes-requirements) section to find the version - required for your Palette installation. - -- Ensure the Kubernetes cluster does not have Cert Manager installed. VerteX requires a unique Cert Manager - configuration to be installed as part of the installation process. If Cert Manager is already installed, you must - uninstall it before installing VerteX. - -- Palette requires a Container Storage Interface (CSI) to create Persistent Volumes, which are used to store persistent - data. You may install any CSI that is compatible with your Kubernetes cluster. - -- If you are using a _self-hosted MongoDB_ instance, such as MongoDB Atlas, ensure the MongoDB database has a user named - `hubble` with the permission `readWriteAnyDatabase`. Refer to the - [Add a Database User](https://www.mongodb.com/docs/guides/atlas/db-user/) guide for guidance on how to create a - database user in Atlas. - -- We recommended the following resources for VerteX. Refer to the - [VerteX size guidelines](../../../install-palette-vertex/install-palette-vertex.md#size-guidelines) for additional - sizing information. - - - 8 CPUs per node. - - - 16 GB Memory per node. - - - 110 GB Disk Space per node. - - - A minimum of three worker nodes or three untainted control plane nodes. - - - AMD64 (also known as x86_64) architecture. ARM-based nodes are not supported. - -- The following network ports must be accessible for VerteX to operate successfully. - - - TCP/443: Inbound and outbound to and from the VerteX management cluster. - - - TCP/6443: Outbound traffic from the VerteX management cluster to the deployed clusters' Kubernetes API server. - -- Ensure you have an SSL certificate that matches the domain name you will assign to VerteX. You will need this to - enable HTTPS encryption for VerteX. Reach out to your network administrator or security team to obtain the SSL - certificate. You need the following files: - - - x509 SSL certificate file in the base64 format. - - - x509 SSL certificate key file in the base64 format. - - - x509 SSL certificate authority file in the base64 format. - -- Ensure the OS and Kubernetes cluster you are installing VerteX onto is FIPS-compliant. Otherwise, VerteX and its - operations will not be FIPS-compliant. - -- A [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) to manage persistent storage, with the - annotation `storageclass.kubernetes.io/is-default-class` set to `true`. To override the default StorageClass for a - workload, modify the `storageClass` parameter. Check out the - [Change the default StorageClass](https://kubernetes.io/docs/tasks/administer-cluster/change-default-storage-class/) - page to learn more about modifying StorageClasses. - -- Palette VerteX uses Traefik as the ingress controller. If you already have an ingress controller deployed in the - cluster, set the `ingress.enabled` parameter to `false` in the `values.yaml` file. - -- A custom domain and the ability to update Domain Name System (DNS) records. You will need this to enable HTTPS - encryption for VerteX. - -- If you are installing VerteX behind a network proxy server, ensure you have the Certificate Authority (CA) certificate - file in the base64 format. You will need this to enable VerteX to communicate with the network proxy server. - -- Access to the VerteX Helm Charts. Refer to the [Access VerteX](../../../vertex.md#access-palette-vertex) for - instructions on how to request access to the Helm Chart. - :::warning -Do not use a VerteX-managed Kubernetes cluster when installing VerteX. VerteX-managed clusters contain the VerteX agent -and VerteX-created Kubernetes resources that will interfere with the installation. - -::: - -## Install VerteX - -The following instructions are agnostic to the Kubernetes distribution you are using. Depending on the underlying -infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match your -environment. Reach out to our support team if you need assistance. - -1. Open a terminal session and navigate to the directory where you downloaded the VerteX installation zip file provided - by our support. Unzip the file to a directory named **vertex-install**. - - ```shell - unzip release-*.zip -d vertex-install - ``` - -2. Navigate to the release folder inside the **vertex-install** directory. - - ```shell - cd vertex-install/charts/release-* - ``` - -3. Open the file **extras/cert-manager/values.yaml** in a text editor and append the URL to your OCI registry, which - also includes the namespace or project that is hosting the Spectro Cloud images. The URL should be in the format - `/`. In the example configuration below, the value `my-oci-registry.com/spectro-images` is - prefixed to each URL. Save the file after you have appended the URL. - - ```yaml hideClipboard - image: - cainjectorImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.17.0-spectro-4.6.1" - controllerImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.17.0-spectro-4.6.1" - webhookImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.17.0-spectro-4.6.1" - amceResolverImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.17.0-spectro-4.6.1" - ``` - -4. Install Cert Manager using the following command. Replace the actual file name of the Cert Manager Helm Chart with - the one you downloaded, as the version number may be different. - - ```shell - helm upgrade --values extras/cert-manager/values.yaml \ - cert-manager extras/cert-manager/cert-manager-*.tgz --install - ``` - - ```shell hideClipboard - Release "cert-manager" does not exist. Installing it now. - NAME: cert-manager - LAST DEPLOYED: Mon Jan 29 16:32:33 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -5. Open the file **extras/image-swap/values.yaml** in a text editor and append the URL to your OCI registry that also - includes the namespace or project that is hosting the Spectro Cloud images. - - ```yaml hideClipboard - config: - imageSwapImages: - imageSwapInitImage: "my-oci-registry.com/spectro-images/gcr.io/spectro-images-public/release/thewebroot/imageswap-init:v1.5.3-spectro-4.5.1" - imageSwapImage: "my-oci-registry.com/spectro-images/gcr.io/spectro-images-public/release/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - ``` - -6. Update the `ociImageRegistry` section with the proper configuration values to your OCI registry. The - `ociImageRegistry` section should look similar to the following example. - - :::info - - Include `/v2` in your endpoints if you are using a - [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. - Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other - registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. Including `/v2` - for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: - `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. - - ::: - - ```yaml hideClipboard - ociImageRegistry: - endpoint: "my-oci-registry.com" - name: "Airgap Images OCI" - password: "" - username: "" - baseContentPath: "spectro-images" - insecureSkipVerify: true - caCert: "" - mirrorRegistries: "docker.io::my-oci-registry.com/spectro-images/docker.io,gcr.io::my-oci-registry.com/spectro-images/gcr.io,ghcr.io::my-oci-registry.com/spectro-images/ghcr.io,k8s.gcr.io::my-oci-registry.com/spectro-images/k8s.gcr.io,registry.k8s.io::my-oci-registry.com/spectro-images/registry.k8s.io,quay.io::my-oci-registry.com/spectro-images/quay.io,us-docker.pkg.dev::my-oci-registry.com/spectro-images/us-docker.pkg.dev" - ``` - -7. Go ahead and install the image-swap chart using the following command. Point to the **values.yaml** file you - configured in steps five through six. - - ```shell - helm upgrade --values extras/image-swap/values.yaml \ - image-swap extras/image-swap/image-swap-*.tgz --install - ``` - - ```shell hideClipboard - Release "image-swap" does not exist. Installing it now. - NAME: image-swap - LAST DEPLOYED: Mon Jan 29 17:04:23 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - - :::tip - - If you need to override the image-swap registry configuration post-deployment, refer to the - [Override Registry Configuration](../../../system-management/registry-override.md) page for instructions. - - ::: - -8. Install the Spectro Management CRDs chart. This chart contains Custom Resource Definitions (CRDs) required by - VerteX, including Traefik CRDs, and must be installed before the main VerteX Helm Chart. - - ```shell - helm upgrade --install spectro-mgmt-crds extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz - ``` - - ```shell hideClipboard - Release "spectro-mgmt-crds" does not exist. Installing it now. - NAME: spectro-mgmt-crds - LAST DEPLOYED: Mon Jan 29 16:35:00 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -9. Open the **values.yaml** file in the **spectro-mgmt-plane** folder with a text editor of your choice. The - **values.yaml** file contains the default values for the VerteX installation parameters. However, you must populate - the following parameters before installing VerteX. You can learn more about the parameters on the **values.yaml** - file on the [Helm Configuration Reference](../vertex-helm-ref.md) page. - - Ensure you provide the proper `ociImageRegistry.mirrorRegistries` values if you are using a self-hosted OCI - registry. You can find the placeholder string in the `ociImageRegistry` section of the **values.yaml** file. - - | **Parameter** | **Description** | **Type** | - | ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | - | `env.rootDomain` | The URL name or IP address you will use for the VerteX installation. | string | - | `config.installationMode` | The installation mode for VerteX. The values can be `connected` or `airgap`. Set this value to `airgap`. | string | - | `ociPackEcrRegistry` | The OCI registry credentials for the VerteX FIPS packs repository. | object | - | `ociImageRegistry` | The OCI registry credentials for the VerteX images repository. | object | - | `ociImageRegistry.mirrorRegistries` | A comma-separated list of mirror registries in [image swap format](https://github.com/phenixblue/imageswap-webhook/blob/master/docs/configuration.md) to use for pulling images. For example: `docker.io::harbor.example.org/airgap-images/docker.io,gcr.io::harbor.example.org/airgap-images/gcr.io`.

    **NOTE:** Include `/v2` in your endpoints if you are using a [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. Including `/v2` for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. | string | - | `imageSwapImages` | The image swap configuration for VerteX. If you are using an OCI registry, such as Harbor. Replace the prefix URLs with your OCI registry URL that includes the image namespace or project: `/`. | object | - | `imageSwapConfig.isEKSCluster` | If you are NOT installing VerteX on an EKS cluster, set this value to `false`. | boolean | - | `ingress.enabled` | Whether to install the Traefik ingress controller. Set to `false` if you already have an ingress controller deployed in the cluster. | boolean | - | `reach-system` | Set `reach-system.enabled` to `true` and configure the `reach-system.proxySettings` parameters for VerteX to use a network proxy in your environment. | object | - - :::info - - If you are installing VerteX by pulling required images from a private mirror registry, you will need to provide the - credentials to your registry in the **values.yaml** file. For more information, refer to - [Helm Configuration Reference](../vertex-helm-ref.md#image-pull-secret). - - ::: - - Save the **values.yaml** file after you have populated the required parameters mentioned in the table. - - :::warning - - VerteX VerteX does not support insecure connections. Ensure you have the Certificate Authority (CA) available, in - PEM format, when using a custom packs and image registry. Otherwise, VerteX will not be able to pull packs and - images from the registry. Use the `caCert` parameter to provide the base64-encoded CA certificate. - - ::: - - Select one of the following tabs to review an example of the **values.yaml** file with the required parameters - highlighted. - - - - - - - ```yaml {30,60,75-82,94-102,117-119} - ######################### - # Spectro Cloud Palette # - ######################### - - global: - imagePullSecret: - create: false - # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication - dockerConfigJson: "" - - # MongoDB Configuration - mongo: - # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas - internal: true - - # Mongodb URL. Only change if using Mongo Atlas. - databaseUrl: "mongo-0.mongo.hubble-system.svc.cluster.local,mongo-1.mongo.hubble-system.svc.cluster.local,mongo-2.mongo.hubble-system.svc.cluster.local" - # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. - databasePassword: "" - - #No. of mongo replicas to run, default is 3 - replicas: 3 - # The following only apply if mongo.internal == true - cpuLimit: "2000m" - memoryLimit: "4Gi" - pvcSize: "20Gi" - storageClass: "" # leave empty to use the default storage class - - config: - installationMode: "airgap" #values can be connected or airgap. - - # SSO SAML Configuration (Optional for self-hosted type) - sso: - saml: - enabled: false - acsUrlRoot: "myfirstpalette.spectrocloud.com" - acsUrlScheme: "https" - audienceUrl: "https://www.spectrocloud.com" - entityId: "https://www.spectrocloud.com" - apiVersion: "v1" - - # Email Configurations. (Optional for self-hosted type) - email: - enabled: false - emailId: "noreply@spectrocloud.com" - smtpServer: "smtp.gmail.com" - smtpPort: 587 - insecureSkipVerifyTls: false - fromEmailId: "noreply@spectrocloud.com" - password: "" # base64 encoded SMTP password - - env: - # rootDomain is a DNS record which will be mapped to the traefik-ingress-controller load balancer - # E.g., myfirstpalette.spectrocloud.com - # - Mandatory if ingress.internal == false - # - Optional if ingress.internal == true (leave empty) - # - # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes - # E.g., *.myfirstpalette.spectrocloud.com - rootDomain: "vertex.example.com" - - # stableEndpointAccess is used when deploying EKS clusters in Private network type. - # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true - cluster: - stableEndpointAccess: false - - # registry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # insecureSkipVerify: false - # caCert: "" - - ociPackRegistry: - endpoint: "my-oci-registry.com" # - name: "Airgap Packs OCI" # - password: "" # - username: "" # - baseContentPath: "spectro-packs" # - insecureSkipVerify: false - caCert: "" - - # ociPackEcrRegistry: - # endpoint: "" # - # name: "" # - # accessKey: "" # - # secretKey: "" # - # baseContentPath: "" # - # isPrivate: true - # insecureSkipVerify: false - # caCert: "" - - ociImageRegistry: - endpoint: "my-oci-registry.com" # - name: "Airgap Images OCI" # - password: "" # - username: "" # - baseContentPath: "spectro-images" # - insecureSkipVerify: true - caCert: "" - mirrorRegistries: "docker.io::my-oci-registry.com/spectro-images/docker.io,gcr.io::my-oci-registry.com/spectro-images/gcr.io,ghcr.io::my-oci-registry.com/spectro-images/ghcr.io,k8s.gcr.io::my-oci-registry.com/spectro-images/k8s.gcr.io,registry.k8s.io::my-oci-registry.com/spectro-images/registry.k8s.io,quay.io::my-oci-registry.com/spectro-images/quay.io,us-docker.pkg.dev::my-oci-registry.com/spectro-images/us-docker.pkg.dev" # See instructions below. - - # Instruction for mirrorRegistries. - # ---------------------------------- - # Please provide the registry endpoint for the following registries, separated by double colons (::): - # docker.io - # gcr.io - # ghcr.io - # k8s.gcr.io - # registry.k8s.io - # quay.io - # For each registry, follow this example format: - # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ - # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. - - imageSwapImages: - imageSwapInitImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - imageSwapImage: "my-oci-registry.com/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - - imageSwapConfig: - isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false - - grpc: - external: false - endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. - grpcStaticIP: "" - caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert - serverCrtBase64: "" - serverKeyBase64: "" - insecureSkipVerify: false - - ingress: - # When enabled, the Traefik ingress controller is installed. - enabled: true - - ingress: - # Default SSL certificate and key for the ingress controller (Optional) - # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com - # If left blank, a self-signed cert is generated. - certificate: "" - key: "" - - #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. - ingressStaticIP: "" - - # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. - terminateHTTPSAtLoadBalancer: false - - frps: - frps: - enabled: false - frpHostURL: proxy.sample.spectrocloud.com - server: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - ca: - crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - service: - annotations: {} - - ui-system: - enabled: true - ui: - nocUI: - enable: true - mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette - mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID - - reachSystem: - enabled: false - proxySettings: - http_proxy: "" - https_proxy: "" - no_proxy: "" - ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. - scheduleOnControlPlane: true - ``` - - - - - - ```yaml {30,60,84-92,94-102,117-119} - ######################### - # Spectro Cloud Palette # - ######################### - - global: - imagePullSecret: - create: false - # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication - dockerConfigJson: "" - - # MongoDB Configuration - mongo: - # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas - internal: true - - # Mongodb URL. Only change if using Mongo Atlas. - databaseUrl: "mongo-0.mongo.hubble-system.svc.cluster.local,mongo-1.mongo.hubble-system.svc.cluster.local,mongo-2.mongo.hubble-system.svc.cluster.local" - # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. - databasePassword: "" - - #No. of mongo replicas to run, default is 3 - replicas: 3 - # The following only apply if mongo.internal == true - cpuLimit: "2000m" - memoryLimit: "4Gi" - pvcSize: "20Gi" - storageClass: "" # leave empty to use the default storage class - - config: - installationMode: "airgap" #values can be connected or airgap. - - # SSO SAML Configuration (Optional for self-hosted type) - sso: - saml: - enabled: false - acsUrlRoot: "myfirstpalette.spectrocloud.com" - acsUrlScheme: "https" - audienceUrl: "https://www.spectrocloud.com" - entityId: "https://www.spectrocloud.com" - apiVersion: "v1" - - # Email Configurations. (Optional for self-hosted type) - email: - enabled: false - emailId: "noreply@spectrocloud.com" - smtpServer: "smtp.gmail.com" - smtpPort: 587 - insecureSkipVerifyTls: false - fromEmailId: "noreply@spectrocloud.com" - password: "" # base64 encoded SMTP password - - env: - # rootDomain is a DNS record which will be mapped to the traefik-ingress-controller load balancer - # E.g., myfirstpalette.spectrocloud.com - # - Mandatory if ingress.internal == false - # - Optional if ingress.internal == true (leave empty) - # - # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes - # E.g., *.myfirstpalette.spectrocloud.com - rootDomain: "vertex.example.com" - - # stableEndpointAccess is used when deploying EKS clusters in Private network type. - # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true - cluster: - stableEndpointAccess: false - - # registry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # insecureSkipVerify: false - # caCert: "" - - # ociPackRegistry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # baseContentPath: "" # - # insecureSkipVerify: false - # caCert: "" - - ociPackEcrRegistry: - endpoint: "123456789.dkr.ecr.us-east-1.amazonaws.com" # - name: "Airgap Packs OCI" # - accessKey: "**************" # - secretKey: "**************" # - baseContentPath: "production-fips" # - isPrivate: true - insecureSkipVerify: true - caCert: "" - - ociImageRegistry: - endpoint: "public.ecr.aws/123456789" # - name: "Airgap Images OCI" # - password: "" # - username: "" # - baseContentPath: "spectro-images" # - insecureSkipVerify: false - caCert: "" - mirrorRegistries: "docker.io::public.ecr.aws/123456789/spectro-images/docker.io,gcr.io::public.ecr.aws/123456789/spectro-images/gcr.io,ghcr.io::public.ecr.aws/123456789/spectro-images/ghcr.io,k8s.gcr.io::public.ecr.aws/123456789/spectro-images/k8s.gcr.io,registry.k8s.io::public.ecr.aws/123456789/spectro-images/registry.k8s.io,quay.io::public.ecr.aws/123456789/spectro-images/quay.io,us-docker.pkg.dev::public.ecr.aws/123456789/spectro-images/us-docker.pkg.dev" # See instructions below. - - # Instruction for mirrorRegistries. - # ---------------------------------- - # Please provide the registry endpoint for the following registries, separated by double colons (::): - # docker.io - # gcr.io - # ghcr.io - # k8s.gcr.io - # registry.k8s.io - # quay.io - # For each registry, follow this example format: - # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ - # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. - - imageSwapImages: - imageSwapInitImage: "public.ecr.aws/123456789/us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - imageSwapImage: "public.ecr.aws/123456789/us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - - imageSwapConfig: - isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false - - grpc: - external: false - endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. - grpcStaticIP: "" - caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert - serverCrtBase64: "" - serverKeyBase64: "" - insecureSkipVerify: false - - ingress: - # When enabled, the Traefik ingress controller is installed. - enabled: true - - ingress: - # Default SSL certificate and key for the ingress controller (Optional) - # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com - # If left blank, a self-signed cert is generated. - certificate: "" - key: "" - - #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. - ingressStaticIP: "" - - # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. - terminateHTTPSAtLoadBalancer: false - - frps: - frps: - enabled: false - frpHostURL: proxy.sample.spectrocloud.com - server: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - ca: - crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - service: - annotations: {} - - ui-system: - enabled: true - ui: - nocUI: - enable: true - mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette - mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID - - reachSystem: - enabled: false - proxySettings: - http_proxy: "" - https_proxy: "" - no_proxy: "" - ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. - scheduleOnControlPlane: true - ``` - - - - - - :::warning - - Ensure you configure the `values.yaml` file with the required parameters before proceeding. For the parameter - `ociImageRegistry.mirrorRegistries`, include `/v2` in your endpoints if you are using a - [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. - Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other - registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. Including `/v2` - for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: - `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. - - ::: - -10. This step is only required if you are installing VerteX in an environment where a network proxy must be configured - for VerteX to access the internet. If you are not using a network proxy, skip to the next step. - - Install the reach-system chart using the following command. Point to the **values.yaml** file you configured in - step 9. - - ```shell - helm upgrade --values vertex/values.yaml \ - reach-system extras/reach-system/reach-system-*.tgz --install - ``` - - ```shell hideClipboard - Release "reach-system" does not exist. Installing it now. - NAME: reach-system - LAST DEPLOYED: Mon Jan 29 17:04:23 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - - -
    - How to update containerd to use proxy configurations - - If your Kubernetes cluster is behind a network proxy, ensure the containerd service is configured to use proxy - settings. You can do this by updating the containerd configuration file on each node in the cluster. The - configuration file is typically located at ` /etc/systemd/system/containerd.service.d/http-proxy.conf`. Below is an - example of the configuration file. Replace the values with your proxy settings. Ask your network administrator for - guidance. - - ``` - [Service] - Environment="HTTP_PROXY=http://example.com:9090" - Environment="HTTPS_PROXY=http://example.com:9090" - Environment="NO_PROXY=127.0.0.1,localhost,100.64.0.0/17,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,,.cluster.local" - ``` - -
    - -11. Install the VerteX Helm Chart using the following command. - - ```shell - helm upgrade --values vertex/values.yaml \ - hubble vertex/spectro-mgmt-plane-*.tgz --install - ``` - - ```shell hideClipboard - Release "hubble" does not exist. Installing it now. - NAME: hubble - LAST DEPLOYED: Mon Jan 29 17:07:51 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -12. Track the installation process using the command below. VerteX is ready when the deployments in the namespaces - `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` reach the _Ready_ state. The - installation takes between two to three minutes to complete. - - - - ```shell - kubectl get pods --all-namespaces --watch - ``` - - :::tip - - For a more user-friendly experience, use the open source tool [k9s](https://k9scli.io/) to monitor the installation - process. - - ::: +- Complete the [Environment Setup](./kubernetes-airgap-instructions.md) steps before proceeding with the installation. -13. Create a DNS CNAME record that is mapped to the VerteX `traefik-ingress-controller` load balancer. You can use the - following command to retrieve the load balancer IP address. You may require the assistance of your network - administrator to create the DNS record. +- Do not use a VerteX-managed Kubernetes cluster when installing VerteX. VerteX-managed clusters contain the VerteX + agent and VerteX-created Kubernetes resources that will interfere with the installation of VerteX. - ```shell - kubectl get service traefik-ingress-controller --namespace ingress-traefik \ - --output jsonpath='{.status.loadBalancer.ingress[0].hostname}' - ``` - - :::warning - - If Palette VerteX has only one tenant and you use local accounts with Single Sign-On (SSO) disabled, you can access - Palette VerteX using the IP address or any domain name that resolves to that IP. However, once you enable SSO, users - must log in using the tenant-specific subdomain. For example, if you create a tenant named `tenant1` and the domain - name you assigned to Palette VerteX is `vertex.example.com`, the tenant URL will be `tenant1.vertex.example.com`. We - recommend you create an additional wildcard DNS record to map all tenant URLs to the Palette VerteX load balancer. - For example, `*.vertex.example.com`. - - ::: - -14. Use the custom domain name or the IP address of the load balancer to visit the VerteX system console. To access the - system console, open a web browser, paste the custom domain URL in the address bar, and append the value `/system`. - - The first time you visit the VerteX system console, a warning message about a not-trusted SSL certificate may - appear. This is expected, as you have not yet uploaded your SSL certificate to VerteX. You can ignore this warning - message and proceed. - - ![Screenshot of the VerteX system console showing Username and Password fields.](/vertex_install-on-kubernetes_install_system-console.webp) - -15. Log in to the system console using the following default credentials. Refer to the - [password requirements](../../../system-management/account-management/credentials.md#password-requirements-and-security) - documentation page to learn more about password requirements. - - | **Parameter** | **Value** | - | ------------- | --------- | - | Username | `admin` | - | Password | `admin` | - - After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be - redirected to the VerteX system console. Use the username `admin` and your new password to log in to the system - console. You can create additional system administrator accounts and assign roles to users in the system console. - Refer to the [Account Management](../../../system-management/account-management/account-management.md) documentation - page for more information. - -16. After login, a summary page is displayed. VerteX is installed with a self-signed SSL certificate. To assign a - different SSL certificate, you must upload the SSL certificate, SSL certificate key, and SSL certificate authority - files to VerteX. You can upload the files using the VerteX system console. Refer to the - [Configure HTTPS Encryption](../../../system-management/ssl-certificate-management.md) page for instructions on how - to upload the SSL certificate files to Palette. - - :::warning - - If you plan to deploy host clusters into different networks, you may require a reverse proxy. Check out the - [Configure Reverse Proxy](../../../system-management/reverse-proxy.md) guide for instructions on how to configure a - reverse proxy for VerteX. - - ::: +::: -You now have a self-hosted instance of VerteX installed in a Kubernetes cluster. Make sure you retain the -**values.yaml** file, as you may need it for future upgrades. +### Kubernetes Cluster + + + +- _(FIPS compliance only)_ The OS and Kubernetes cluster you are installing Palette VerteX onto must be FIPS-compliant. + Otherwise, Palette VerteX and its operations will not be FIPS-compliant. + +### Local Environment + + + +### Other Prerequisites + + + +## Install Palette VerteX + + + +### Cert-Manager Helm Chart + +3. + +### Spectro Management CRDs Helm Chart + +7. + +### VerteX Helm Chart + +8. + +### Image Swap Helm Chart + +11. + +### Reach System Helm Chart + +12. + +### Installation + +13. ## Validate -Use the following steps to validate the VerteX installation. - -1. Open up a web browser and navigate to the VerteX system console. To access the system console, open a web browser, - paste the `env.rootDomain` value you provided in the address bar, and append the value `/system` in the following - format: `/system`. You can also use the IP address of the load balancer. - -2. Log in using the credentials you received from our support team. After login, you will be prompted to create a new - password. Enter a new password and save your changes. You will be redirected to the VerteX system console. - -3. Open a terminal session and issue the following command to verify the VerteX installation. The command should return - a list of deployments in the `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` - namespaces. - - ```shell - kubectl get pods --all-namespaces --output custom-columns="NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.phase" \ - | grep --extended-regexp '^(cp-system|hubble-system|ingress-traefik|jet-system|ui-system)\s' - ``` - - Your output should look similar to the following. - - ```shell hideClipboard - cp-system spectro-cp-ui-689984f88d-54wsw Running - hubble-system auth-85b748cbf4-6drkn Running - hubble-system auth-85b748cbf4-dwhw2 Running - hubble-system cloud-fb74b8558-lqjq5 Running - hubble-system cloud-fb74b8558-zkfp5 Running - hubble-system configserver-685fcc5b6d-t8f8h Running - hubble-system event-68568f54c7-jzx5t Running - hubble-system event-68568f54c7-w9rnh Running - hubble-system foreq-6b689f54fb-vxjts Running - hubble-system hashboard-897bc9884-pxpvn Running - hubble-system hashboard-897bc9884-rmn69 Running - hubble-system hutil-6d7c478c96-td8q4 Running - hubble-system hutil-6d7c478c96-zjhk4 Running - hubble-system mgmt-85dbf6bf9c-jbggc Running - hubble-system mongo-0 Running - hubble-system mongo-1 Running - hubble-system mongo-2 Running - hubble-system msgbroker-6c9b9fbf8b-mcsn5 Running - hubble-system oci-proxy-7789cf9bd8-qcjkl Running - hubble-system packsync-28205220-bmzcg Succeeded - hubble-system spectrocluster-6c57f5775d-dcm2q Running - hubble-system spectrocluster-6c57f5775d-gmdt2 Running - hubble-system spectrocluster-6c57f5775d-sxks5 Running - hubble-system system-686d77b947-8949z Running - hubble-system system-686d77b947-cgzx6 Running - hubble-system timeseries-7865bc9c56-5q87l Running - hubble-system timeseries-7865bc9c56-scncb Running - hubble-system timeseries-7865bc9c56-sxmgb Running - hubble-system user-5c9f6c6f4b-9dgqz Running - hubble-system user-5c9f6c6f4b-hxkj6 Running - ingress-traefik traefik-ingress-controller-9dmzq Running - ingress-traefik traefik-ingress-controller-tpwtf Running - ingress-traefik traefik-ingress-controller-xz4jf Running - jet-system jet-6599b9856d-t9mr4 Running - ui-system spectro-ui-76ffdf67fb-rkgx8 Running - ``` + ## Next Steps diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md index 4551f48fffb..60d76a98051 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md @@ -9,96 +9,15 @@ tags: ["vertex", "enterprise"] keywords: ["self-hosted", "vertex"] --- -You can use the Palette VerteX Helm Chart to install VerteX in a multi-node Kubernetes cluster in your production -environment. +You can use the Palette VerteX Helm chart to install Palette VerteX in a multi-node Kubernetes cluster in your +production environment. -This installation method is common in secure environments with restricted network access that prohibits using VerteX -SaaS. Review our [architecture diagrams](../../../architecture/networking-ports.md) to ensure your Kubernetes cluster -has the necessary network connectivity for VerteX to operate successfully. +This installation method is common in secure environments with restricted network access that prohibits using Palette +VerteX SaaS. Review our [architecture diagrams](../../../architecture/networking-ports.md) to ensure your Kubernetes +cluster has the necessary network connectivity for Palette VerteX to operate successfully. ## Prerequisites -- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available. - -- [Helm](https://helm.sh/docs/intro/install/) is installed and available. - -- Access to the target Kubernetes cluster's kubeconfig file. You must be able to interact with the cluster using - `kubectl` commands and have sufficient permissions to install VerteX. We recommend using a role with cluster-admin - permissions to install VerteX. - -- Ensure `unzip` or a similar extraction utility is installed on your system. - -- The Kubernetes cluster must be set up on a version of Kubernetes that is compatible to your upgraded version. Refer to - the [Kubernetes Requirements](../install-palette-vertex.md#kubernetes-requirements) section to find the version - required for your Palette installation. - -- Ensure the Kubernetes cluster does not have Cert Manager installed. VerteX requires a unique Cert Manager - configuration to be installed as part of the installation process. If Cert Manager is already installed, you must - uninstall it before installing VerteX. - -- Palette requires a Container Storage Interface (CSI) to create Persistent Volumes, which are used to store persistent - data. You may install any CSI that is compatible with your Kubernetes cluster. - -- If you are using a _self-hosted MongoDB_ instance, such as MongoDB Atlas, ensure the MongoDB database has a user named - `hubble` with the permission `readWriteAnyDatabase`. Refer to the - [Add a Database User](https://www.mongodb.com/docs/guides/atlas/db-user/) guide for guidance on how to create a - database user in Atlas. - -- We recommend the following resources for VerteX. Refer to the - [VerteX size guidelines](../install-palette-vertex.md#size-guidelines) for additional sizing information. - - - 8 CPUs per node. - - - 16 GB Memory per node. - - - 110 GB Disk Space per node. - - - A minimum of three worker nodes or three untainted control plane nodes. - - - AMD64 (also known as x86_64) architecture. ARM-based nodes are not supported. - -- The following network ports must be accessible for VerteX to operate successfully. - - - TCP/443: Inbound and outbound to and from the VerteX management cluster. - - - TCP/6443: Outbound traffic from the VerteX management cluster to the deployed clusters' Kubernetes API server. - -- Ensure you have an SSL certificate that matches the domain name you will assign to VerteX. You will need this to - enable HTTPS encryption for VerteX. Reach out to your network administrator or security team to obtain the SSL - certificate. You need the following files: - - - x509 SSL certificate file in base64 format. - - - x509 SSL certificate key file in base64 format. - - - x509 SSL certificate authority file in base64 format. - -- Ensure the OS and Kubernetes cluster you are installing VerteX onto is FIPS-compliant. Otherwise, VerteX and its - operations will not be FIPS-compliant. - -- A [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) to manage persistent storage, with the - annotation `storageclass.kubernetes.io/is-default-class` set to `true`. To override the default StorageClass for a - workload, modify the `storageClass` parameter. Check out the - [Change the default StorageClass](https://kubernetes.io/docs/tasks/administer-cluster/change-default-storage-class/) - page to learn more about modifying StorageClasses. - -- Palette VerteX uses Traefik as the ingress controller. If you already have an ingress controller deployed in the - cluster, set the `ingress.enabled` parameter to `false` in the `values.yaml` file. - -- A custom domain and the ability to update Domain Name System (DNS) records. You will need this to enable HTTPS - encryption for VerteX. - -- Ensure VerteX has access to the required domains and ports. Refer to the - [Required Domains](../install-palette-vertex.md#proxy-requirements) section for more information. - -- If you are installing VerteX behind a network proxy server, ensure you have the Certificate Authority (CA) certificate - file in the base64 format. You will need this to enable VerteX to communicate with the network proxy server. - -- Access to the VerteX Helm Charts. Refer to the [Access VerteX](../../vertex.md#access-palette-vertex) for instructions - on how to request access to the Helm Chart. - -
    - :::warning Do not use a VerteX-managed Kubernetes cluster when installing VerteX. VerteX-managed clusters contain the VerteX agent @@ -106,715 +25,123 @@ and VerteX-created Kubernetes resources that will interfere with the installatio ::: -## Install VerteX - -The following instructions are written agnostic to the Kubernetes distribution you are using. Depending on the -underlying infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match -your environment. Reach out to our support team if you need assistance. - -1. Open a terminal session and navigate to the directory where you downloaded the Palette install zip file provided by - our support. Unzip the file to a directory named **vertex-install**. - - ```shell - unzip release-*.zip -d vertex-install - ``` - -2. Navigate to the release folder inside the **vertex-install** directory. - - ```shell - cd vertex-install/charts/release-* - ``` - -3. Install Cert Manager using the following command. Replace the actual file name of the Cert Manager Helm Chart with - the one you downloaded, as the version number may be different. - - ```shell - helm upgrade --values extras/cert-manager/values.yaml \ - cert-manager extras/cert-manager/cert-manager-*.tgz --install - ``` - - ```shell hideClipboard - Release "cert-manager" does not exist. Installing it now. - NAME: cert-manager - LAST DEPLOYED: Mon Jan 29 16:32:33 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -4. Install the Spectro Management CRDs chart. This chart contains Custom Resource Definitions (CRDs) required by - Palette VerteX, including Traefik CRDs, and must be installed before the main Palette VerteX Helm chart. When the - chart is installed, the custom resource types are registered with the Kubernetes API server; no pods are deployed. - - ```shell - helm upgrade --install spectro-mgmt-crds \ - extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz \ - --values extras/spectro-mgmt-crds/values.yaml - ``` - - ```shell hideClipboard title="Example output" - Release "spectro-mgmt-crds" does not exist. Installing it now. - NAME: spectro-mgmt-crds - LAST DEPLOYED: Mon Jan 29 16:35:00 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -5. Open the **values.yaml** in the **spectro-mgmt-plane** folder with a text editor of your choice. The **values.yaml** - contains the default values for the VerteX installation parameters. However, you must populate the following - parameters before installing VerteX. You can learn more about the parameters in the **values.yaml** file in the - [Helm Configuration Reference](vertex-helm-ref.md) page. - - | **Parameter** | **Description** | **Type** | - | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | - | `env.rootDomain` | The URL name or IP address you will use for the VerteX installation. | string | - | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for VerteX FIPS packs. These credentials are provided by our support team. | object | - | `ingress.enabled` | Whether to install the Traefik ingress controller. Set to `false` if you already have an ingress controller deployed in the cluster. | boolean | - | `reach-system` | Set `reach-system.enabled` to `true` and configure the `reach-system.proxySettings` parameters to configure VerteX to use a network proxy in your environment | object | - - :::info - - If you are installing VerteX by pulling required images from a private mirror registry, you will need to provide the - credentials to your registry in the **values.yaml** file. For more information, refer to - [Helm Configuration Reference](vertex-helm-ref.md#image-pull-secret). - - ::: - - Save the **values.yaml** file after you have populated the required parameters mentioned in the table. - - Select one of the following tabs to review an example of the **values.yaml** file with the required parameters - highlighted. - - - - - - - ```yaml {60,84-92} - ######################### - # Spectro Cloud Palette # - ######################### - - global: - imagePullSecret: - create: false - # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication - dockerConfigJson: "" - - # MongoDB Configuration - mongo: - # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas - internal: true - - # Mongodb URL. Only change if using Mongo Atlas. - databaseUrl: "mongo-0.mongo.hubble-system.svc.cluster.local,mongo-1.mongo.hubble-system.svc.cluster.local,mongo-2.mongo.hubble-system.svc.cluster.local" - # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. - databasePassword: "" - - #No. of mongo replicas to run, default is 3 - replicas: 3 - # The following only apply if mongo.internal == true - cpuLimit: "2000m" - memoryLimit: "4Gi" - pvcSize: "20Gi" - storageClass: "" # leave empty to use the default storage class - - config: - installationMode: "connected" #values can be connected or airgap. - - # SSO SAML Configuration (Optional for self-hosted type) - sso: - saml: - enabled: false - acsUrlRoot: "myfirstpalette.spectrocloud.com" - acsUrlScheme: "https" - audienceUrl: "https://www.spectrocloud.com" - entityId: "https://www.spectrocloud.com" - apiVersion: "v1" - - # Email Configurations. (Optional for self-hosted type) - email: - enabled: false - emailId: "noreply@spectrocloud.com" - smtpServer: "smtp.gmail.com" - smtpPort: 587 - insecureSkipVerifyTls: false - fromEmailId: "noreply@spectrocloud.com" - password: "" # base64 encoded SMTP password - - env: - # rootDomain is a DNS record which will be mapped to the traefik-ingress-controller load balancer - # E.g., myfirstpalette.spectrocloud.com - # - Mandatory if ingress.internal == false - # - Optional if ingress.internal == true (leave empty) - # - # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes - # E.g., *.myfirstpalette.spectrocloud.com - rootDomain: "vertex.example.com" - - # stableEndpointAccess is used when deploying EKS clusters in Private network type. - # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true - cluster: - stableEndpointAccess: false - - # registry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # insecureSkipVerify: false - # caCert: "" - - # ociPackRegistry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # baseContentPath: "" # - # insecureSkipVerify: false - # caCert: "" - - ociPackEcrRegistry: - endpoint: "15789037893.dkr.ecr.us-east-1.amazonaws.com" # - name: "VerteX Packs OCI" # - accessKey: "**************" # - secretKey: "**************" # - baseContentPath: "production-fips" # - isPrivate: true - insecureSkipVerify: false - caCert: "" - - # ociImageRegistry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # baseContentPath: "" # - # insecureSkipVerify: false - # caCert: "" - # mirrorRegistries: "" # See instructions below. - - # Instruction for mirrorRegistries. - # ---------------------------------- - # Please provide the registry endpoint for the following registries, separated by double colons (::): - # docker.io - # gcr.io - # ghcr.io - # k8s.gcr.io - # registry.k8s.io - # quay.io - # For each registry, follow this example format: - # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ - # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. - - imageSwapImages: - imageSwapInitImage: "us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap-init:v1.5.3-spectro-4.5.1" - imageSwapImage: "us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - - imageSwapConfig: - isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false - - grpc: - external: false - endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. - grpcStaticIP: "" - caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert - serverCrtBase64: "" - serverKeyBase64: "" - insecureSkipVerify: false - - ingress: - # When enabled, the Traefik ingress controller is installed. - enabled: true - - ingress: - # Default SSL certificate and key for the ingress controller (Optional) - # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com - # If left blank, a self-signed cert is generated. - certificate: "" - key: "" - - #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. - ingressStaticIP: "" - - # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. - terminateHTTPSAtLoadBalancer: false - - frps: - frps: - enabled: false - frpHostURL: proxy.sample.spectrocloud.com - server: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - ca: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - service: - annotations: {} - - ui-system: - enabled: true - ui: - nocUI: - enable: true - mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette - mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID - - reachSystem: - enabled: false - proxySettings: - http_proxy: "" - https_proxy: "" - no_proxy: "" - ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. - scheduleOnControlPlane: true - ``` - - - - - - ```yaml {60,75-82,94-102} - ######################### - # Spectro Cloud Palette # - ######################### - - global: - imagePullSecret: - create: false - # Provide your own base64 encoded dockerconfigjson value below if using ImagePullSecret for Private registry Authentication - dockerConfigJson: "" - - # MongoDB Configuration - mongo: - # Whether to deploy MongoDB in-cluster (internal == true) or use Mongo Atlas - internal: true - - # Mongodb URL. Only change if using Mongo Atlas. - databaseUrl: "mongo-0.mongo.hubble-system.svc.cluster.local,mongo-1.mongo.hubble-system.svc.cluster.local,mongo-2.mongo.hubble-system.svc.cluster.local" - # Mongo Atlas password, base64 encoded. Only enter if using Mongo Atlas. - databasePassword: "" - - #No. of mongo replicas to run, default is 3 - replicas: 3 - # The following only apply if mongo.internal == true - cpuLimit: "2000m" - memoryLimit: "4Gi" - pvcSize: "20Gi" - storageClass: "" # leave empty to use the default storage class - - config: - installationMode: "connected" #values can be connected or airgap. - - # SSO SAML Configuration (Optional for self-hosted type) - sso: - saml: - enabled: false - acsUrlRoot: "myfirstpalette.spectrocloud.com" - acsUrlScheme: "https" - audienceUrl: "https://www.spectrocloud.com" - entityId: "https://www.spectrocloud.com" - apiVersion: "v1" - - # Email Configurations. (Optional for self-hosted type) - email: - enabled: false - emailId: "noreply@spectrocloud.com" - smtpServer: "smtp.gmail.com" - smtpPort: 587 - insecureSkipVerifyTls: false - fromEmailId: "noreply@spectrocloud.com" - password: "" # base64 encoded SMTP password - - env: - # rootDomain is a DNS record which will be mapped to the traefik-ingress-controller load balancer - # E.g., myfirstpalette.spectrocloud.com - # - Mandatory if ingress.internal == false - # - Optional if ingress.internal == true (leave empty) - # - # IMPORTANT: a DNS record must be created separately and it must be a wildcard to account for Organization prefixes - # E.g., *.myfirstpalette.spectrocloud.com - rootDomain: "vertex.example.com" - - # stableEndpointAccess is used when deploying EKS clusters in Private network type. - # When your Saas installed instance have connectivity to the private VPC where you want to launch the cluster set the stableEndpointAccess to true - cluster: - stableEndpointAccess: false - - # registry: - # endpoint: "" # - # name: "" # - # password: "" # - # username: "" # - # insecureSkipVerify: false - # caCert: "" - - ociPackRegistry: - endpoint: "example.harbor.org" # - name: "VerteX Packs OCI" # - password: "**************" # - username: "**************" # - baseContentPath: "spectro-packs" # - insecureSkipVerify: false - caCert: "" - - # ociPackEcrRegistry: - # endpoint: "" # - # name: "" # - # accessKey: "" # - # secretKey: "" # - # baseContentPath: "" # - # isPrivate: true - # insecureSkipVerify: false - # caCert: "" - - ociImageRegistry: - endpoint: "example.harbor.org" # - name: "VerteX Images OCI" # - password: "**************" # - username: "**************" # - baseContentPath: "spectro-images" # - insecureSkipVerify: false - caCert: "" - mirrorRegistries: "" # See instructions below. - - # Instruction for mirrorRegistries. - # ---------------------------------- - # Please provide the registry endpoint for the following registries, separated by double colons (::): - # docker.io - # gcr.io - # ghcr.io - # k8s.gcr.io - # registry.k8s.io - # quay.io - # For each registry, follow this example format: - # docker.io::/v2/,gcr.io::/v2/,ghcr.io::/v2/,k8s.gcr.io::/v2/,registry.k8s.io::/v2/,quay.io::/v2/,us-docker.pkg.dev::/v2/ - # Replace with your actual registry endpoint and , , , , , and with the specific endpoint details for each registry. - - imageSwapImages: - imageSwapInitImage: "us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap-init:v1.5.3-spectro-4.5.1" - imageSwapImage: "us-docker.pkg.dev/palette-images-fips/palette/thewebroot/imageswap:v1.5.3-spectro-4.5.1" - - imageSwapConfig: - isEKSCluster: true #If the Cluster you are trying to install is EKS cluster set value to true else set to false - - grpc: - external: false - endpoint: "" #Please provide DNS endpoint with the port eg: msg.spectrocloud.com:443 - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the GRPC load balancer service. If empty, a dynamic IP will be generated. - grpcStaticIP: "" - caCertificateBase64: "" #Please provide caCertificate for the grpc server Cert - serverCrtBase64: "" - serverKeyBase64: "" - insecureSkipVerify: false - - ingress: - # When enabled, the Traefik ingress controller is installed. - enabled: true - - ingress: - # Default SSL certificate and key for the ingress controller (Optional) - # A wildcard cert for config.env.rootDomain, e.g., *.myfirstpalette.spectrocloud.com - # If left blank, a self-signed cert is generated. - certificate: "" - key: "" - - #If ACM is enabled please use grpc as a non internal and bring grpc on different LB. Provide certificate and dns for it. - annotations: {} - # AWS example - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: - # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - - # Azure example - # service.beta.kubernetes.io/azure-load-balancer-internal: "true" - # service.beta.kubernetes.io/azure-dns-label-name: myserviceuniquelabel - - # Static IP for the Ingress load balancer service. If empty, a dynamic IP will be generated. - ingressStaticIP: "" - - # For Service like AWS Load Balancer using https we would want to terminate the HTTPS at Load Balancer. - terminateHTTPSAtLoadBalancer: false - - frps: - frps: - enabled: false - frpHostURL: proxy.sample.spectrocloud.com - server: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURqekNDQW5lZ0F3SUJBZ0lVZTVMdXBBZGljd0Z1SFJpWWMyWEgzNTFEUzJJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk1qY3hNREV6TVRNeU5ERXlXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHCkExVUVDQk1DUTBFeEV6QVJCZ05WQkFjVENsTmhiblJoUTJ4aGNtRXhGVEFUQmdOVkJBb1RERk53WldOMGNtOUQKYkc5MVpERUxNQWtHQTFVRUN4TUNTVlF4SmpBa0JnTlZCQU1USFhCeWIzaDVMbk5oYlhCc1pTNXpjR1ZqZEhKdgpZMnh2ZFdRdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXd5bEt3MmlxClBXM2JrQU0wV3RhaEFLbEppcWFHd05LUDVRRTZ6ZW5NM2FURko3TjIwN0dWcUNGYzJHTDNodmNhTDFranZjeEkKK2lybHpkbm9hcVhUSmV3ZkJiTGs2SGVhZmdXUVp3NHNNeE5QRUVYYlNXYm54Mm03Y2FlbVJiUWZSQWhPWXRvWgpIWG1IMzQ1Q25mNjF0RnhMeEEzb0JRNm1yb0JMVXNOOUh2WWFzeGE5QUFmZUNNZm5sYWVBWE9CVmROalJTN1VzCkN5NmlSRXpEWFgvem1nOG5WWFUwemlrcXdoS3pqSlBJd2FQa2ViaXVSdUJYdEZ0VlQwQmFzS3VqbURzd0lsRFQKVmR4SHRRQUVyUmM4Q2Nhb20yUkpZbTd1aHNEYlo2WVFzS3JiMmhIbU5rNENVWUd5eUJPZnBwbzR2bFd1S2FEcgpsVFNYUXlPN0M0ejM1d0lEQVFBQm8xNHdYREJhQmdOVkhSRUVVekJSZ2dsc2IyTmhiR2h2YzNTSEJIOEFBQUdDCkhYQnliM2g1TG5OaGJYQnNaUzV6Y0dWamRISnZZMnh2ZFdRdVkyOXRnaDhxTG5CeWIzaDVMbk5oYlhCc1pTNXoKY0dWamRISnZZMnh2ZFdRdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEvRFJFVm54SWJRdi9uMDEvSQpJd1d0ekhKNGNHOUp6UlB6dmszNUcvRGJOVzZYZ0M3djBoWlFIVHg5bzMrckxoSUFiWTNmbjc1VEtlN3hMRWpiCkI3M3pGWURJSStkYzM5NkQzZU51M2NxRGIvY01kYmlFalhod2ttZk9NRm9qMnpOdHJIdzFsSjA0QlNFMWw1YWgKMDk0Vy9aaEQ2YTVLU3B0cDh1YUpKVmNrejRYMEdRWjVPYjZadGdxZVVxNytqWVZOZ0tLQzJCMW1SNjMyMDNsZwozVFZmZEkrdmI3b292dVdOOFRBVG9qdXNuS25WMmRMeTFBOWViWXYwMEM3WWZ6Q0NhODgrN2dzTGhJaUJjRHBPClJkWjU3QStKanJmSU5IYy9vNm5YWFhDZ2h2YkFwUVk1QnFnMWIzYUpUZERNWThUY0hoQVVaQzB5eU04bXcwMnQKWHRRQwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd3lsS3cyaXFQVzNia0FNMFd0YWhBS2xKaXFhR3dOS1A1UUU2emVuTTNhVEZKN04yCjA3R1ZxQ0ZjMkdMM2h2Y2FMMWtqdmN4SStpcmx6ZG5vYXFYVEpld2ZCYkxrNkhlYWZnV1FadzRzTXhOUEVFWGIKU1dibngybTdjYWVtUmJRZlJBaE9ZdG9aSFhtSDM0NUNuZjYxdEZ4THhBM29CUTZtcm9CTFVzTjlIdllhc3hhOQpBQWZlQ01mbmxhZUFYT0JWZE5qUlM3VXNDeTZpUkV6RFhYL3ptZzhuVlhVMHppa3F3aEt6akpQSXdhUGtlYml1ClJ1Qlh0RnRWVDBCYXNLdWptRHN3SWxEVFZkeEh0UUFFclJjOENjYW9tMlJKWW03dWhzRGJaNllRc0tyYjJoSG0KTms0Q1VZR3l5Qk9mcHBvNHZsV3VLYURybFRTWFF5TzdDNHozNXdJREFRQUJBb0lCQUFPVVZFeTFOTG9mczdFMgpmZFZVcm10R3I1U2RiVWRJRlYrTDREbzZtWWxQSmxhT0VoWGI0ZlROZDloNEtEWVBmaWwwSnhXcUU0U1RHTmZuCnNUMlRnUVhuQ01LZi8xYk1Lc2M0N3VjVStYYU9XaHJnVFI5UmhkckFjN0duODRLL3hQc0ljL2VZTEhHLzh1QUUKeWUvLzVmRkM2QmpXY0hUM1NkTlZnd3duamJudG5XTXIzTFJBVnJBamZBckxveWUwS0F2YytYdXJLTEVCcmMyVQpjaHlDbitZemJKN0VlSG44UXdQNGdBNXVSK0NCMFJPeFErYXIzS3M5YUhkZTQ1OEVNNEtLMnpUOXA4RWZRc1lFCkFtNUpxWjliR0JEVHV1dEkyNm9GK0pLQ1IzZzhXNERRcHVYRUZoVjlya0pMSm13RDhQb0JaclF6UzZvdmJhdkkKRk42QVM4RUNnWUVBOEcxQzFxZVh4dTQ4aEYxak5MTCswRmxkeWdFem9SMmFoRGJCai8weUZkQVVjU2pYTzk0NAozN1dORTBUUG10WG1Vc3NZTlBTR21XaWI2OUhicEFoMTY3SWVwNE9LaVlZdkozYm1oUC9WNzFvK3M0SWJlSHh1CkVJbWVVckFOZWRoQURVQnZ4c1lXRWxlVlVJSFFRcjY1VHM2ZjIrWkpTKzg4TU05bUorL3BmcmNDZ1lFQXo4MXgKR3JiSE5oak56RjhZMjhiK0hMNW5rdDR0SUdkU3hnbW9PMFFJeGkrQVNZTzB0WW42VFk0ZHI5ZXErMzE3b21ZawpMbDNtNENORDhudG1vYzRvWnM4SUpDQ0IrZjNqcTY4OHdoQU9vVHZ4dDhjZVJqOFRhRHl1SHZwS043OVNsVVd2CjBJd2ZRNDNIemd3SWJiSWhjcTRJVGswanI0VHdWbThia283VElGRUNnWUJoNnUzVXhHN0JHeGZVaE1BNW4waSsKREJkeGhPbkZEV3gzdW1FOHhrN1dxV2NaNnhzMWk3eTRCNVhNS2pNdkNUeURyYWxQTCtOOXFTZ1BjK216TmFybwo4aU1mOENmRStMeE5vMVFoQ0p6Vm5YaDUzVnhZeHJ5QXlidU1TNTFCYVh3MHFYQ2NrT0krV0NNOHBaSHZEUVFsCmYydUZ3SlZMY3NTZDBHbjNpL01ab3dLQmdBY1BzUjg2Uk15MnpROTd6OGx3R3FSNVorV2F2U2ZUdXdGVnhLeTIKNUNGdjdja1J1NnRMbEFEY3FtK1dRWTRvTm5KUFREMXpIV3hTWm5XdjhjM2Z4b212MFZRQThzbSs4ZVNjb05EcgpZTVBqMkpQcEpVTTMwMzRBU2Q1dG5PWUdEMVZaTjk4N1U3aWs4Ynd6dG5tYnl2MHRvc1NlWkc4TGNtdE5mVDllCnNSZnhBb0dCQUpTV1lDellyTlRMNnRUSnh5M2FqWm5jZkxrMEV0eWNCd05FRXZHVzVSVE9LOUFYTE96RzN0eHUKajZqWlRpaUFRU09aaVd0clJHU0U0bEkyQ1MvcjNjd3VuSGlnZlovd1dKZldkZ0JpRnZqOTVFbUVQWUZaRDRobQpkT3l5UHhRRXFTRmprQ21BS2plOFBpTDdpU01GbGhBZTZQWFljQlExdCtzd01UeXBnY3RrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - ca: - crt : LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNVENDQWhtZ0F3SUJBZ0lVSHhWK0ljVGZHUElzdW8yY3dqQ0Q0Z2RSTFFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tERW1NQ1FHQTFVRUF3d2RjSEp2ZUhrdWMyRnRjR3hsTG5Od1pXTjBjbTlqYkc5MVpDNWpiMjB3SGhjTgpNakl4TURFME1UTXlOREV5V2hjTk16WXdOakl5TVRNeU5ERXlXakFvTVNZd0pBWURWUVFEREIxd2NtOTRlUzV6CllXMXdiR1V1YzNCbFkzUnliMk5zYjNWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0MKQVFvQ2dnRUJBSy90WXBHVi9HRURUWnZzL25QQ2lOK0U3K1dOQ21GeU1NQjdkazVOT3JzQWZIaVVvZ1JRVUo0WQptSjhwVmYrSzhTRFBsdGNYcW40WVVTbmxiUERsVlBkWU5zOTEwT3RaS1EwNW96aUtGV2pNbS85NHlLSjVyVzNsCndDNEN0ayttUm9Ib0ZQQS81dmFVbVZHdlVadjlGY0JuL0pKN2F4WnRIQk1PRiticXQ0Zmd0ci9YMWdOeWhPVzUKZTVScGpESkozRjJTVnc5NUpBQSt4a3V3UitFSmVseEtnQVpxdDc0ejB4U2ROODZ0QzNtK0wxRGs2WVVlQWEzZApvM3Rsa3ZkeDV6dUJvSmI2QmpZWEV4UE1PbThRcHFNVWRLK3lDZUdrem9XQStDOUtFdGtVaERCWktENStNWXRZCktVMUh1RXJCbmw2Z3BuWTRlbzJjVTRxdkNwZzZ4S3NDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRklKMkRkTjgKc2ZtVjRCT1ZFL0FjZ0VEejArNmlNQjhHQTFVZEl3UVlNQmFBRklKMkRkTjhzZm1WNEJPVkUvQWNnRUR6MCs2aQpNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQWhQVi9RMVl1YWVTOTZVCmhjVGQ4RWdJaHhpbHFiTWlTQm5WaVdrdlJzWk94UUIwNTFScWtwT3g0UTRsckdaOGVJWWc3T0trTTdzejhuTVQKL2pxS21sZDY0MzJCcURCMlNkNVp5ZFdReHAwU1laRTlnVWszYk9KRGtZVXQ4b1cvZDBWeG9uU05LQVN3QmZKaApWV1VZUUlpNm55K0ZZZmtuRFNvRnFlY2Z3SDBQQVUraXpnMkI3KzFkbko5YisyQ21IOUVCallOZ2hoNlFzVlFQCkh2SkdQQURtandPNkJOam5HK0Z3K0Z6cmFXUTNCTjAwb08zUjF6UmgxZERmTTQzR3oxRmZGRW5GSXI5aGFuUnQKWHJFZm8vZWU5bjBLWUFESEJnV1g4dlhuNHZrRmdWRjgwYW9MUUJSQTBxWXErcW1pVlp6YnREeE9ldFEyRWFyTQpyNmVWL0lZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - service: - annotations: {} - - ui-system: - enabled: true - ui: - nocUI: - enable: true - mapBoxAccessToken: "" # Leave Empty to use Default Access Token from Palette - mapBoxStyledLayerID: "" # Leave Empty to use Default Style Layer ID - - reachSystem: - enabled: false - proxySettings: - http_proxy: "" - https_proxy: "" - no_proxy: "" - ca_crt_path: "" # Set the 'ca_crt_path' parameter to the location of the certificate file on each node. This file should contain the Proxy CA Certificate, in case the Proxy being used requires a certificate. - scheduleOnControlPlane: true - ``` - - - - - - :::warning - - Ensure you have configured the **values.yaml** file with the required parameters before proceeding to the next - steps. - - ::: - -6. This step is only required if you are installing Palette in an environment where a network proxy must be configured - for Palette to access the internet. If you are not using a network proxy, skip to the next step. - - Install the reach-system chart using the following command. Point to the **values.yaml** file you configured in - step 5. Make sure you configure the `reach-system.enable` section in the **values.yaml** file. - - ```shell - helm upgrade --values vertex/values.yaml \ - reach-system extras/reach-system/reach-system-*.tgz --install - ``` - - ```shell hideClipboard - Release "reach-system" does not exist. Installing it now. - NAME: reach-system - LAST DEPLOYED: Mon Jan 29 17:04:23 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - - -
    - How to update containerd to use proxy configurations - - If your Kubernetes cluster is behind a network proxy, ensure the containerd service is configured to use proxy - settings. You can do this by updating the containerd configuration file on each node in the cluster. The - configuration file is typically located at ` /etc/systemd/system/containerd.service.d/http-proxy.conf`. Below is an - example of the configuration file. Replace the values with your proxy settings. Ask your network administrator for - guidance. - - ``` - [Service] - Environment="HTTP_PROXY=http://example.com:9090" - Environment="HTTPS_PROXY=http://example.com:9090" - Environment="NO_PROXY=127.0.0.1,localhost,100.64.0.0/17,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,,.cluster.local" - ``` - -
    - -7. Install the VerteX Helm Chart using the following command. - - ```shell - helm upgrade --values vertex/values.yaml \ - hubble vertex/spectro-mgmt-plane-*.tgz --install - ``` - - ```shell hideClipboard - Release "hubble" does not exist. Installing it now. - NAME: hubble - LAST DEPLOYED: Mon Jan 29 17:07:51 2024 - NAMESPACE: default - STATUS: deployed - REVISION: 1 - TEST SUITE: None - ``` - -8. Track the installation process using the command below. VerteX is ready when the deployments in the namespaces - `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` reach the _Ready_ state. The - installation takes between two to three minutes to complete. - - - - ```shell - kubectl get pods --all-namespaces --watch - ``` - - :::tip - - For a more user-friendly experience, use the open source tool [k9s](https://k9scli.io/) to monitor the installation - process. - - ::: - -9. Create a DNS CNAME record that is mapped to the VerteX `traefik-ingress-controller` load balancer. You can use the - following command to retrieve the load balancer IP address. You may require the assistance of your network - administrator to create the DNS record. - - ```shell - kubectl get service traefik-ingress-controller --namespace ingress-traefik \ - --output jsonpath='{.status.loadBalancer.ingress[0].hostname}' - ``` - - :::warning - - If Palette VerteX has only one tenant and you use local accounts with Single Sign-On (SSO) disabled, you can access - Palette VerteX using the IP address or any domain name that resolves to that IP. However, once you enable SSO, users - must log in using the tenant-specific subdomain. For example, if you create a tenant named `tenant1` and the domain - name you assigned to Palette VerteX is `vertex.example.com`, the tenant URL will be `tenant1.vertex.example.com`. We - recommend you create an additional wildcard DNS record to map all tenant URLs to the Palette VerteX load balancer. - For example, `*.vertex.example.com`. - - ::: - -10. Use the custom domain name or the IP address of the load balancer to visit the VerteX system console. To access the - system console, open a web browser and paste the custom domain URL in the address bar and append the value - `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer. - Alternatively, you can use the load balancer IP address with the appended value `/system` to access the system - console. - - The first time you visit the VerteX system console, a warning message about a not-trusted SSL certificate may - appear. This is expected, as you still need to upload your SSL certificate to VerteX. You can ignore this warning - message and proceed. - - ![Screenshot of the VerteX system console showing Username and Password fields.](/vertex_install-on-kubernetes_install_system-console.webp) - -11. Log in to the system console using the following default credentials. Refer to the - [password requirements](../../system-management/account-management/credentials.md#password-requirements-and-security) - documentation page to learn more about password requirements. - - | **Parameter** | **Value** | - | ------------- | --------- | - | Username | `admin` | - | Password | `admin` | - - After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be - redirected to the VerteX system console. Use the username `admin` and your new password to log in to the system - console. You can create additional system administrator accounts and assign roles to users in the system console. - Refer to the [Account Management](../../system-management/account-management/account-management.md) documentation - page for more information. - -12. After login, a summary page is displayed. VerteX is installed with a self-signed SSL certificate. To assign a - different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority - files to VerteX. You can upload the files using the VerteX system console. Refer to the - [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to - upload the SSL certificate files to VerteX. - - :::warning - - If you plan to deploy host clusters into different networks, you may require a reverse proxy. Check out the - [Configure Reverse Proxy](../../system-management/reverse-proxy.md) guide for instructions on how to configure a - reverse proxy for VerteX. - - ::: - -You now have a self-hosted instance of VerteX installed in a Kubernetes cluster. Make sure you retain the -**values.yaml** file as you may need it for future upgrades. +### Kubernetes Cluster + + + +- _(FIPS compliance only)_ The OS and Kubernetes cluster you are installing Palette VerteX onto must be FIPS-compliant. + Otherwise, Palette VerteX and its operations will not be FIPS-compliant. + +### Local Environment + + + +- An image pull secret from Spectro Cloud customer support, required to pull images from Spectro Cloud OCI registries. + This is not required if you plan to use [mirror registries](../../system-management/registry-override.md) or + [image swap](../../../clusters/cluster-management/image-swap.md) when pulling images. Refer to + [Configure Image Pull Secret for Security-Hardened Images](../../system-management/configure-image-pull-secret.md) for + more information. + +### Other Prerequisites + + + +## Install Palette VerteX + + + +### Cert-Manager Helm Chart + +3. + +### Spectro Management CRDs Helm Chart + +6. + +### VerteX Helm Chart + +7. + +### Image Swap Helm Chart + +10. + +### Reach System Helm Chart + +11. + +### Installation + +12. ## Validate -Use the following steps to validate the VerteX installation. - -1. To access the VerteX system console, open a web browser and paste the `env.rootDomain` value you provided in the - address bar and append the value `/system`. You can also use the IP address of the load balancer. - -2. Log in using the credentials you received from our support team. After login, you will be prompted to create a new - password. Enter a new password and save your changes. You will be redirected to the VerteX system console. - -3. Open a terminal session and issue the following command to verify the VerteX installation. The command should return - a list of deployments in the `cp-system`, `hubble-system`, `ingress-traefik`, `jet-system`, and `ui-system` - namespaces. - - ```shell - kubectl get pods --all-namespaces --output custom-columns="NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.phase" \ - | grep --extended-regexp '^(cp-system|hubble-system|ingress-traefik|jet-system|ui-system)\s' - ``` - - Your output should look similar to the following. - - ```shell hideClipboard - cp-system spectro-cp-ui-689984f88d-54wsw Running - hubble-system auth-85b748cbf4-6drkn Running - hubble-system auth-85b748cbf4-dwhw2 Running - hubble-system cloud-fb74b8558-lqjq5 Running - hubble-system cloud-fb74b8558-zkfp5 Running - hubble-system configserver-685fcc5b6d-t8f8h Running - hubble-system event-68568f54c7-jzx5t Running - hubble-system event-68568f54c7-w9rnh Running - hubble-system foreq-6b689f54fb-vxjts Running - hubble-system hashboard-897bc9884-pxpvn Running - hubble-system hashboard-897bc9884-rmn69 Running - hubble-system hutil-6d7c478c96-td8q4 Running - hubble-system hutil-6d7c478c96-zjhk4 Running - hubble-system mgmt-85dbf6bf9c-jbggc Running - hubble-system mongo-0 Running - hubble-system mongo-1 Running - hubble-system mongo-2 Running - hubble-system msgbroker-6c9b9fbf8b-mcsn5 Running - hubble-system oci-proxy-7789cf9bd8-qcjkl Running - hubble-system packsync-28205220-bmzcg Succeeded - hubble-system spectrocluster-6c57f5775d-dcm2q Running - hubble-system spectrocluster-6c57f5775d-gmdt2 Running - hubble-system spectrocluster-6c57f5775d-sxks5 Running - hubble-system system-686d77b947-8949z Running - hubble-system system-686d77b947-cgzx6 Running - hubble-system timeseries-7865bc9c56-5q87l Running - hubble-system timeseries-7865bc9c56-scncb Running - hubble-system timeseries-7865bc9c56-sxmgb Running - hubble-system user-5c9f6c6f4b-9dgqz Running - hubble-system user-5c9f6c6f4b-hxkj6 Running - ingress-traefik traefik-ingress-controller-9dmzq Running - ingress-traefik traefik-ingress-controller-tpwtf Running - ingress-traefik traefik-ingress-controller-xz4jf Running - jet-system jet-6599b9856d-t9mr4 Running - ui-system spectro-ui-76ffdf67fb-rkgx8 Running - ``` + ## Next Steps - - -## Resources - -- [Enterprise Install Troubleshooting](../../../troubleshooting/enterprise-install.md) + diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/uninstall.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/uninstall.md index 48fe4c7a67c..f4b114f0209 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/uninstall.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/uninstall.md @@ -40,28 +40,35 @@ install VerteX, this process does not apply. kubectl config current-context ``` -2. Issue the following command to start uninstalling the Vertex management plane. This will only remove the resources - managed by Helm and the remaining resources will require additional manual intervention. +2. Issue the following command to start uninstalling the Palette VerteX management plane. This will only remove the + resources managed by Helm. The remaining resources will require additional manual intervention. ```shell helm uninstall hubble ``` -3. Issue the following command to remove the namespace and custom resource definitions related to Vertex management - plane. +3. Remove the namespace and custom resource definitions related to the Palette VerteX management plane. ```shell - kubectl delete namespace hubble-system || kubectl delete crd spectroclusteractions.jet.cluster.spectrocloud.com + kubectl delete namespace hubble-system + kubectl delete crd spectroclusteractions.jet.cluster.spectrocloud.com ``` -4. Issue the following command to uninstall Cert Manager. Cert Manager does not reply on any Helm hooks and the Helm - uninstall command will uninstall all related resources. +4. Uninstall Cert Manager. ```shell helm uninstall cert-manager + kubectl delete namespace cert-manager ``` -5. (Optional) If you installed Reach, issue the following command to start uninstalling Reach. This will remove all +5. Uninstall the Spectro Management CRDs chart. + + ```shell + helm uninstall spectro-mgmt-crds + ``` + +6. _(Proxy environments only)_ If you installed Palette VerteX in an environment where a network proxy is configured for + Palette VerteX to access the internet, issue the following command to start uninstalling Reach. This will remove all resources related to Reach that are managed by Helm. However, some resources created by Helm hooks are not managed by Helm and will require additional manual intervention to remove. @@ -69,7 +76,7 @@ install VerteX, this process does not apply. helm uninstall reach-system ``` -6. (Optional) Issue the following commands to remove the remaining Reach system resources. +7. _(Proxy environments only)_ Issue the following commands to remove the remaining Reach system resources. ```shell kubectl delete ns reach-system @@ -83,13 +90,15 @@ install VerteX, this process does not apply. kubectl delete clusterrole reach-proxy-role ``` -7. (Optional) If you installed Image Swap, issue the following command to remove the `image-swap` chart. +8. _(Self-hosted OCI registry only)_ If you use image swap for self-hosted OCI registries, issue the following command + to remove the `image-swap` chart. ```shell helm uninstall image-swap ``` -8. (Optional) Issue the following commands to remove the remaining resources related to `image-swap`. +9. _(Self-hosted OCI registry only)_ Issue the following commands to remove the remaining resources related to + `image-swap`. ```shell kubectl delete ns imageswap-system diff --git a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md index 1b3d2df8270..782e535692c 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/vertex-helm-ref.md @@ -37,36 +37,51 @@ The global block allows you to provide configurations that apply globally to the ### Image Pull Secret -This section is only relevant if you are using your own private registry to host the images required for the Palette -installation process. +:::warning -The `imagePullSecret` block allows you to provide image pull secrets that will be used to authenticate with private -registries to obtain the images required for Palette VerteX installation. +Spectro Cloud's image pull secret will be required in an upcoming release for any users pulling images from a Spectro +Cloud-owned registry. This is a breaking change. We recommend obtaining your secret as soon as possible to avoid service +disruptions. Refer to +[Configure Image Pull Secret for Security-Hardened Images](../../system-management/configure-image-pull-secret.md) for +more information. -| **Parameters** | **Description** | **Type** | **Default value** | -| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | -| `create` | Specifies whether to create a secret containing credentials to your own private image registry. | Boolean | `false` | -| `dockerConfigJson` | The **config.json** file value containing the registry URL and credentials for your image registry in base64 encoded format on a single line. For more information about the **config.json** file, refer to [Kubernetes Documentation](https://kubernetes.io/docs/concepts/containers/images/#config-json). | String | None | +::: -:::info +The `imagePullSecret` block configures the image pull secret used to authenticate with private registries. Palette +VerteX always creates a Kubernetes Secret named `spectro-image-pull-secret` from this value and distributes it to the +management plane, workload clusters, and PCGs. The secret serves the following purposes: -To obtain the base-64 encoded version of the credential `config.json` file, you can issue the following command. Replace -`` with the path to your `config.json` file. The `tr -d '\n'` removes new line characters -and produce the output on a single line. +- **Spectro Cloud registry authentication** - Authenticates with Spectro Cloud's registries to pull security-hardened + images. These images are used by the management plane, workload clusters, and PCGs. To obtain this secret, contact + your Spectro Cloud customer support representative. Refer to + [Configure Image Pull Secret for Security-Hardened Images](../../system-management/configure-image-pull-secret.md) for + more information. -```shell -cat | base64 | tr -d '\n' -``` +- **Private registry authentication** - If you host Palette images in your own private registry, the secret provides the + credentials needed to pull those images. -::: +| **Parameters** | **Description** | **Type** | **Default value** | +| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | +| `dockerConfigJson` | The values of the `config.json` file encoded in base64 as a single string, containing the registry URL and credentials for your image registry. For more information about the `config.json` file, refer to the [Kubernetes Documentation](https://kubernetes.io/docs/concepts/containers/images/#config-json). | String | `""` | ```yaml global: imagePullSecret: - create: true dockerConfigJson: ewoJImF1dGhzHsKCQkiaG9va3......MiOiAidHJ1ZSIKCX0KfQ # Base64 encoded config.json ``` +:::info + +To obtain the base64-encoded version of your `config.json` file, use the following command. Replace +`` with the path to your `config.json` file. The `tr --delete '\n'` removes new line +characters and produces the output on a single line. + +```shell +cat | base64 | tr --delete '\n' +``` + +::: + ## MongoDB Palette VerteX uses MongoDB Enterprise as its internal database and supports two modes of deployment: diff --git a/docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md b/docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md index 340139967de..5426cf4fee4 100644 --- a/docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md +++ b/docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md @@ -62,6 +62,7 @@ distribution OVA. | **Palette Version** | **Kubernetes Version** | | ------------------- | ---------------------- | +| 4.9.21 | 1.34.9 | | 4.9.14 | 1.34.6 | | 4.9.5 | 1.34.6 | | 4.8.47 | 1.33.9 | diff --git a/docs/docs-content/vertex/system-management/configure-image-pull-secret.md b/docs/docs-content/vertex/system-management/configure-image-pull-secret.md new file mode 100644 index 00000000000..346eaf7f8a9 --- /dev/null +++ b/docs/docs-content/vertex/system-management/configure-image-pull-secret.md @@ -0,0 +1,110 @@ +--- +sidebar_label: "Configure Image Pull Secret" +title: "Configure Image Pull Secret for Security-Hardened Images" +description: + "Learn how to request and configure an image pull secret from Spectro Cloud, used for retrieving security hardened + images." +icon: "" +hide_table_of_contents: false +sidebar_position: 29 +tags: ["self-hosted", "account", "image pull secret", "hardened images", "security"] +keywords: ["self-hosted", "vertex", "image pull secret", "hardened images", "security"] +--- + + + +## When to Configure Image Pull Secret + +Depending on how your environment retrieves images, you may or may not need to configure Spectro Cloud's image pull +secret. + +### Configuration Required + + + +### Configuration Not Required + + + +## Configure Image Pull Secret + +Depending on your installation method, you can configure Spectro Cloud's image pull secret during or after installing +self-hosted Palette. + +### During Installation + + + +#### Helm Chart Installations + + + +### Post-Installation + + + +#### Prerequisites + + + +#### Enablement + + + +#### Validate + + diff --git a/docs/docs-content/vertex/upgrade/upgrade-k8s/airgap.md b/docs/docs-content/vertex/upgrade/upgrade-k8s/airgap.md index 4b5ca983f6a..2893d22aed0 100644 --- a/docs/docs-content/vertex/upgrade/upgrade-k8s/airgap.md +++ b/docs/docs-content/vertex/upgrade/upgrade-k8s/airgap.md @@ -250,50 +250,53 @@ Kubernetes. ::: -8. Navigate to the directory with the Palette VerteX installation zip file. Unzip the file to a **palette-install** - directory. +8. Navigate to the directory where you downloaded the Palette VerteX install zip file provided by our support team. + Unzip the file to a directory named `vertex-install`. ```shell - unzip release-*.zip -d palette-install + unzip charts.zip -d vertex-install ``` -9. Navigate to the release directory inside **palette-install**. +9. Navigate to the `vertex-install` directory. ```shell - cd palette-install/charts/release-* + cd vertex-install ``` -10. In a code editor of your choice, open the **extras/cert-manager/values.yaml** file and replace the - `cainjectorImage`,`controllerImage`, `webhookImage`, and `amceResolverImage` image URLs and with your OCI image - registry URL and the `/spectro-images/` namespace. - - ```yaml {2-5} - image: - cainjectorImage: "/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.17.0-spectro-4.6.1" - controllerImage: "/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.17.0-spectro-4.6.1" - webhookImage: "/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.17.0-spectro-4.6.1" - amceResolverImage: "/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.17.0-spectro-4.6.1" +10. Open the file `extras/cert-manager/values.yaml` with a text editor of your choice. This example uses Vim. - featureGates: "AdditionalCertificateOutputFormats=true" + ```shell + vim extras/cert-manager/values.yaml ``` - Consider the following example for reference. + Append `` to each image, along with the `` where you want to store your images. - ```yaml {2-5} + ```yaml image: - cainjectorImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.17.0-spectro-4.6.1" - controllerImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.17.0-spectro-4.6.1" - webhookImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.17.0-spectro-4.6.1" - amceResolverImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.17.0-spectro-4.6.1" + cainjectorImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.19.3-spectro-4.8.b" + controllerImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.19.3-spectro-4.8.b" + webhookImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.19.3-spectro-4.8.b" + amceResolverImage: "//us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.19.3-spectro-4.8.b" + ``` - featureGates: "AdditionalCertificateOutputFormats=true" + In the example below, we used `harbor.docs.spectro.dev` for the registry and `spectro-images` for the repository. + + ```yaml {2-5} hideClipboard title="Example output" + image: + cainjectorImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-cainjector:v1.19.3-spectro-4.8.b" + controllerImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-controller:v1.19.3-spectro-4.8.b" + webhookImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-webhook:v1.19.3-spectro-4.8.b" + amceResolverImage: "harbor.docs.spectro.dev/spectro-images/us-docker.pkg.dev/palette-images-fips/palette/spectro-cert-manager/cert-manager-acmesolver:v1.19.3-spectro-4.8.b" ``` 11. Update the cert-manager chart using the following command. ```shell - helm upgrade --values extras/cert-manager/values.yaml \ - cert-manager extras/cert-manager/cert-manager-*.tgz --install + helm upgrade --install cert-manager \ + ./extras/cert-manager/cert-manager-*.tgz \ + --namespace cert-manager \ + --create-namespace \ + --values ./extras/cert-manager/values.yaml ``` You should receive an output similar to the following. @@ -311,7 +314,9 @@ Kubernetes. 12. Upgrade the Spectro Management CRDs chart. ```shell - helm upgrade --install spectro-mgmt-crds extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz + helm upgrade --install spectro-mgmt-crds \ + extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz \ + --values extras/spectro-mgmt-crds/values.yaml ``` You should receive an output similar to the following. @@ -339,10 +344,11 @@ Kubernetes. ::: -14. Upgrade the image-swap chart with the following command. Point to the `palette/values.yaml` file from step 13. +14. _(Self-hosted OCI registry only)_ If you use image swap for self-hosted OCI registries, upgrade the image-swap chart + with the following command. Point to the `vertex/values.yaml` file from step 13. ```shell - helm upgrade --values palette/values.yaml \ + helm upgrade --values vertex/values.yaml \ image-swap extras/image-swap/image-swap-*.tgz --install ``` @@ -358,11 +364,13 @@ Kubernetes. TEST SUITE: None ``` -15. Upgrade the reach-system chart with the following command. Point to the `palette/values.yaml` file from step 13. +15. _(Proxy environments only)_ If you are upgrading a Palette VerteX instance in an environment where a network proxy + must be configured for Palette VerteX to access the internet, upgrade the reach-system chart with the following + command. Point to the `vertex/values.yaml` file from step 13. ```shell - helm upgrade --values palette/values.yaml \ - reach-system extras/reach-system/reach-system-\*.tgz --install + helm upgrade --values vertex/values.yaml \ + reach-system extras/reach-system/reach-system-*.tgz --install ``` You should receive an output similar to the following. @@ -380,8 +388,8 @@ Kubernetes. 16. Upgrade Palette VerteX with the following command. ```shell - helm upgrade --values palette/values.yaml \ - hubble palette/spectro-mgmt-plane-\*.tgz --install + helm upgrade --values vertex/values.yaml \ + hubble vertex/spectro-mgmt-plane-*.tgz --install ``` You should receive an output similar to the following. diff --git a/docs/docs-content/vertex/upgrade/upgrade-k8s/non-airgap.md b/docs/docs-content/vertex/upgrade/upgrade-k8s/non-airgap.md index 4114d7068b9..ad26290ff1d 100644 --- a/docs/docs-content/vertex/upgrade/upgrade-k8s/non-airgap.md +++ b/docs/docs-content/vertex/upgrade/upgrade-k8s/non-airgap.md @@ -56,24 +56,27 @@ match your environment. ::: -1. Open a terminal session and navigate to the directory with the Palette VerteX installation zip file. Unzip the file - to a **palette-install** directory. +1. Open a terminal session and navigate to the directory where you downloaded the Palette VerteX install ZIP file + provided by our support team. Unzip the file to a directory named `vertex-install`. ```shell - unzip release-*.zip -d palette-install + unzip charts.zip -d vertex-install ``` -2. Navigate to the release directory inside **palette-install**. +2. Navigate to the `vertex-install` directory. ```shell - cd palette-install/charts/release-* + cd vertex-install ``` 3. Update the cert-manager chart using the following command. ```shell - helm upgrade --values extras/cert-manager/values.yaml \ - cert-manager extras/cert-manager/cert-manager-*.tgz --install + helm upgrade --install cert-manager \ + ./extras/cert-manager/cert-manager-*.tgz \ + --namespace cert-manager \ + --create-namespace \ + --values ./extras/cert-manager/values.yaml ``` You should receive an output similar to the following. @@ -91,7 +94,9 @@ match your environment. 4. Upgrade the Spectro Management CRDs chart. ```shell - helm upgrade --install spectro-mgmt-crds extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz + helm upgrade --install spectro-mgmt-crds \ + extras/spectro-mgmt-crds/spectro-mgmt-crds-*.tgz \ + --values extras/spectro-mgmt-crds/values.yaml ``` You should receive an output similar to the following. @@ -121,15 +126,25 @@ match your environment. Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. Including `/v2` for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. For example: - `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. - ::: +- Ensure that the `values.yaml` file is ready before proceeding. If you are using a self-hosted OCI registry, make sure + that the `ociImageRegistry.mirrorRegistries` parameter in your `values.yaml` includes the necessary mirror links. + +- Include `/v2` in your endpoints if you are using a + [Harbor registry with a proxy cache](https://goharbor.io/docs/2.1.0/administration/configure-proxy-cache/) project. + Harbor proxy cache projects use `/v2` as part of their internal URL routing for cached images. For all other + registries, omit `/v2`, as the container runtime automatically appends `/v2` when making API calls. + + Including `/v2` for non-proxy-cache registries results in a doubled `/v2/v2/` path, which causes image pull failures. + For example: `docker.io::harbor.example.org/v2/proxy-cache-project/docker.io`. + + ::: -6. If you are using a self-hosted OCI registry, upgrade the image-swap chart with the following command. Point to the - `palette/values.yaml` file from step 5. +6. _(Self-hosted OCI registry only)_ If you use image swap for self-hosted OCI registries, upgrade the image-swap chart + with the following command. Point to the `vertex/values.yaml` file from step 5. ```shell - helm upgrade --values palette/values.yaml \ + helm upgrade --values vertex/values.yaml \ image-swap extras/image-swap/image-swap-*.tgz --install ``` @@ -145,12 +160,13 @@ match your environment. TEST SUITE: None ``` -7. If you are upgrading a Palette VerteX instance in an environment that requires network proxy configuration, upgrade - the reach-system chart with the following command. Point to the `palette/values.yaml` file from step 5. +7. _(Proxy environments only)_ If you are upgrading a Palette VerteX instance in an environment where a network proxy + must be configured for Palette VerteX to access the internet, upgrade the reach-system chart with the following + command. Point to the `vertex/values.yaml` file from step 5. ```shell - helm upgrade --values palette/values.yaml \ - reach-system extras/reach-system/reach-system-\*.tgz --install + helm upgrade --values vertex/values.yaml \ + reach-system extras/reach-system/reach-system-*.tgz --install ``` You should receive an output similar to the following. @@ -168,8 +184,8 @@ match your environment. 8. Upgrade Palette VerteX with the following command. ```shell - helm upgrade --values palette/values.yaml \ - hubble palette/spectro-mgmt-plane-\*.tgz --install + helm upgrade --values vertex/values.yaml \ + hubble vertex/spectro-mgmt-plane-*.tgz --install ``` You should receive an output similar to the following. diff --git a/docs/docs-content/vm-management/launchpad-for-vms/install-vmla-iso.md b/docs/docs-content/vm-management/launchpad-for-vms/install-vmla-iso.md index 4a9d6c6eac3..12695481130 100644 --- a/docs/docs-content/vm-management/launchpad-for-vms/install-vmla-iso.md +++ b/docs/docs-content/vm-management/launchpad-for-vms/install-vmla-iso.md @@ -133,9 +133,18 @@ Each device where you install the Launchpad for VMs Appliance ISO must meet the 2. Log in with the username and password you created during installation. -3. In the **Network interfaces** section, beside **Bonds**, select **Create**. +3. If you need to change the interface used for management traffic, locate the **Management Interface** field and select + the interface to use. Local UI can override the management interface selected during TUI configuration. -4. Complete the fields on the **Create Bond** screen and select **Confirm**. + :::warning + + Changing the management interface may cause Local UI connectivity loss. + + ::: + +4. In the **Network interfaces** section, beside **Bonds**, select **Create**. + +5. Complete the fields on the **Create Bond** screen and select **Confirm**. | **Parameter** | **Description** | | ---------------------------- | ---------------------------------------------------------------------------------------------- | @@ -156,9 +165,9 @@ Each device where you install the Launchpad for VMs Appliance ISO must meet the ::: -5. In the **Network interfaces** section, beside **Bridges**, select **Create**. +6. In the **Network interfaces** section, beside **Bridges**, select **Create**. -6. Complete the fields on the **Create Bridge** screen and select **Confirm**. +7. Complete the fields on the **Create Bridge** screen and select **Confirm**. | **Parameter** | **Description** | | --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | diff --git a/docs/docs-content/vm-management/launchpad-for-vms/vmo-networking.md b/docs/docs-content/vm-management/launchpad-for-vms/vmo-networking.md index 8ec51ff468b..6349e68dbbd 100644 --- a/docs/docs-content/vm-management/launchpad-for-vms/vmo-networking.md +++ b/docs/docs-content/vm-management/launchpad-for-vms/vmo-networking.md @@ -20,13 +20,37 @@ For the VM Appliance, Cilium is used to provide a way to achieve that goal. It d requirements for the host network configuration and for the Kubernetes worker nodes in order to have valid network targets to bridge the VMs onto. -This page examines either a two-NIC, one-bond network configuration deployment or a four-NIC, two-bond network -configuration deployment. You can do alternative configurations but they must have a bridge of `br0` as a prerequisite. +This page examines a two-NIC, one-bond network configuration and a four-NIC, two-bond network configuration. You can use +alternative configurations, but they must include a `br0` bridge. + +## Management and Cluster Traffic + +Launchpad for VMs hosts can use separate network interfaces for management traffic and Kubernetes cluster traffic. +Management traffic includes Local UI access, communication between hosts, and content synchronization. + +You can configure the management interface in the Edge Installer `user-data` file. A selection made in the TUI overrides +the value from `user-data`. After initial setup, a selection made in Local UI overrides the value from the TUI. If no +management interface is selected, the host uses the network interface associated with the default route. + +Kubernetes cluster traffic uses the interface selected during cluster creation. This includes node IP selection, +Kubernetes control plane traffic, etcd traffic, and traffic for the cluster virtual IP address (VIP). For Launchpad for +VMs, this is the interface selected in the **Cilium and MetalLB interface** field. + +:::warning + +Selecting a management interface or a cluster traffic interface does not change how the host routes network traffic. If +multiple adapters use the same subnet and each adapter has a default route, traffic may leave through a different +adapter than expected. This may prevent control plane nodes from successfully joining the cluster. + +For best results, place management and cluster traffic on separate subnets and configure both interfaces explicitly. + +::: ## Two NICs, One Bond Configuration When network interfaces are limited, NICs can be configured with a single bond (`bond0`) and bridge (`br0`) that carry -multiple VLANs. The following table and image present one possible example. +multiple VLANs. This configuration assumes that you use two Fiber Channel adapters for storage. The following table and +image present one possible example. | Interface | Type | Consisting of | VLAN | CIDR | Gateway | | ---------- | -------------- | ----------------- | ------ | -------------- | ---------- | diff --git a/redirects.js b/redirects.js index b531feb6a0e..23727140a8e 100644 --- a/redirects.js +++ b/redirects.js @@ -1008,6 +1008,17 @@ let redirects = [ from: `/clusters/edge/edgeforge-workflow/palette-canvos/build-rhel-stig-image/`, to: `/clusters/edge/edgeforge-workflow/palette-canvos/build-provider-images/build-rhel-stig-image/`, }, + + // Image Pull Secret + + { + from: `/enterprise-version/configure-image-pull-secret/`, + to: `/enterprise-version/system-management/configure-image-pull-secret/`, + }, + { + from: `/vertex/configure-image-pull-secret/`, + to: `/vertex/system-management/configure-image-pull-secret/`, + }, ]; if (packRedirects.length > 0) { diff --git a/src/theme/MDXComponents/MDXComponents.ts b/src/theme/MDXComponents/MDXComponents.ts index 8c86b4095e7..1ea3d8990d5 100644 --- a/src/theme/MDXComponents/MDXComponents.ts +++ b/src/theme/MDXComponents/MDXComponents.ts @@ -1,5 +1,6 @@ import MDXComponents from "@theme-original/MDXComponents"; import customMdxComponents from "@site/src/components/mdx/index"; +import CodeBlock from "@theme/CodeBlock"; import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; import Tooltip from "@site/src/components/Tooltip/Tooltip"; @@ -30,6 +31,7 @@ import FullUrlLink from "@site/src/components/FullUrlLink"; export default { ...MDXComponents, ...customMdxComponents, + CodeBlock, Accordion, AccordionPanel, Tabs, diff --git a/static/apis/edge-v1/emc-api.json b/static/apis/edge-v1/emc-api.json index 3471b2e4a23..1984295656a 100644 --- a/static/apis/edge-v1/emc-api.json +++ b/static/apis/edge-v1/emc-api.json @@ -19,7 +19,7 @@ "get": { "description": "Get the details of the cluster.", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Get the details of the cluster.", "operationId": "v1ClusterConfig", @@ -58,7 +58,7 @@ "post": { "description": "Creates a cluster with the provided cluster configuration", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Creates a cluster with the provided cluster configuration", "operationId": "v1CreateCluster", @@ -95,7 +95,7 @@ "delete": { "description": "Delete a cluster", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Delete a cluster", "operationId": "v1DeleteCluster", @@ -128,7 +128,7 @@ "patch": { "description": "DEPRECATED - This endpoint is deprecated and will be removed in future versions. Use /v1/edge-mgmt/cluster/{clusterName} instead", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "DEPRECATED - This endpoint is deprecated and will be removed in future versions. Use /v1/edge-mgmt/cluster/{clusterName} instead", "operationId": "v1PatchCluster", @@ -168,7 +168,7 @@ "get": { "description": "list the details of the cluster’s packs.", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "list the details of the cluster’s packs.", "operationId": "v1ClusterApplications", @@ -209,7 +209,7 @@ "get": { "description": "Get Cluster Certificates Info", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Get Cluster Certificates Info", "operationId": "v1CertificateDetails", @@ -244,7 +244,7 @@ "get": { "description": "Get Edge Cluster details", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Get Edge Cluster details", "operationId": "v1ClusterGet", @@ -279,7 +279,7 @@ "get": { "description": "List cluster events", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "List cluster events", "operationId": "v1GetClusterEvents", @@ -320,7 +320,7 @@ "/v1/edge-mgmt/cluster/pair": { "post": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Creates a pairing request", "operationId": "v1ClusterPair", @@ -358,7 +358,7 @@ "/v1/edge-mgmt/cluster/pair/details": { "get": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Get all existing pairing requests", "operationId": "v1ClusterPairDetails", @@ -392,7 +392,7 @@ "/v1/edge-mgmt/cluster/pair/reject": { "post": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Rejects a pairing request", "operationId": "v1ClusterPairReject", @@ -426,7 +426,7 @@ "/v1/edge-mgmt/cluster/pair/verify-connection": { "post": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Verifies whether all cluster hosts are able to connect to palette", "operationId": "v1ClusterPairVerifyConnection", @@ -471,7 +471,7 @@ "put": { "description": "Updates a cluster with the provided cluster configuration", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Updates a cluster with the provided cluster configuration", "operationId": "v1UpdateClusterProfiles", @@ -510,7 +510,7 @@ "post": { "description": "Validate cluster profile variables", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Validate cluster profile variables", "operationId": "v1ValidateClusterProfileVariables", @@ -549,7 +549,7 @@ "get": { "description": "Get Harbor Content Details", "tags": [ - "content" + "edge-mgmt" ], "summary": "List existing Harbor Content Details", "operationId": "v1HarborContentsDetails", @@ -572,7 +572,7 @@ "get": { "description": "Get Harbor Content Sync Status", "tags": [ - "content" + "edge-mgmt" ], "summary": "List Harbor Content Sync Status", "operationId": "v1HarborContentsSyncStatusDetails", @@ -595,7 +595,7 @@ "get": { "description": "Gets the harbor health status", "tags": [ - "content" + "edge-mgmt" ], "summary": "Gets the harbor health status", "operationId": "V1HarborHealth", @@ -624,7 +624,7 @@ "post": { "description": "Renew Cluster Certificates", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Renew Cluster Certificates", "operationId": "v1RenewCerts", @@ -653,7 +653,7 @@ "put": { "description": "Update cluster settings", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Update cluster settings", "operationId": "v1EdgeNativeClusterSettings", @@ -698,7 +698,7 @@ "put": { "description": "Updates a cluster with the provided cluster configuration", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Updates a cluster with the provided cluster configuration", "operationId": "v1UpdateClusterConfig", @@ -748,7 +748,7 @@ "patch": { "description": "Patch a cluster with the provided cluster configuration", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Patch a cluster with the provided cluster configuration", "operationId": "v1PatchClusterConfig", @@ -800,7 +800,7 @@ "get": { "description": "parses the cluster-config archive.", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "parses the preloaded cluster-config archive if it was included in the ISO.", "operationId": "V1ClusterConfigArchiveEmbedded", @@ -829,7 +829,7 @@ "get": { "description": "parses the cluster-config archive if it was uploaded as a standalone configuration.", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "parses the cluster-config archive if it exists.", "operationId": "v1ClusterConfigArchiveOverriden", @@ -858,7 +858,7 @@ "delete": { "description": "Delete or reject the cluster update archive", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Delete or reject the cluster update archive", "operationId": "v1DeleteClusterUpdateArchive", @@ -887,7 +887,7 @@ "get": { "description": "parses the cluster-config update archive if it was included in the uploaded content-bundle.", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "parses the cluster-config update archive if it was included in the uploaded content-bundle.", "operationId": "v1ClusterConfigArchiveUpdate", @@ -915,7 +915,7 @@ "/v1/edge-mgmt/clusters/current/machinepools": { "get": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Fetch the cluster node pool details including edge host details.", "operationId": "v1MachinePoolDetail", @@ -949,7 +949,7 @@ }, "post": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Create a machine pool", "operationId": "v1ClusterMachinePoolCreate", @@ -993,7 +993,7 @@ "/v1/edge-mgmt/clusters/current/machinepools/{poolName}": { "put": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Update machine pools", "operationId": "v1ClusterMachinePoolUpdate", @@ -1048,7 +1048,7 @@ }, "delete": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Delete machine pools", "operationId": "v1ClusterMachinePoolDelete", @@ -1089,7 +1089,7 @@ }, "patch": { "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Patch machine pools", "operationId": "v1ClusterMachinePoolPatch", @@ -1147,7 +1147,7 @@ "delete": { "description": "Delete a node from the machine pool", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Delete a machine pool node", "operationId": "v1ClusterMachinePoolNodeDelete", @@ -1198,7 +1198,7 @@ "get": { "description": "Get K8s Cluster Nodes", "tags": [ - "cluster" + "edge-mgmt" ], "summary": "A list of the K8s Cluster Nodes", "operationId": "v1ClusterNodes", @@ -1227,7 +1227,7 @@ "get": { "description": "Ping an endpoint", "tags": [ - "troubleshoot" + "edge-mgmt" ], "summary": "Ping an endpoint", "operationId": "v1PingHost", @@ -1263,7 +1263,7 @@ "get": { "description": "Display route that IP packets take to a network host", "tags": [ - "troubleshoot" + "edge-mgmt" ], "summary": "Display route that IP packets take to a network host", "operationId": "v1TraceRouteHost", @@ -1299,7 +1299,7 @@ "get": { "description": "Get edge host details", "tags": [ - "host" + "edge-mgmt" ], "summary": "Get edge host info", "operationId": "v1EdgeHostInfo", @@ -1334,7 +1334,7 @@ "get": { "description": "Get the base64 encoded key used to verify the signed content.", "tags": [ - "content" + "edge-mgmt" ], "summary": "Get the public key used to verify the signed content.", "operationId": "V1GetContentSigningPublicKey", @@ -1375,7 +1375,7 @@ "post": { "description": "Reboot edge host", "tags": [ - "host" + "edge-mgmt" ], "summary": "Reboot edge host", "operationId": "v1EdgeHostActionReboot", @@ -1404,7 +1404,7 @@ "post": { "description": "Reset edge host", "tags": [ - "host" + "edge-mgmt" ], "summary": "Reset edge host", "operationId": "v1EdgeHostActionReset", @@ -1439,7 +1439,7 @@ "post": { "description": "Shutdown edge host", "tags": [ - "host" + "edge-mgmt" ], "summary": "Shutdown edge host", "operationId": "v1EdgeHostActionShutdown", @@ -1471,7 +1471,7 @@ "multipart/form-data" ], "tags": [ - "cluster" + "edge-mgmt" ], "summary": "Uploads the cluster config archive and extracts it to the required location on the edge host.", "operationId": "V1ClusterConfigUpload", @@ -1518,7 +1518,7 @@ "multipart/form-data" ], "tags": [ - "content" + "edge-mgmt" ], "summary": "Uploads an archive file and extracts it to the required location on the edge host.", "operationId": "V1ContentUpload", @@ -1561,7 +1561,7 @@ "/v1/edge-mgmt/edgehosts/current/audits": { "get": { "tags": [ - "audit" + "edge-mgmt" ], "summary": "Retrieves the list of audit logs", "operationId": "v1Audits", @@ -1661,7 +1661,7 @@ "application/json" ], "tags": [ - "audit" + "edge-mgmt" ], "summary": "Download audit logs", "operationId": "v1AuditDownload", @@ -1708,7 +1708,7 @@ "/v1/edge-mgmt/edgehosts/current/audits/filters": { "get": { "tags": [ - "audit" + "edge-mgmt" ], "summary": "Retrieves the list of filter options to display on audit ui page", "operationId": "v1AuditFilter", @@ -1731,7 +1731,7 @@ "get": { "description": "Get edge host configurations.", "tags": [ - "host" + "edge-mgmt" ], "summary": "Get edge host configurations.", "operationId": "V1EdgeHostConfigurationsGet", @@ -1763,7 +1763,7 @@ }, "put": { "tags": [ - "host" + "edge-mgmt" ], "summary": "Update Edge Host configurations", "operationId": "V1EdgeHostConfigurationsUpdate", @@ -1815,7 +1815,7 @@ "get": { "description": "Edge host configurations status", "tags": [ - "host" + "edge-mgmt" ], "summary": "Edge host configurations status", "operationId": "v1EdgeHostConfigurationStatus", @@ -1848,7 +1848,7 @@ "application/json" ], "tags": [ - "host" + "edge-mgmt" ], "summary": "Download edge host Logs", "operationId": "v1EdgeHostDownloadLogs", @@ -1884,7 +1884,7 @@ "get": { "description": "List last 'logCount' edge host error logs", "tags": [ - "host" + "edge-mgmt" ], "summary": "List last 'logCount' edge host error logs", "operationId": "V1EdgeHostErrorLogs", @@ -1928,7 +1928,7 @@ "get": { "description": "Lists all the first level files from the '/var/log/files' directory.\n", "tags": [ - "host" + "edge-mgmt" ], "summary": "List custom files from the '/var/log/files' directory", "operationId": "v1EdgeHostListCustomFiles", @@ -1973,7 +1973,7 @@ "application/json" ], "tags": [ - "host" + "edge-mgmt" ], "summary": "Download a custom file from the user-defined or default directory", "operationId": "v1EdgeHostCustomFileDownload", @@ -2030,7 +2030,7 @@ "post": { "description": "Start edge host log collection", "tags": [ - "host" + "edge-mgmt" ], "summary": "Start edge host log collection", "operationId": "v1EdgeHostGenerateLogs", @@ -2059,7 +2059,7 @@ "get": { "description": "Edge host log collection status", "tags": [ - "host" + "edge-mgmt" ], "summary": "Edge host log collection status", "operationId": "v1EdgeHostGenerateLogsStatus", @@ -2087,7 +2087,7 @@ "/v1/edge-mgmt/edgehosts/current/link": { "post": { "tags": [ - "host" + "edge-mgmt" ], "summary": "Link edge host to another edge host", "operationId": "v1EdgeHostLink", @@ -2131,7 +2131,7 @@ "/v1/edge-mgmt/edgehosts/current/link/generate-token": { "post": { "tags": [ - "host" + "edge-mgmt" ], "summary": "Generate a link token for linking edge hosts", "operationId": "v1EdgeHostLinkGenerateToken", @@ -2159,7 +2159,7 @@ "/v1/edge-mgmt/edgehosts/current/link/status": { "get": { "tags": [ - "host" + "edge-mgmt" ], "summary": "Get the status of the edge host link", "operationId": "v1EdgeHostLinkStatus", @@ -2193,7 +2193,7 @@ "/v1/edge-mgmt/edgehosts/current/unlink": { "post": { "tags": [ - "host" + "edge-mgmt" ], "summary": "Unlink edge host from other edge hosts", "operationId": "v1EdgeHostUnlink", @@ -2235,7 +2235,7 @@ "/v1/edge-mgmt/edgehosts/current/uploaded-content/details": { "get": { "tags": [ - "host" + "edge-mgmt" ], "summary": "Get metadata of last uploaded content archive file", "operationId": "v1UploadedContentDetails", @@ -2270,7 +2270,7 @@ "get": { "description": "Get edge host userdata", "tags": [ - "host" + "edge-mgmt" ], "summary": "Get edge host userdata", "operationId": "v1GetEdgeHostUserdata", @@ -2297,7 +2297,7 @@ "put": { "description": "Update edge host userdata", "tags": [ - "host" + "edge-mgmt" ], "summary": "Update edge host userdata", "operationId": "v1PutEdgeHostUserdata", @@ -2334,7 +2334,7 @@ "post": { "description": "Update edge host userdata", "tags": [ - "host" + "edge-mgmt" ], "summary": "Update edge host userdata", "operationId": "v1PostEdgeHostUserdata", @@ -2373,7 +2373,7 @@ "get": { "description": "Get life cycle events of cluster and edge host", "tags": [ - "events" + "edge-mgmt" ], "summary": "Get life cycle events of cluster and edge host", "operationId": "v1GetLifecycleEvents", @@ -2402,7 +2402,7 @@ "get": { "description": "List network bond interfaces", "tags": [ - "network" + "edge-mgmt" ], "summary": "List bonds", "operationId": "V1NetworkBonds", @@ -2431,7 +2431,7 @@ "get": { "description": "Retrieve a bond interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Get bond", "operationId": "V1NetworkBond", @@ -2478,7 +2478,7 @@ "put": { "description": "Create or update a bond interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Create or update bond", "operationId": "V1NetworkBondUpdate", @@ -2539,7 +2539,7 @@ "post": { "description": "Create a bond interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Create bond", "operationId": "V1NetworkBondCreate", @@ -2594,7 +2594,7 @@ "delete": { "description": "Delete a bond interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Delete bond", "operationId": "V1NetworkBondDelete", @@ -2649,7 +2649,7 @@ "get": { "description": "List all bridge interfaces", "tags": [ - "network" + "edge-mgmt" ], "summary": "List bridges", "operationId": "V1NetworkBridges", @@ -2678,7 +2678,7 @@ "get": { "description": "Retrieve a bridge interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Get bridge", "operationId": "V1NetworkBridge", @@ -2725,7 +2725,7 @@ "put": { "description": "Create or update a bridge interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Create or update bridge", "operationId": "V1NetworkBridgeUpdate", @@ -2786,7 +2786,7 @@ "post": { "description": "Create a bridge interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Create bridge", "operationId": "V1NetworkBridgeCreate", @@ -2841,7 +2841,7 @@ "delete": { "description": "Delete a bridge interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Delete bridge", "operationId": "V1NetworkBridgeDelete", @@ -2896,7 +2896,7 @@ "get": { "description": "Get valid configuration options for network components", "tags": [ - "network" + "edge-mgmt" ], "summary": "Get network config options", "operationId": "V1NetworkConfigOptions", @@ -2925,7 +2925,7 @@ "get": { "description": "List network interfaces (NICs)", "tags": [ - "network" + "edge-mgmt" ], "summary": "List NICs", "operationId": "V1NetworkInterfaces", @@ -2954,7 +2954,7 @@ "get": { "description": "Get one network interface", "tags": [ - "network" + "edge-mgmt" ], "summary": "Get NIC", "operationId": "V1NetworkInterface", @@ -3003,7 +3003,7 @@ "put": { "description": "Update a network interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Update NIC config", "operationId": "V1NetworkInterfaceUpdate", @@ -3056,11 +3056,87 @@ ] } }, + "/v1/edge-mgmt/network/management-interface": { + "get": { + "tags": [ + "edge-mgmt" + ], + "summary": "Get the currently selected management interface and the candidate list", + "operationId": "V1ManagementInterface", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/v1ManagementInterface" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/v1Error" + } + } + }, + "security": [ + { + "Authorization": [] + } + ] + }, + "put": { + "tags": [ + "edge-mgmt" + ], + "summary": "Set the management interface", + "operationId": "V1ManagementInterfaceUpdate", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1ManagementInterfaceUpdateRequest" + } + } + ], + "responses": { + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/v1AcceptedResponseWithMessage" + } + }, + "400": { + "description": "Bad Request", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "429": { + "description": "Too Many Requests", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "500": { + "description": "Internal Server Error", + "schema": { + "$ref": "#/definitions/v1Error" + } + } + }, + "security": [ + { + "Authorization": [] + } + ] + } + }, "/v1/edge-mgmt/network/vlans": { "get": { "description": "List VLAN interfaces", "tags": [ - "network" + "edge-mgmt" ], "summary": "List VLANs", "operationId": "V1NetworkVLANs", @@ -3089,7 +3165,7 @@ "get": { "description": "Retrieve a VLAN interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Get VLAN", "operationId": "V1NetworkVLAN", @@ -3136,7 +3212,7 @@ "put": { "description": "Create or update a VLAN interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Create or update VLAN", "operationId": "V1NetworkVLANUpdate", @@ -3197,7 +3273,7 @@ "post": { "description": "Create a VLAN interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Create VLAN", "operationId": "V1NetworkVLANCreate", @@ -3252,7 +3328,7 @@ "delete": { "description": "Delete a VLAN interface configuration", "tags": [ - "network" + "edge-mgmt" ], "summary": "Delete VLAN", "operationId": "V1NetworkVLANDelete", @@ -3307,7 +3383,7 @@ "get": { "description": "Get general settings", "tags": [ - "settings" + "edge-mgmt" ], "summary": "Get general settings", "operationId": "v1Settings", @@ -3336,7 +3412,7 @@ "get": { "description": "Ping Service", "tags": [ - "troubleshoot" + "ping" ], "summary": "Ping Service", "operationId": "V1Ping", @@ -3365,7 +3441,7 @@ "get": { "description": "Get current logged in user's information", "tags": [ - "user" + "users" ], "summary": "Get current logged in user's information", "operationId": "V1CurrentUser", @@ -3392,7 +3468,7 @@ "patch": { "description": "Patches the current logged in user's configuration", "tags": [ - "user" + "users" ], "summary": "Patches the current logged in user's configuration", "operationId": "v1PatchCurrentUser", @@ -3431,7 +3507,7 @@ "post": { "description": "Authenticates the user with the specified credentials", "tags": [ - "user" + "users" ], "summary": "Authenticates the user with the specified credentials", "operationId": "V1UserLogin", @@ -3484,7 +3560,7 @@ "/v1/users/default/logout": { "post": { "tags": [ - "user" + "users" ], "summary": "Logs out the user from the system", "operationId": "V1UserLogout", @@ -3522,7 +3598,7 @@ "post": { "description": "Resets the user's password", "tags": [ - "user" + "users" ], "summary": "Resets the user's password", "operationId": "V1UserPasswordReset", @@ -3566,7 +3642,7 @@ "/v1/users/default/token/renewal": { "post": { "tags": [ - "user" + "users" ], "summary": "Refreshes the authentication token of the user", "operationId": "V1UserTokenRenewal", @@ -3851,7 +3927,8 @@ "type": "string", "enum": [ "dhcp", - "static" + "static", + "none" ] }, "vlanID": { @@ -3969,7 +4046,8 @@ "type": "string", "enum": [ "dhcp", - "static" + "static", + "none" ] }, "vlanID": { @@ -4034,7 +4112,8 @@ "type": "string", "enum": [ "dhcp", - "static" + "static", + "none" ] } } @@ -4103,7 +4182,8 @@ "type": "string", "enum": [ "dhcp", - "static" + "static", + "none" ] } } @@ -5005,6 +5085,11 @@ "description": "ControlPlaneEndpoint is the control plane endpoint, which can be an IP or FQDN", "$ref": "#/definitions/v1EdgeNativeControlPlaneEndPoint" }, + "isTwoNodeCluster": { + "description": "Enable two-node high availability configuration (PostgreSQL-based instead of etcd)", + "type": "boolean", + "default": false + }, "ntpServers": { "description": "NTPServers is a list of NTP servers to use instead of the machine image's default NTP server list", "type": "array", @@ -5208,6 +5293,15 @@ "type": "integer", "format": "int32" }, + "skipK8sUpgrade": { + "description": "Skip Kubernetes version upgrade validation for worker pools with N-3 version skew.\n- enabled: Bypasses version skew validation, allows Control Plane upgrade even when this worker pool is >3 minor versions behind\n- disabled: Automatically upgrade worker pool to match Control Plane Kubernetes version\n", + "type": "string", + "enum": [ + "enabled", + "disabled" + ], + "x-omitempty": true + }, "taints": { "description": "master or worker taints", "type": "array", @@ -5220,7 +5314,7 @@ "$ref": "#/definitions/v1UpdateStrategy" }, "useControlPlaneAsWorker": { - "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove master taint this will not be used for worker pools", + "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove master taint this will not be used for worker pools", "type": "boolean" } } @@ -5348,7 +5442,7 @@ "type": "object", "properties": { "addresses": { - "description": "Addresses is a map of PCI device entry name to its addresses.\nExample entry would be \"11:00.0 VGA compatible controller [0300]: NVIDIA\nCorporation Device [10de:1eb1] (rev a1)\"- \u003e 0000_11_00_0\" The address is\nBDF (Bus Device Function) identifier format seperated by underscores. The\nfirst 4 bits are almost always 0000. In the above example 11 is Bus, 00\nis Device,0 is function. The values of these addreses are expected in hexadecimal\nformat\n", + "description": "Addresses is a map of PCI device entry name to its addresses.\nExample entry would be \"11:00.0 VGA compatible controller [0300]: NVIDIA\nCorporation Device [10de:1eb1] (rev a1)\"- > 0000_11_00_0\" The address is\nBDF (Bus Device Function) identifier format seperated by underscores. The\nfirst 4 bits are almost always 0000. In the above example 11 is Bus, 00\nis Device,0 is function. The values of these addreses are expected in hexadecimal\nformat\n", "type": "object", "additionalProperties": { "type": "string" @@ -5797,6 +5891,65 @@ } } }, + "v1ManagementInterface": { + "type": "object", + "required": [ + "selected", + "candidates" + ], + "properties": { + "candidates": { + "type": "array", + "items": { + "$ref": "#/definitions/v1ManagementInterfaceCandidate" + } + }, + "selected": { + "description": "Name of the currently selected management interface. Empty string\nmeans no selection (default routing applies). Always present in\nthe response.\n", + "type": "string" + } + } + }, + "v1ManagementInterfaceCandidate": { + "type": "object", + "required": [ + "name", + "type" + ], + "properties": { + "ipAddress": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "description": "Link state (e.g. up, down, dormant, unknown)", + "type": "string" + }, + "type": { + "type": "string", + "enum": [ + "nic", + "bond", + "vlan", + "bridge" + ] + } + } + }, + "v1ManagementInterfaceUpdateRequest": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name of the interface to use as management interface. Must match an\nentry from the candidates list. Empty string clears the selection\nand reverts to default routing.\n", + "type": "string" + } + } + }, "v1ManagementMode": { "type": "string", "enum": [ @@ -6585,7 +6738,7 @@ "description": "Unauthorized" }, "v1UpdateStrategy": { - "description": "UpdatesStrategy will be used to translate to RollingUpdateStrategy of a MachineDeployment We'll start with default values for the translation, can expose more details later Following is details of parameters translated from the type ScaleOut =\u003e maxSurge=1, maxUnavailable=0 ScaleIn =\u003e maxSurge=0, maxUnavailable=1", + "description": "UpdatesStrategy will be used to translate to RollingUpdateStrategy of a MachineDeployment We'll start with default values for the translation, can expose more details later Following is details of parameters translated from the type ScaleOut => maxSurge=1, maxUnavailable=0 ScaleIn => maxSurge=0, maxUnavailable=1", "type": "object", "properties": { "type": { @@ -6947,5 +7100,24 @@ "name": "Authorization", "in": "header" } - } + }, + "tags": [ + { + "name": "edge-mgmt", + "x-displayName": "Edge Mgmt" + }, + { + "name": "ping", + "x-displayName": "Ping" + }, + { + "name": "users", + "x-displayName": "Users" + } + ], + "servers": [ + { + "url": "https://edge-host-ip:5080" + } + ] } \ No newline at end of file diff --git a/static/apis/v1/api.json b/static/apis/v1/api.json index f2f53a9e188..dfd351aa003 100644 --- a/static/apis/v1/api.json +++ b/static/apis/v1/api.json @@ -3292,6 +3292,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -4486,6 +4490,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -5871,6 +5879,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "$ref": "#/definitions/v1CloudStackResource", "description": "Project name for the cluster (optional)" @@ -5899,6 +5911,10 @@ "controlPlaneEndpoint": { "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" + }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" } }, "type": "object" @@ -10309,7 +10325,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ], "type": "string" }, @@ -10324,6 +10341,15 @@ } } }, + "v1ClusterUpgradeSettingsSpec": { + "properties": { + "spectroComponentsUpgradeForbidden": { + "type": "boolean", + "x-omitempty": false + } + }, + "type": "object" + }, "v1ClusterUsageSummary": { "description": "Cluster usage summary", "properties": { @@ -12142,6 +12168,22 @@ }, "type": "object" }, + "v1DataSinkSummary": { + "description": "Data sink summary", + "properties": { + "kind": { + "description": "Sink kind discriminator (e.g. splunk, cloudwatch). For legacy cloudwatch\nentries the caller treats kind=cloudwatch as a presence signal and calls\n/v1/tenants/{t}/assets/dataSinks to fetch the legacy CloudWatch configuration.\n", + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/v1ObjectMeta" + }, + "status": { + "$ref": "#/definitions/v1SinkStatus" + } + }, + "type": "object" + }, "v1DataSinkableSpec": { "properties": { "cloudWatch": { @@ -12156,6 +12198,22 @@ }, "type": "object" }, + "v1DataSinksSummary": { + "description": "Summary of all sinks configured for a tenant, across kinds.", + "properties": { + "items": { + "items": { + "$ref": "#/definitions/v1DataSinkSummary" + }, + "type": "array", + "uniqueItems": true + } + }, + "required": [ + "items" + ], + "type": "object" + }, "v1DatabaseTransferJob": { "description": "database transfer job details", "properties": { @@ -13507,6 +13565,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -13516,6 +13578,16 @@ "format": "int32", "type": "integer" }, + "skipK8sUpgrade": { + "default": "disabled", + "description": "Skip Kubernetes version upgrade validation for worker pools with N-3 version skew.\n- enabled: Bypasses version skew validation, allows Control Plane upgrade even when this worker pool is >3 minor versions behind\n- disabled: Automatically upgrade worker pool to match Control Plane Kubernetes version (default)\n", + "enum": [ + "enabled", + "disabled" + ], + "type": "string", + "x-omitempty": true + }, "taints": { "description": "control plane or worker taints", "items": { @@ -13932,6 +14004,10 @@ "$ref": "#/definitions/v1EksClusterConfigEndpointAccess", "description": "Endpoints specifies access to this cluster's control plane endpoints" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -15208,6 +15284,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -18231,6 +18311,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -18794,6 +18878,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -18887,6 +18975,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -26595,6 +26687,39 @@ }, "type": "object" }, + "v1SinkStatus": { + "description": "Data sink status", + "properties": { + "sync": { + "$ref": "#/definitions/v1SinkSyncStatus" + } + }, + "type": "object" + }, + "v1SinkSyncStatus": { + "description": "Status of the data sink delivery sync loop", + "properties": { + "lastRunTime": { + "$ref": "#/definitions/v1Time" + }, + "lastSuccessTime": { + "$ref": "#/definitions/v1Time" + }, + "message": { + "description": "Last error message when status=Failed. Empty when status=Success.", + "type": "string" + }, + "status": { + "description": "Last known delivery status.", + "enum": [ + "Success", + "Failed" + ], + "type": "string" + } + }, + "type": "object" + }, "v1SonobuoyEntity": { "description": "Sonobuoy response", "properties": { @@ -28897,6 +29022,16 @@ } } }, + "v1SpectroClusterSystemImagePullSecret": { + "description": "Image pull secret for cluster system operations", + "properties": { + "imagePullSecret": { + "description": "base64-encoded image pull secret token", + "type": "string" + } + }, + "type": "object" + }, "v1SpectroClusterTags": { "properties": { "tags": { @@ -29645,6 +29780,9 @@ "clusterTemplate": { "$ref": "#/definitions/v1ClusterTemplateRef" }, + "clusterType": { + "$ref": "#/definitions/v1ClusterType" + }, "fargateProfiles": { "items": { "$ref": "#/definitions/v1FargateProfile" @@ -30313,6 +30451,68 @@ }, "type": "object" }, + "v1SplunkSink": { + "description": "Splunk HEC audit-log sink configuration.", + "properties": { + "metadata": { + "$ref": "#/definitions/v1ObjectMeta" + }, + "spec": { + "$ref": "#/definitions/v1SplunkSinkSpec" + }, + "status": { + "$ref": "#/definitions/v1SinkStatus" + } + }, + "type": "object" + }, + "v1SplunkSinkEntity": { + "description": "Input payload for creating or updating a Splunk HEC sink.", + "properties": { + "name": { + "description": "Human-readable name for this sink. Must be unique per tenant.", + "type": "string" + }, + "spec": { + "$ref": "#/definitions/v1SplunkSinkSpec" + } + }, + "required": [ + "name", + "spec" + ], + "type": "object" + }, + "v1SplunkSinkSpec": { + "description": "Splunk HEC connection configuration.", + "properties": { + "hecUrl": { + "description": "Splunk HEC URL, e.g. https://stack.splunkcloud.com:8088 or\nhttps://http-inputs-.splunkcloud.com:443. Must use https,\nexcept http://localhost:* / http://127.0.0.1:* permitted for dev.\n", + "type": "string" + }, + "index": { + "description": "Optional. If empty, the HEC token's default index is used.", + "type": "string" + }, + "source": { + "description": "Optional. If empty, the HEC token's default source is used.", + "type": "string" + }, + "tlsConfig": { + "$ref": "#/definitions/v1TlsCA" + }, + "token": { + "description": "HEC token. Returned masked ('***') on GET. PUT with the masked literal\n'***' preserves the existing encrypted value; PUT with any other value\nre-encrypts and replaces.\n", + "format": "password", + "type": "string" + } + }, + "required": [ + "hecUrl", + "token" + ], + "type": "object" + }, "v1SpotMarketOptions": { "description": "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", "properties": { @@ -31455,6 +31655,16 @@ }, "type": "object" }, + "v1SystemConfigImagePullSecretSpec": { + "description": "system DHI image pull secret config spec", + "properties": { + "imagePullSecret": { + "description": "base64 encoded docker config JSON", + "type": "string" + } + }, + "type": "object" + }, "v1SystemConfigStoreEntity": { "properties": { "key": { @@ -33175,6 +33385,35 @@ }, "type": "object" }, + "v1TenantPaletteIdpConfigSpec": { + "description": "Palette IDP configuration for the tenant", + "properties": { + "clientId": { + "description": "The client ID for Palette OIDC", + "type": "string", + "x-omitempty": false + }, + "clientSecret": { + "description": "The client secret for Palette OIDC", + "type": "string", + "x-omitempty": false + }, + "issuerUrl": { + "description": "The issuer URL for Palette acting as OIDC identity provider", + "type": "string", + "x-omitempty": false + }, + "scopes": { + "description": "The OIDC scopes", + "items": { + "type": "string" + }, + "type": "array", + "x-omitempty": false + } + }, + "type": "object" + }, "v1TenantPasswordPolicyEntity": { "description": "Tenant Password Policy Entity", "properties": { @@ -33748,6 +33987,20 @@ ], "type": "object" }, + "v1TlsCA": { + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + }, + "type": "object" + }, "v1TlsConfiguration": { "description": "TLS configuration", "properties": { @@ -39532,6 +39785,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -40856,8 +41113,7 @@ ], "summary": "Returns system activation state from in-memory cache for UI banner", "tags": [ - "v1", - "system" + "activations" ] } }, @@ -40882,7 +41138,7 @@ ], "summary": "Retrieves a list of API keys", "tags": [ - "v1" + "apiKeys" ] }, "post": { @@ -40914,7 +41170,7 @@ ], "summary": "Create an API key", "tags": [ - "v1" + "apiKeys" ] } }, @@ -40936,7 +41192,7 @@ ], "summary": "Deletes the specified API key", "tags": [ - "v1" + "apiKeys" ] }, "get": { @@ -40959,7 +41215,7 @@ ], "summary": "Returns the specified API key", "tags": [ - "v1" + "apiKeys" ] }, "parameters": [ @@ -40997,7 +41253,7 @@ ], "summary": "Activate or de-active the specified API key", "tags": [ - "v1" + "apiKeys" ] }, "put": { @@ -41026,7 +41282,7 @@ ], "summary": "Update the specified API key", "tags": [ - "v1" + "apiKeys" ] } }, @@ -41066,7 +41322,7 @@ ], "summary": "Revoke or re-activate the API key access", "tags": [ - "v1" + "apiKeys" ] } }, @@ -41112,7 +41368,7 @@ ], "summary": "Creates a application deployment in the virtual cluster", "tags": [ - "v1" + "appDeployments" ] } }, @@ -41158,7 +41414,7 @@ ], "summary": "Creates a application deployment in one of virtual clusters in the cluster group", "tags": [ - "v1" + "appDeployments" ] } }, @@ -41188,7 +41444,7 @@ ], "summary": "Deletes the specified application deployment", "tags": [ - "v1" + "appDeployments" ] }, "get": { @@ -41219,7 +41475,7 @@ ], "summary": "Returns the specified application deployment", "tags": [ - "v1" + "appDeployments" ] }, "parameters": [ @@ -41261,7 +41517,7 @@ ], "summary": "Returns profile of the specified application deployment", "tags": [ - "v1" + "appDeployments" ] }, "parameters": [ @@ -41305,7 +41561,7 @@ ], "summary": "Updates the specified application deployment profile", "tags": [ - "v1" + "appDeployments" ] } }, @@ -41350,7 +41606,7 @@ ], "summary": "Apply the application deployment profile updates", "tags": [ - "v1" + "appDeployments" ] } }, @@ -41383,7 +41639,7 @@ ], "summary": "Returns the specified application deployment profile tier information", "tags": [ - "v1" + "appDeployments" ] }, "parameters": [ @@ -41434,7 +41690,7 @@ ], "summary": "Updates the specified application deployment profile tier information", "tags": [ - "v1" + "appDeployments" ] } }, @@ -41467,7 +41723,7 @@ ], "summary": "Retrieves a list of manifests of the specified application deployment profile tier", "tags": [ - "v1" + "appDeployments" ] }, "parameters": [ @@ -41516,7 +41772,7 @@ ], "summary": "Returns the specified application deployment tier manifest information", "tags": [ - "v1" + "appDeployments" ] }, "parameters": [ @@ -41574,7 +41830,7 @@ ], "summary": "Updates the specified application deployment tier manifest information", "tags": [ - "v1" + "appDeployments" ] } }, @@ -41607,7 +41863,7 @@ ], "summary": "Retrieves a list of profile versions of the specified application deployment", "tags": [ - "v1" + "appDeployments" ] }, "parameters": [ @@ -41662,7 +41918,7 @@ ], "summary": "Creates a application profile", "tags": [ - "v1" + "appProfiles" ] } }, @@ -41695,7 +41951,7 @@ ], "summary": "Retrieves a list of application profile macros", "tags": [ - "v1" + "appProfiles" ] } }, @@ -41725,7 +41981,7 @@ ], "summary": "Deletes the specified application profile", "tags": [ - "v1" + "appProfiles" ] }, "get": { @@ -41756,7 +42012,7 @@ ], "summary": "Returns the specified application profile", "tags": [ - "v1" + "appProfiles" ] }, "parameters": [ @@ -41799,7 +42055,7 @@ ], "summary": "Updates the specified application profile", "tags": [ - "v1" + "appProfiles" ] } }, @@ -41854,7 +42110,7 @@ ], "summary": "Clones the specified application profile", "tags": [ - "v1" + "appProfiles" ] } }, @@ -41906,7 +42162,7 @@ ], "summary": "Validates the specified application profile clone", "tags": [ - "v1" + "appProfiles" ] } }, @@ -41952,7 +42208,7 @@ ], "summary": "Updates the specified application profile metadata", "tags": [ - "v1" + "appProfiles" ] } }, @@ -41985,7 +42241,7 @@ ], "summary": "Retrieves a list of tiers of the specified application profile", "tags": [ - "v1" + "appProfiles" ] }, "parameters": [ @@ -42038,7 +42294,7 @@ ], "summary": "Updates app tier of the specified application profile", "tags": [ - "v1" + "appProfiles" ] }, "post": { @@ -42082,7 +42338,7 @@ ], "summary": "Adds tier to the specified application profile", "tags": [ - "v1" + "appProfiles" ] } }, @@ -42112,7 +42368,7 @@ ], "summary": "Deletes the specified application profile tier", "tags": [ - "v1" + "appProfiles" ] }, "get": { @@ -42143,7 +42399,7 @@ ], "summary": "Returns the specified application profile tier information", "tags": [ - "v1" + "appProfiles" ] }, "parameters": [ @@ -42194,7 +42450,7 @@ ], "summary": "Updates the specified application profile tier", "tags": [ - "v1" + "appProfiles" ] } }, @@ -42227,7 +42483,7 @@ ], "summary": "Retrieves a list of manifests of the specified application profile tier", "tags": [ - "v1" + "appProfiles" ] }, "parameters": [ @@ -42287,7 +42543,7 @@ ], "summary": "Adds manifest to the specified application profile tier", "tags": [ - "v1" + "appProfiles" ] } }, @@ -42317,7 +42573,7 @@ ], "summary": "Deletes the specified application profile tier manifest", "tags": [ - "v1" + "appProfiles" ] }, "get": { @@ -42348,7 +42604,7 @@ ], "summary": "Returns the specified application profile tier manifest information", "tags": [ - "v1" + "appProfiles" ] }, "parameters": [ @@ -42406,7 +42662,7 @@ ], "summary": "Updates the specified application profile tier manifest information", "tags": [ - "v1" + "appProfiles" ] } }, @@ -42439,7 +42695,7 @@ ], "summary": "Returns the specified application profile tier resolved values", "tags": [ - "v1" + "appProfiles" ] }, "parameters": [ @@ -42567,7 +42823,7 @@ ], "summary": "Retrieves the list of audit logs", "tags": [ - "v1" + "audits" ] } }, @@ -42600,7 +42856,7 @@ ], "summary": "Returns the specified audit log", "tags": [ - "v1" + "audits" ] }, "parameters": [ @@ -42642,7 +42898,7 @@ ], "summary": "Returns the specified system audit message", "tags": [ - "v1" + "audits" ] }, "parameters": [ @@ -42697,7 +42953,7 @@ ], "summary": "Updates the specified user message for the specified audit", "tags": [ - "v1" + "audits" ] } }, @@ -42733,7 +42989,7 @@ }, "summary": "Authenticates the user for the specified crendentials", "tags": [ - "v1" + "auth" ] } }, @@ -42750,8 +43006,7 @@ }, "summary": "V1AuthMfaDevicesList", "tags": [ - "v1", - "system" + "auth" ], "x-ApiScopes": [ "mfa" @@ -42779,7 +43034,7 @@ }, "summary": "Returns the user organization details", "tags": [ - "v1" + "auth" ] } }, @@ -42797,7 +43052,7 @@ }, "summary": "Idp authorization code callback", "tags": [ - "v1" + "auth" ] }, "parameters": [ @@ -42851,7 +43106,7 @@ }, "summary": "Identity provider logout url for the Oidc", "tags": [ - "v1" + "auth" ] }, "parameters": [ @@ -42916,7 +43171,7 @@ }, "summary": "Identity provider callback url for the SMAL authentication", "tags": [ - "v1" + "auth" ] } }, @@ -42963,7 +43218,7 @@ }, "summary": "Identity provider logout url for the SMAL", "tags": [ - "v1" + "auth" ] } }, @@ -42981,7 +43236,7 @@ }, "summary": "Returns a list of user's organizations", "tags": [ - "v1" + "auth" ] } }, @@ -43025,7 +43280,7 @@ }, "summary": "Updates and Activates the specified user password using the password token", "tags": [ - "v1" + "auth" ] } }, @@ -43069,7 +43324,7 @@ }, "summary": "Resets the user password using the password token", "tags": [ - "v1" + "auth" ] } }, @@ -43087,7 +43342,7 @@ }, "summary": "Refreshes authentication token", "tags": [ - "v1" + "auth" ] }, "parameters": [ @@ -43121,7 +43376,7 @@ }, "summary": "Returns a list of predefined Identity Provider (IDP)", "tags": [ - "v1" + "auth" ] } }, @@ -43146,7 +43401,7 @@ }, "summary": "Returns a list of supported sso logins", "tags": [ - "v1" + "auth" ] } }, @@ -43164,7 +43419,7 @@ }, "summary": "Returns a list of supported sso auth providers", "tags": [ - "v1" + "auth" ] } }, @@ -43182,7 +43437,7 @@ }, "summary": "Returns Authorization token. Works as a callback url for the system defined sso apps", "tags": [ - "v1" + "auth" ] }, "parameters": [ @@ -43245,7 +43500,7 @@ }, "summary": "Returns No Content. Sends the user organization information via email", "tags": [ - "v1" + "auth" ] } }, @@ -43285,7 +43540,7 @@ }, "summary": "Creates request to reset password via email", "tags": [ - "v1" + "auth" ] } }, @@ -43357,7 +43612,7 @@ ], "summary": "Retrieves a list of CloudStack cloud accounts", "tags": [ - "v1" + "cloudaccounts" ], "x-Features": [ "ApacheCloudstack" @@ -43405,7 +43660,7 @@ ], "summary": "Creates a CloudStack cloud account", "tags": [ - "v1" + "cloudaccounts" ], "x-Features": [ "ApacheCloudstack" @@ -43438,7 +43693,7 @@ ], "summary": "Deletes the specified CloudStack account", "tags": [ - "v1" + "cloudaccounts" ] }, "get": { @@ -43469,7 +43724,7 @@ ], "summary": "Returns the specified CloudStack account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43513,7 +43768,7 @@ ], "summary": "Updates the specified CloudStack account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -43558,7 +43813,7 @@ ], "summary": "Get the cloudstack disk offerings for a given account and zone", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43599,7 +43854,7 @@ ], "summary": "Get the cloudstack domains for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43652,7 +43907,7 @@ ], "summary": "Get the cloudstack SSH key pairs for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43711,7 +43966,7 @@ ], "summary": "Get the cloudstack networks for a given account and zone", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43770,7 +44025,7 @@ ], "summary": "Get the cloudstack compute offerings for a given account and zone", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43811,7 +44066,7 @@ ], "summary": "Get the cloudstack projects for a given account and domain", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43873,7 +44128,7 @@ ], "summary": "Get the cloudstack templates for a given account and zone", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43926,7 +44181,7 @@ ], "summary": "Get the cloudstack VPCs for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -43967,7 +44222,7 @@ ], "summary": "Get the cloudstack zones for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -44047,7 +44302,7 @@ ], "summary": "Retrieves a list of AWS cloud accounts", "tags": [ - "v1" + "cloudaccounts" ] }, "post": { @@ -44092,7 +44347,7 @@ ], "summary": "Creates an AWS cloud account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -44122,7 +44377,7 @@ ], "summary": "Deletes the specified AWS account", "tags": [ - "v1" + "cloudaccounts" ] }, "get": { @@ -44159,7 +44414,7 @@ ], "summary": "Returns the specified AWS account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -44203,7 +44458,7 @@ ], "summary": "Updates the specified AWS account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -44275,7 +44530,7 @@ ], "summary": "Retrieves a list of azure cloud accounts", "tags": [ - "v1" + "cloudaccounts" ] }, "post": { @@ -44320,7 +44575,7 @@ ], "summary": "Create azure cloud account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -44350,7 +44605,7 @@ ], "summary": "Deletes the specified azure account", "tags": [ - "v1" + "cloudaccounts" ] }, "get": { @@ -44381,7 +44636,7 @@ ], "summary": "Returns the specified azure cloud account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -44425,7 +44680,7 @@ ], "summary": "Updates the specified azure account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -44497,7 +44752,7 @@ ], "summary": "Retrieves a list of cloud accounts by cloud type", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -44551,7 +44806,7 @@ ], "summary": "Creates an cloud account of specific cloud type", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -44581,7 +44836,7 @@ ], "summary": "Deletes the specified account by cloud type", "tags": [ - "v1" + "cloudaccounts" ] }, "get": { @@ -44612,7 +44867,7 @@ ], "summary": "Returns the specified account by cloud type", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -44663,7 +44918,7 @@ ], "summary": "Updates the specified account by cloud type", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -44735,7 +44990,7 @@ ], "summary": "Retrieves a list of gcp cloud accounts", "tags": [ - "v1" + "cloudaccounts" ] }, "post": { @@ -44780,7 +45035,7 @@ ], "summary": "Creates a GCP cloud account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -44810,7 +45065,7 @@ ], "summary": "Deletes the specified GCP account", "tags": [ - "v1" + "cloudaccounts" ] }, "get": { @@ -44841,7 +45096,7 @@ ], "summary": "Returns the specified GCP cloud account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -44886,7 +45141,7 @@ ], "summary": "Updates the specified GCP account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -44958,7 +45213,7 @@ ], "summary": "Retrieves a list of Maas cloud accounts", "tags": [ - "v1" + "cloudaccounts" ] }, "post": { @@ -45003,7 +45258,7 @@ ], "summary": "Creates an Maas cloud account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -45033,7 +45288,7 @@ ], "summary": "Deletes the specified Maas account", "tags": [ - "v1" + "cloudaccounts" ] }, "get": { @@ -45064,7 +45319,7 @@ ], "summary": "Returns the specified Maas account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45109,7 +45364,7 @@ ], "summary": "Patches the specified CloudAccount Maas", "tags": [ - "v1" + "cloudaccounts" ] }, "put": { @@ -45144,7 +45399,7 @@ ], "summary": "Updates the specified Maas account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -45177,7 +45432,7 @@ ], "summary": "Get the maas azs for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45218,7 +45473,7 @@ ], "summary": "Get the maas domains for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45259,7 +45514,7 @@ ], "summary": "Get the maas pools for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45300,7 +45555,7 @@ ], "summary": "Get the maas subnets for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45341,7 +45596,7 @@ ], "summary": "Get the maas tags for a given account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45415,7 +45670,7 @@ ], "summary": "Retrieves a list of cloud accounts summary", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -45487,7 +45742,7 @@ ], "summary": "Retrieves a list of vSphere cloud accounts", "tags": [ - "v1" + "cloudaccounts" ] }, "post": { @@ -45532,7 +45787,7 @@ ], "summary": "Creates a vSphere cloud account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -45562,7 +45817,7 @@ ], "summary": "Deletes the specified vSphere account", "tags": [ - "v1" + "cloudaccounts" ] }, "get": { @@ -45593,7 +45848,7 @@ ], "summary": "Returns the specified vSphere account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45638,7 +45893,7 @@ ], "summary": "Updates the specified VSphere account", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -45671,7 +45926,7 @@ ], "summary": "Get the vSphere computecluster resources for the given overlord account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45729,7 +45984,7 @@ ], "summary": "Get the vSphere datacenters & datacluster for the given overlord account", "tags": [ - "v1" + "cloudaccounts" ] }, "parameters": [ @@ -45783,7 +46038,7 @@ ], "summary": "Update the geolocation annotation", "tags": [ - "v1" + "cloudaccounts" ] } }, @@ -45816,7 +46071,7 @@ ], "summary": "Returns the specified AKS cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -45871,7 +46126,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -45926,7 +46181,7 @@ ], "summary": "Creates an AKS cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -45956,7 +46211,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46007,7 +46262,7 @@ ], "summary": "Updates the specified AKS cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46079,7 +46334,7 @@ ], "summary": "Retrieves a list of AKS machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46139,7 +46394,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46169,7 +46424,7 @@ ], "summary": "Deletes the specified Azure machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -46200,7 +46455,7 @@ ], "summary": "Returns the specified AKS machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46258,7 +46513,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46291,7 +46546,7 @@ ], "summary": "Returns the specified CloudStack cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46346,7 +46601,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46401,7 +46656,7 @@ ], "summary": "Creates a CloudStack cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46431,7 +46686,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46482,7 +46737,7 @@ ], "summary": "Updates the specified CloudStack cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46515,7 +46770,7 @@ ], "summary": "Retrieves a list of CloudStack machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46575,7 +46830,7 @@ ], "summary": "Adds the CloudStack machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46605,7 +46860,7 @@ ], "summary": "Deletes the specified CloudStack machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -46636,7 +46891,7 @@ ], "summary": "Returns the specified CloudStack machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46694,7 +46949,7 @@ ], "summary": "Updates the specified machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46727,7 +46982,7 @@ ], "summary": "Returns the specified AWS cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46782,7 +47037,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46828,7 +47083,7 @@ ], "summary": "Updates the hybrid configuration information of AWS cluster", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46883,7 +47138,7 @@ ], "summary": "Creates an Hybrid AWS cloud config's Edge-Native machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -46913,7 +47168,7 @@ ], "summary": "Deletes the specified Edge-Native machine pool of hybrid AWS cluster", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -46944,7 +47199,7 @@ ], "summary": "Returns the specified AWS Cluster's Edge-Native machine pool configuration", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -46995,7 +47250,7 @@ ], "summary": "Updates the specified Hybrid AWS cluster cloud config's Edge-Native machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47050,7 +47305,7 @@ ], "summary": "Creates an AWS cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47080,7 +47335,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -47131,7 +47386,7 @@ ], "summary": "Updates the specified AWS cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47203,7 +47458,7 @@ ], "summary": "Retrieves a list of AWS machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -47263,7 +47518,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47293,7 +47548,7 @@ ], "summary": "Deletes the specified AWS machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -47324,7 +47579,7 @@ ], "summary": "Returns the specified AWS machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -47382,7 +47637,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47415,7 +47670,7 @@ ], "summary": "Returns the specified Azure cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -47470,7 +47725,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47525,7 +47780,7 @@ ], "summary": "Creates an Azure cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47555,7 +47810,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -47606,7 +47861,7 @@ ], "summary": "Updates the specified Azure cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47679,7 +47934,7 @@ ], "summary": "Retrieves a list of Azure machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -47739,7 +47994,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47769,7 +48024,7 @@ ], "summary": "Deletes the specified Azure machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -47801,7 +48056,7 @@ ], "summary": "Returns the specified Azure machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -47859,7 +48114,7 @@ ], "summary": "Updates the specified machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -47892,7 +48147,7 @@ ], "summary": "Returns the specified Custom cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -47961,7 +48216,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48023,7 +48278,7 @@ ], "summary": "Creates an Custom cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48053,7 +48308,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -48111,7 +48366,7 @@ ], "summary": "Updates the specified Custom cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48183,7 +48438,7 @@ ], "summary": "Retrieves a list of Custom machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -48250,7 +48505,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48280,7 +48535,7 @@ ], "summary": "Deletes the specified Custom machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -48311,7 +48566,7 @@ ], "summary": "Returns the specified Custom machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -48376,7 +48631,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48409,7 +48664,7 @@ ], "summary": "Returns the specified edge-native cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -48464,7 +48719,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48519,7 +48774,7 @@ ], "summary": "Creates a edge-native cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48549,7 +48804,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -48600,7 +48855,7 @@ ], "summary": "Updates the specified edge-native cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48633,7 +48888,7 @@ ], "summary": "Retrieves a list of edge-native machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -48693,7 +48948,7 @@ ], "summary": "Adds the edge-native machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48723,7 +48978,7 @@ ], "summary": "Deletes the specified edge-native machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -48754,7 +49009,7 @@ ], "summary": "Returns the specified edge-native machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -48812,7 +49067,7 @@ ], "summary": "Updates the specified machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48845,7 +49100,7 @@ ], "summary": "Returns the specified EKS cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -48900,7 +49155,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -48946,7 +49201,7 @@ ], "summary": "Updates EKS cloud config's fargate profiles", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49001,7 +49256,7 @@ ], "summary": "Creates an EKS cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49031,7 +49286,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -49082,7 +49337,7 @@ ], "summary": "Updates the specified EKS cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49154,7 +49409,7 @@ ], "summary": "Retrieves a list of EKS machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -49214,7 +49469,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49244,7 +49499,7 @@ ], "summary": "Deletes the specified EKS machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -49275,7 +49530,7 @@ ], "summary": "Returns the specified EKS machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -49333,7 +49588,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49366,7 +49621,7 @@ ], "summary": "Returns the specified GCP cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -49421,7 +49676,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49476,7 +49731,7 @@ ], "summary": "Creates a Gcp cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49506,7 +49761,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -49557,7 +49812,7 @@ ], "summary": "Updates the specified GCP cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49629,7 +49884,7 @@ ], "summary": "Retrieves a list of GCP machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -49689,7 +49944,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49719,7 +49974,7 @@ ], "summary": "Deletes the specified GCP machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -49750,7 +50005,7 @@ ], "summary": "Returns the specified GCP machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -49808,7 +50063,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49841,7 +50096,7 @@ ], "summary": "Returns the specified Generic cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -49896,7 +50151,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49951,7 +50206,7 @@ ], "summary": "Creates a generic cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -49981,7 +50236,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50032,7 +50287,7 @@ ], "summary": "Updates the specified generic cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50104,7 +50359,7 @@ ], "summary": "Retrieves a list of Generic machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50164,7 +50419,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50194,7 +50449,7 @@ ], "summary": "Deletes the specified machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -50225,7 +50480,7 @@ ], "summary": "Returns the specified generic machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50283,7 +50538,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50316,7 +50571,7 @@ ], "summary": "Returns the specified GKE cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50371,7 +50626,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50426,7 +50681,7 @@ ], "summary": "Creates an GKE cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50456,7 +50711,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50507,7 +50762,7 @@ ], "summary": "Updates the specified GKE cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50579,7 +50834,7 @@ ], "summary": "Retrieves a list of GKE machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50639,7 +50894,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50669,7 +50924,7 @@ ], "summary": "Deletes the specified Gcp machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -50700,7 +50955,7 @@ ], "summary": "Returns the specified GKE machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50758,7 +51013,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50791,7 +51046,7 @@ ], "summary": "Returns the specified Maas cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50846,7 +51101,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50901,7 +51156,7 @@ ], "summary": "Creates an Maas cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -50931,7 +51186,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -50982,7 +51237,7 @@ ], "summary": "Updates the specified Maas cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51054,7 +51309,7 @@ ], "summary": "Retrieves a list of Maas machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -51114,7 +51369,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51144,7 +51399,7 @@ ], "summary": "Deletes the specified Maas machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -51175,7 +51430,7 @@ ], "summary": "Returns the specified Maas machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -51233,7 +51488,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51266,7 +51521,7 @@ ], "summary": "Returns the specified Virtual cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -51321,7 +51576,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51376,7 +51631,7 @@ ], "summary": "Creates a virtual cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51406,7 +51661,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -51457,7 +51712,7 @@ ], "summary": "Updates the specified virtual cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51529,7 +51784,7 @@ ], "summary": "Retrieves a list of virtual machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -51589,7 +51844,7 @@ ], "summary": "Adds the machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51619,7 +51874,7 @@ ], "summary": "Deletes the specified virtual machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -51650,7 +51905,7 @@ ], "summary": "Returns the specified virtual machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -51708,7 +51963,7 @@ ], "summary": "Updates the specified machine to the cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51754,7 +52009,7 @@ ], "summary": "Updates and resizes the virtual cluster", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51787,7 +52042,7 @@ ], "summary": "Returns the specified vSphere cloud config", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -51842,7 +52097,7 @@ ], "summary": "Updates the cluster configuration information", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51897,7 +52152,7 @@ ], "summary": "Creates a vSphere cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -51927,7 +52182,7 @@ ], "summary": "Deletes the specified machine pool", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -51978,7 +52233,7 @@ ], "summary": "Updates the specified vSphere cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -52050,7 +52305,7 @@ ], "summary": "Retrieves a list of vSphere machines", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -52110,7 +52365,7 @@ ], "summary": "Adds the vSphere machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -52140,7 +52395,7 @@ ], "summary": "Deletes the specified vSphere machine", "tags": [ - "v1" + "cloudconfigs" ] }, "get": { @@ -52171,7 +52426,7 @@ ], "summary": "Returns the specified vSphere machine", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -52229,7 +52484,7 @@ ], "summary": "Updates the specified machine to cloud config's machine pool", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -52296,7 +52551,7 @@ ], "summary": "Updates the specified machine maintenance", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -52363,7 +52618,7 @@ ], "summary": "Updates the specified machine maintenance", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -52396,7 +52651,7 @@ ], "summary": "Returns the specified cloud config's machine pools and machine uid", "tags": [ - "v1" + "cloudconfigs" ] }, "parameters": [ @@ -52453,7 +52708,7 @@ ], "summary": "Updates the health status of machines for the specified cloud config", "tags": [ - "v1" + "cloudconfigs" ] } }, @@ -52499,7 +52754,7 @@ ], "summary": "Check if CloudStack account is valid", "tags": [ - "v1" + "clouds" ] } }, @@ -52550,7 +52805,7 @@ ], "summary": "Returns the CloudStack disk offerings", "tags": [ - "v1" + "clouds" ] } }, @@ -52589,7 +52844,7 @@ ], "summary": "Returns the CloudStack domains", "tags": [ - "v1" + "clouds" ] } }, @@ -52640,7 +52895,7 @@ ], "summary": "Returns the CloudStack SSH key pairs", "tags": [ - "v1" + "clouds" ] } }, @@ -52697,7 +52952,7 @@ ], "summary": "Returns the CloudStack networks", "tags": [ - "v1" + "clouds" ] } }, @@ -52754,7 +53009,7 @@ ], "summary": "Returns the CloudStack compute offerings", "tags": [ - "v1" + "clouds" ] } }, @@ -52793,7 +53048,7 @@ ], "summary": "Returns the CloudStack projects", "tags": [ - "v1" + "clouds" ] } }, @@ -52853,7 +53108,7 @@ ], "summary": "Returns the CloudStack templates", "tags": [ - "v1" + "clouds" ] } }, @@ -52904,7 +53159,7 @@ ], "summary": "Returns the CloudStack Vpcs", "tags": [ - "v1" + "clouds" ] } }, @@ -52943,7 +53198,7 @@ ], "summary": "Returns the CloudStack zones", "tags": [ - "v1" + "clouds" ] } }, @@ -52985,7 +53240,7 @@ ], "summary": "Retrieves the Aws secret credentials", "tags": [ - "v1" + "clouds" ] } }, @@ -53029,7 +53284,7 @@ ], "summary": "Retrieves AWS external id and account id", "tags": [ - "v1" + "clouds" ] } }, @@ -53074,7 +53329,7 @@ ], "summary": "Validate the specified AWS account credentials", "tags": [ - "v1" + "clouds" ] } }, @@ -53107,7 +53362,7 @@ ], "summary": "Retrieves a list of AWS AMI types", "tags": [ - "v1" + "clouds" ] } }, @@ -53141,7 +53396,7 @@ ], "summary": "Get AWS API endpoints configuration", "tags": [ - "v1" + "clouds" ] } }, @@ -53187,7 +53442,7 @@ ], "summary": "validates aws cloud watch credentials", "tags": [ - "v1" + "clouds" ] } }, @@ -53229,7 +53484,7 @@ ], "summary": "Retrieves AWS cloud account usage cost from cost explorer.", "tags": [ - "v1" + "clouds" ] } }, @@ -53284,7 +53539,7 @@ ], "summary": "Get AWS Volume Size", "tags": [ - "v1" + "clouds" ] } }, @@ -53332,7 +53587,7 @@ ], "summary": "Retrieves a list of AWS policies for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -53383,7 +53638,7 @@ ], "summary": "Validate the aws policy arns validate", "tags": [ - "v1" + "clouds" ] } }, @@ -53428,7 +53683,7 @@ ], "summary": "Validate AWS properties", "tags": [ - "v1" + "clouds" ] } }, @@ -53468,7 +53723,7 @@ ], "summary": "Retrieves a list of AWS regions for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -53515,7 +53770,7 @@ ], "summary": "Retrieves a list of AWS availability zones for the specified region", "tags": [ - "v1" + "clouds" ] } }, @@ -53563,7 +53818,7 @@ ], "summary": "Copies the specified image from one region to another region", "tags": [ - "v1" + "clouds" ] } }, @@ -53621,7 +53876,7 @@ ], "summary": "Check if Aws cluster name is valid", "tags": [ - "v1" + "clouds" ] } }, @@ -53669,7 +53924,7 @@ ], "summary": "Returns AWS image for the specified AMI name", "tags": [ - "v1" + "clouds" ] } }, @@ -53743,7 +53998,7 @@ ], "summary": "Retrieves a list of AWS instance types", "tags": [ - "v1" + "clouds" ] } }, @@ -53790,7 +54045,7 @@ ], "summary": "Retrieves a list of AWS keypairs", "tags": [ - "v1" + "clouds" ] } }, @@ -53847,7 +54102,7 @@ ], "summary": "Validate the specified AWS keypair", "tags": [ - "v1" + "clouds" ] } }, @@ -53901,7 +54156,7 @@ ], "summary": "Get AWS KMS key by Id", "tags": [ - "v1" + "clouds" ] } }, @@ -53948,7 +54203,7 @@ ], "summary": "Retrieves a list of AWS KMS keys for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -54005,7 +54260,7 @@ ], "summary": "Validate an Aws KMS key for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -54052,7 +54307,7 @@ ], "summary": "Retrieves a list of AWS Host Resource Groups for the specified account and region", "tags": [ - "v1" + "clouds" ] } }, @@ -54107,7 +54362,7 @@ ], "summary": "Retrieves license configurations for the specified Host Resource Group", "tags": [ - "v1" + "clouds" ] } }, @@ -54163,7 +54418,7 @@ ], "summary": "Validates available capacity for an instance type in a Host Resource Group", "tags": [ - "v1" + "clouds" ] } }, @@ -54203,7 +54458,7 @@ ], "summary": "Retrieves a list of AWS storage types", "tags": [ - "v1" + "clouds" ] } }, @@ -54250,7 +54505,7 @@ ], "summary": "Retrieves a list of VPCs for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -54295,7 +54550,7 @@ ], "summary": "Validate the AWS S3 bucket", "tags": [ - "v1" + "clouds" ] } }, @@ -54348,7 +54603,7 @@ ], "summary": "Retrieves a list of AWS security groups for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -54389,7 +54644,7 @@ ], "summary": "Get all AWS Volume Types", "tags": [ - "v1" + "clouds" ] } }, @@ -54435,7 +54690,7 @@ ], "summary": "Check if Azure account is valid", "tags": [ - "v1" + "clouds" ] } }, @@ -54474,7 +54729,7 @@ ], "summary": "Retrieves a list of Azure groups", "tags": [ - "v1" + "clouds" ] } }, @@ -54519,7 +54774,7 @@ ], "summary": "Retrieves a list of Azure regions", "tags": [ - "v1" + "clouds" ] } }, @@ -54592,7 +54847,7 @@ ], "summary": "Retrieves a list of Azure instance types", "tags": [ - "v1" + "clouds" ] } }, @@ -54632,7 +54887,7 @@ ], "summary": "Retrieves a list of Azure storage types", "tags": [ - "v1" + "clouds" ] } }, @@ -54704,7 +54959,7 @@ ], "summary": "Check if Azure cluster name is valid", "tags": [ - "v1" + "clouds" ] } }, @@ -54764,7 +55019,7 @@ ], "summary": "Retrieves a list of Azure virtual network list for the sepcified account", "tags": [ - "v1" + "clouds" ] } }, @@ -54818,7 +55073,7 @@ ], "summary": "Retrieves a list of Azure resource group for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -54870,7 +55125,7 @@ ], "summary": "Retrieves a list of Azure zones for the specified region", "tags": [ - "v1" + "clouds" ] } }, @@ -54925,7 +55180,7 @@ ], "summary": "Get Azure private DNS zones for the given resource group", "tags": [ - "v1" + "clouds" ] } }, @@ -54979,7 +55234,7 @@ ], "summary": "Get Azure storage accounts", "tags": [ - "v1" + "clouds" ] } }, @@ -55040,7 +55295,7 @@ ], "summary": "Get Azure storage containers", "tags": [ - "v1" + "clouds" ] } }, @@ -55080,7 +55335,7 @@ ], "summary": "Get Azure storage account types", "tags": [ - "v1" + "clouds" ] } }, @@ -55121,7 +55376,7 @@ ], "summary": "Retrieves a list of Azure subscription list for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -55168,7 +55423,7 @@ ], "summary": "Returns the Azure vhd url for the specified vhd location", "tags": [ - "v1" + "clouds" ] } }, @@ -55201,7 +55456,7 @@ ], "summary": "Returns the custom cloud types", "tags": [ - "v1" + "clouds" ] } }, @@ -55248,7 +55503,7 @@ ], "summary": "Registers the custom cloud type", "tags": [ - "v1" + "clouds" ] } }, @@ -55285,7 +55540,7 @@ ], "summary": "Deletes the custom cloud type", "tags": [ - "v1" + "clouds" ] } }, @@ -55318,7 +55573,7 @@ ], "summary": "Returns valid keys for the cloud account used for custom cloud type", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -55370,7 +55625,7 @@ ], "summary": "Update the custom cloud type cloud account keys", "tags": [ - "v1" + "clouds" ] } }, @@ -55400,7 +55655,7 @@ ], "summary": "Delete the custom cloud type bootstrap", "tags": [ - "v1" + "clouds" ] }, "get": { @@ -55431,7 +55686,7 @@ ], "summary": "Returns the custom cloud type bootstrap", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -55482,7 +55737,7 @@ ], "summary": "Update the custom cloud type bootstrap", "tags": [ - "v1" + "clouds" ] } }, @@ -55512,7 +55767,7 @@ ], "summary": "Delete the custom cloud type cloud provider", "tags": [ - "v1" + "clouds" ] }, "get": { @@ -55543,7 +55798,7 @@ ], "summary": "Returns the custom cloud type cloud provider", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -55594,7 +55849,7 @@ ], "summary": "Update the custom cloud type cloud provider", "tags": [ - "v1" + "clouds" ] } }, @@ -55624,7 +55879,7 @@ ], "summary": "Delete the custom cloud type control plane", "tags": [ - "v1" + "clouds" ] }, "get": { @@ -55655,7 +55910,7 @@ ], "summary": "Returns the custom cloud type control plane", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -55706,7 +55961,7 @@ ], "summary": "Update the custom cloud type control plane", "tags": [ - "v1" + "clouds" ] } }, @@ -55736,7 +55991,7 @@ ], "summary": "Delete the custom cloud type core", "tags": [ - "v1" + "clouds" ] }, "get": { @@ -55767,7 +56022,7 @@ ], "summary": "Returns the custom cloud type core", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -55818,7 +56073,7 @@ ], "summary": "Update the custom cloud type core", "tags": [ - "v1" + "clouds" ] } }, @@ -55848,7 +56103,7 @@ ], "summary": "Delete the custom cloud type cluster template", "tags": [ - "v1" + "clouds" ] }, "get": { @@ -55879,7 +56134,7 @@ ], "summary": "Returns the custom cloud type cluster template", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -55930,7 +56185,7 @@ ], "summary": "Update the custom cloud type cluster template", "tags": [ - "v1" + "clouds" ] } }, @@ -55960,7 +56215,7 @@ ], "summary": "Delete the custom cloud type controlPlane pool template", "tags": [ - "v1" + "clouds" ] }, "get": { @@ -55991,7 +56246,7 @@ ], "summary": "Returns the custom cloud type controlPlane pool template", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -56042,7 +56297,7 @@ ], "summary": "Update the custom cloud type controlPlane pool template", "tags": [ - "v1" + "clouds" ] } }, @@ -56072,7 +56327,7 @@ ], "summary": "Delete the custom cloud type worker pool template", "tags": [ - "v1" + "clouds" ] }, "get": { @@ -56103,7 +56358,7 @@ ], "summary": "Returns the custom cloud type worker pool template", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -56154,7 +56409,7 @@ ], "summary": "Update the custom cloud type worker pool template", "tags": [ - "v1" + "clouds" ] } }, @@ -56196,7 +56451,7 @@ ], "summary": "Returns the custom cloud type logo", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -56247,7 +56502,7 @@ ], "summary": "Update the custom cloud type logo", "tags": [ - "v1" + "clouds" ] } }, @@ -56280,7 +56535,7 @@ ], "summary": "Returns the custom cloud type meta", "tags": [ - "v1" + "clouds" ] }, "parameters": [ @@ -56326,7 +56581,7 @@ ], "summary": "Update the custom cloud type meta", "tags": [ - "v1" + "clouds" ] } }, @@ -56371,7 +56626,7 @@ ], "summary": "Validate EKS properties", "tags": [ - "v1" + "clouds" ] } }, @@ -56416,7 +56671,7 @@ ], "summary": "Validate the specified GCP account credentials", "tags": [ - "v1" + "clouds" ] } }, @@ -56461,7 +56716,7 @@ ], "summary": "Validate the specified GCP az", "tags": [ - "v1" + "clouds" ] } }, @@ -56506,7 +56761,7 @@ ], "summary": "Validate the specified GCP bucket name credentials", "tags": [ - "v1" + "clouds" ] } }, @@ -56556,7 +56811,7 @@ ], "summary": "Validates the image with tag", "tags": [ - "v1" + "clouds" ] } }, @@ -56596,7 +56851,7 @@ ], "summary": "Returns the Gcp image url for the specified image location", "tags": [ - "v1" + "clouds" ] } }, @@ -56636,7 +56891,7 @@ ], "summary": "Retrieves a list of GCP projects for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -56683,7 +56938,7 @@ ], "summary": "Retrieves a list of GCP regions", "tags": [ - "v1" + "clouds" ] } }, @@ -56737,7 +56992,7 @@ ], "summary": "Retrieves a list of GCP networks for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -56791,7 +57046,7 @@ ], "summary": "Retrieves a list of GCP zones for the specified account and region", "tags": [ - "v1" + "clouds" ] } }, @@ -56843,7 +57098,7 @@ ], "summary": "Validate the specified GCP project", "tags": [ - "v1" + "clouds" ] } }, @@ -56890,7 +57145,7 @@ ], "summary": "Retrieves a list of GCP zones for the specified account", "tags": [ - "v1" + "clouds" ] } }, @@ -56935,7 +57190,7 @@ ], "summary": "Validate GCP properties", "tags": [ - "v1" + "clouds" ] } }, @@ -56996,7 +57251,7 @@ ], "summary": "Retrieves a list of GCP instance types", "tags": [ - "v1" + "clouds" ] } }, @@ -57036,7 +57291,7 @@ ], "summary": "Retrieves a list of Gcp storage types", "tags": [ - "v1" + "clouds" ] } }, @@ -57082,7 +57337,7 @@ ], "summary": "Check if Maas account is valid", "tags": [ - "v1" + "clouds" ] } }, @@ -57121,7 +57376,7 @@ ], "summary": "Retrieves a list of Maas zones for a particular account uid", "tags": [ - "v1" + "clouds" ] } }, @@ -57160,7 +57415,7 @@ ], "summary": "Retrieves a list of Maas domains", "tags": [ - "v1" + "clouds" ] } }, @@ -57199,7 +57454,7 @@ ], "summary": "Retrieves a list of Maas pools for a particular account uid", "tags": [ - "v1" + "clouds" ] } }, @@ -57238,7 +57493,7 @@ ], "summary": "Retrieves a list of Maas subnets for a particular account uid", "tags": [ - "v1" + "clouds" ] } }, @@ -57277,7 +57532,7 @@ ], "summary": "Retrieves a list of Maas tags for a particular account uid", "tags": [ - "v1" + "clouds" ] } }, @@ -57323,7 +57578,7 @@ ], "summary": "Check if Vsphere account is valid", "tags": [ - "v1" + "clouds" ] } }, @@ -57362,7 +57617,7 @@ ], "summary": "Returns the vsphere data centers", "tags": [ - "v1" + "clouds" ] } }, @@ -57416,7 +57671,7 @@ ], "summary": "Returns the resources for vsphere compute cluster", "tags": [ - "v1" + "clouds" ] } }, @@ -57458,7 +57713,7 @@ ], "summary": "Retrieves vsphere env", "tags": [ - "v1" + "clouds" ] } }, @@ -57512,7 +57767,7 @@ ], "summary": "Returns the cloud compute rate", "tags": [ - "v1" + "clouds" ] } }, @@ -57572,7 +57827,7 @@ ], "summary": "Returns the cloud storage rate", "tags": [ - "v1" + "clouds" ] } }, @@ -57618,7 +57873,7 @@ ], "summary": "Create a new cluster template", "tags": [ - "v1" + "clusterTemplates" ] } }, @@ -57664,7 +57919,7 @@ ], "summary": "Update the specified cluster's template variables", "tags": [ - "v1" + "clusterTemplates" ] } }, @@ -57697,7 +57952,7 @@ ], "summary": "Retrieves a list of cluster template tags", "tags": [ - "v1" + "clusterTemplates" ] } }, @@ -57739,7 +57994,7 @@ ], "summary": "Validates the cluster template name", "tags": [ - "v1" + "clusterTemplates" ] } }, @@ -57769,7 +58024,7 @@ ], "summary": "Delete a cluster template by uid", "tags": [ - "v1" + "clusterTemplates" ] }, "get": { @@ -57800,7 +58055,7 @@ ], "summary": "Returns the specified cluster template", "tags": [ - "v1" + "clusterTemplates" ] }, "parameters": [ @@ -57855,7 +58110,7 @@ ], "summary": "Update the specified cluster template metadata", "tags": [ - "v1" + "clusterTemplates" ] } }, @@ -57901,7 +58156,7 @@ ], "summary": "Update the specified cluster template policies", "tags": [ - "v1" + "clusterTemplates" ] } }, @@ -57947,7 +58202,7 @@ ], "summary": "Update the specified cluster template profiles", "tags": [ - "v1" + "clusterTemplates" ] } }, @@ -57993,7 +58248,7 @@ ], "summary": "Update variables for profiles in a cluster template", "tags": [ - "v1" + "clusterTemplates" ] } }, @@ -58026,7 +58281,7 @@ ], "summary": "Retrieve variables for a specific profile in a cluster template", "tags": [ - "v1" + "clusterTemplates" ] }, "parameters": [ @@ -58075,7 +58330,7 @@ ], "summary": "Returns the cluster reconcile document for a specific cluster launched from a template", "tags": [ - "v1" + "clusterTemplates" ] }, "parameters": [ @@ -58137,7 +58392,7 @@ ], "summary": "Create cluster groups", "tags": [ - "v1" + "clustergroups" ] } }, @@ -58170,7 +58425,7 @@ ], "summary": "Get cluster group developer credit usage by scope", "tags": [ - "v1" + "clustergroups" ] }, "parameters": [ @@ -58215,7 +58470,7 @@ ], "summary": "Retrieves a list of cluster groups host cluster summary", "tags": [ - "v1" + "clustergroups" ] } }, @@ -58248,7 +58503,7 @@ ], "summary": "Retrieves a list of cluster groups host cluster metadata", "tags": [ - "v1" + "clustergroups" ] } }, @@ -58290,7 +58545,7 @@ ], "summary": "Validates the cluster groups name", "tags": [ - "v1" + "clustergroups" ] } }, @@ -58320,7 +58575,7 @@ ], "summary": "Deletes the specified cluster group", "tags": [ - "v1" + "clustergroups" ] }, "get": { @@ -58351,7 +58606,7 @@ ], "summary": "Returns the specified cluster groups", "tags": [ - "v1" + "clustergroups" ] }, "parameters": [ @@ -58404,7 +58659,7 @@ ], "summary": "Updates cluster reference and host cluster config", "tags": [ - "v1" + "clustergroups" ] } }, @@ -58449,7 +58704,7 @@ ], "summary": "Updates the specified cluster groups meta", "tags": [ - "v1" + "clustergroups" ] } }, @@ -58482,7 +58737,7 @@ ], "summary": "Returns the specified clustergroup's profile packs resolved values", "tags": [ - "v1" + "clustergroups" ] }, "parameters": [ @@ -58537,7 +58792,7 @@ ], "summary": "Returns the associated profiles of a specified cluster group", "tags": [ - "v1" + "clustergroups" ] }, "parameters": [ @@ -58581,7 +58836,7 @@ ], "summary": "Updates the specified cluster groups profiles", "tags": [ - "v1" + "clustergroups" ] } }, @@ -58633,7 +58888,7 @@ ], "summary": "Creates a cluster profile", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -58673,7 +58928,7 @@ ], "summary": "Deletes list of cluster profiles", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -58725,7 +58980,7 @@ ], "summary": "Imports a cluster profile", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -58790,7 +59045,7 @@ ], "summary": "Imports a cluster profile via file", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -58830,7 +59085,7 @@ ], "summary": "Validates cluster profile import", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -58863,7 +59118,7 @@ ], "summary": "Retrieves a list of macros", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -58912,7 +59167,7 @@ ], "summary": "Validates the cluster profile metadata", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -58952,7 +59207,7 @@ ], "summary": "Validates cluster profile packs", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -58982,7 +59237,7 @@ ], "summary": "Deletes the specified cluster profile", "tags": [ - "v1" + "clusterprofiles" ] }, "get": { @@ -59013,7 +59268,7 @@ ], "summary": "Returns a specified cluster profile", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59079,7 +59334,7 @@ ], "summary": "Updates the specified cluster profile", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59134,7 +59389,7 @@ ], "summary": "Creates a clone of the specified cluster profile", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59187,7 +59442,7 @@ ], "summary": "Validates the cluster profile clone", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59229,7 +59484,7 @@ ], "summary": "Export the specified cluster profile", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59291,7 +59546,7 @@ ], "summary": "Downloads the specified cluster profile", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59357,7 +59612,7 @@ ], "summary": "Updates the specified cluster profile metadata", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59409,7 +59664,7 @@ ], "summary": "Updates cluster profile packs ref", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59442,7 +59697,7 @@ ], "summary": "Returns the specified cluster profile packs", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59501,7 +59756,7 @@ ], "summary": "Adds a new pack to the specified cluster profile and returns the created pack uid", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59534,7 +59789,7 @@ ], "summary": "Returns the specified cluster profile pack manifests", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59582,7 +59837,7 @@ ], "summary": "Returns the specified cluster profile packs resolved values", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59628,7 +59883,7 @@ ], "summary": "Deletes the specified pack information in the cluster profile", "tags": [ - "v1" + "clusterprofiles" ] }, "get": { @@ -59659,7 +59914,7 @@ ], "summary": "Returns the specified cluster profile pack", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59710,7 +59965,7 @@ ], "summary": "Updates the specified pack information in the cluster profile", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59764,7 +60019,7 @@ ], "summary": "Returns the specified cluster profile pack configuration", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59797,7 +60052,7 @@ ], "summary": "Returns the associated manifests for the specified profile's pack", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59857,7 +60112,7 @@ ], "summary": "Adds manifest to the profiles packs and returns the added manifests uid", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -59887,7 +60142,7 @@ ], "summary": "Deletes the specified cluster profile pack manifest", "tags": [ - "v1" + "clusterprofiles" ] }, "get": { @@ -59918,7 +60173,7 @@ ], "summary": "Returns the specified cluster profile pack manifest", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -59976,7 +60231,7 @@ ], "summary": "Updates the specified manifest of the profile's pack", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -60016,7 +60271,7 @@ ], "summary": "Publishes the specified cluster profile", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -60058,7 +60313,7 @@ ], "summary": "Downloads the specified cluster profile", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -60114,7 +60369,7 @@ ], "summary": "Validates specified cluster profile packs", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -60151,7 +60406,7 @@ ], "summary": "Deletes the specified cluster profile variables", "tags": [ - "v1" + "clusterprofiles" ] }, "get": { @@ -60182,7 +60437,7 @@ ], "summary": "Retrieve a list of variables defined for the cluster profile", "tags": [ - "v1" + "clusterprofiles" ] }, "parameters": [ @@ -60226,7 +60481,7 @@ ], "summary": "Update specific variables defined for a cluster profile", "tags": [ - "v1" + "clusterprofiles" ] }, "put": { @@ -60261,7 +60516,7 @@ ], "summary": "Update the variables defined for a cluster profile", "tags": [ - "v1" + "clusterprofiles" ] } }, @@ -60322,7 +60577,7 @@ ], "summary": "Retrieves a list of application deployments filter summary Supported filter fields - [\"appDeploymentName\", \"clusterUid\", \"tags\"] Supported sort fields - [\"appDeploymentName\", \"creationTimestamp\", \"lastModifiedTimestamp\"]", "tags": [ - "v1" + "dashboard" ] } }, @@ -60383,7 +60638,7 @@ ], "summary": "Retrieves a list of application profiles filter summary Supported filter fields - [\"profileName\", \"tags\"] Supported sort fields - [\"profileName\", \"creationTimestamp\", \"lastModifiedTimestamp\"]", "tags": [ - "v1" + "dashboard" ] } }, @@ -60416,7 +60671,7 @@ ], "summary": "Retrieves a list of application profile metadata", "tags": [ - "v1" + "dashboard" ] } }, @@ -60456,7 +60711,7 @@ ], "summary": "Retrieves a list of edgehosts summary", "tags": [ - "v1" + "dashboard" ] } }, @@ -60494,7 +60749,7 @@ ], "summary": "Retrieves a list of cloud accounts metadata", "tags": [ - "v1" + "dashboard" ] } }, @@ -60555,7 +60810,7 @@ ], "summary": "Retrieves a list of cluster templates filter summary Supported filter fields - [\"clusterTemplateName\", \"tags\", \"cloudType\",\"projectUid\", \"policyUid\"] Supported sort fields - [\"clusterTemplateName\", \"creationTimestamp\", \"lastModifiedTimestamp\"]", "tags": [ - "v1" + "dashboard" ] } }, @@ -60588,7 +60843,7 @@ ], "summary": "Retrieves a list of all cluster template metadata.", "tags": [ - "v1" + "dashboard" ] } }, @@ -60628,7 +60883,7 @@ ], "summary": "Retrieves spectroclusters meta information for clusters launched using the specified cluster template.", "tags": [ - "v1" + "dashboard" ] } }, @@ -60695,7 +60950,7 @@ ], "summary": "Retrieves a list of cluster summary for a given cluster group", "tags": [ - "v1" + "dashboard" ] } }, @@ -60762,7 +61017,7 @@ ], "summary": "Retrieves a list of cluster summary for a given cluster group", "tags": [ - "v1" + "dashboard" ] } }, @@ -60823,7 +61078,7 @@ ], "summary": "Retrieves a list of cluster profiles filter summary Supported filter fields - ['profileName', 'tags', 'profileType', 'environment', 'resourceType'] Supported sort fields - ['profileName', 'environment', 'profileType', 'creationTimestamp', 'lastModifiedTimestamp']", "tags": [ - "v1" + "dashboard" ] } }, @@ -60856,7 +61111,7 @@ ], "summary": "Retrieves a list of cluster profiles metadata", "tags": [ - "v1" + "dashboard" ] } }, @@ -60889,7 +61144,7 @@ ], "summary": "Retrieves a specified cluster profile summary", "tags": [ - "v1" + "dashboard" ] }, "parameters": [ @@ -60958,7 +61213,7 @@ ], "summary": "Retrieves a list of Edgehosts summary with provided search filter. Supported fields as per schema /v1/dashboard/edgehosts/search/schema", "tags": [ - "v1" + "dashboard" ] } }, @@ -60991,7 +61246,7 @@ ], "summary": "Retrieves a schema for the Edgehost search filter", "tags": [ - "v1" + "dashboard" ] } }, @@ -61052,7 +61307,7 @@ ], "summary": "Retrieves a list of PCG summary with provided search filter. Supported fields as per schema /v1/dashboard/pcgs/search/schema", "tags": [ - "v1" + "dashboard" ] } }, @@ -61085,7 +61340,7 @@ ], "summary": "Retrieves a schema for the PCG search filter", "tags": [ - "v1" + "dashboard" ] } }, @@ -61148,7 +61403,7 @@ ], "summary": "Retrieves a list of project summary", "tags": [ - "v1" + "dashboard" ] }, "post": { @@ -61206,7 +61461,7 @@ } ], "tags": [ - "v1" + "dashboard" ] } }, @@ -61245,7 +61500,7 @@ ], "summary": "Retrieves a list of projects metadata", "tags": [ - "v1" + "dashboard" ] } }, @@ -61306,7 +61561,7 @@ ], "summary": "Retrieves a list of spc policies filter summary Supported filter fields - [\"policyName\", \"tags\", \"policyType\"] Supported sort fields - [\"policyName\", \"policyType\", \"creationTimestamp\", \"lastModifiedTimestamp\"]", "tags": [ - "v1" + "dashboard" ] } }, @@ -61339,7 +61594,7 @@ ], "summary": "Retrieves a list of all spc policies metadata.", "tags": [ - "v1" + "dashboard" ] } }, @@ -61401,7 +61656,7 @@ ], "summary": "Retrieves a list of cluster summary with provided filter spec Supported filter fields - [\"cpuUsage\", \"memoryUsage\", \"clusterName\", \"tags\", \"healthState\", \"clusterStates\", \"isDeleted\", \"environments\", \"metricPeriod\"] Supported sort fields - [\"environment\", \"clusterName\", \"memoryUsage\", \"healthState\", \"creationTimestamp\", \"lastModifiedTimestamp\"]", "tags": [ - "v1" + "dashboard" ] } }, @@ -61441,7 +61696,7 @@ ], "summary": "Retrieves spectro clusters cloud cost summary information", "tags": [ - "v1" + "dashboard" ] } }, @@ -61495,7 +61750,7 @@ ], "summary": "Retrieves a list of running, non rbac configured clusters in a workspace", "tags": [ - "v1" + "dashboard" ] } }, @@ -61529,7 +61784,7 @@ ], "summary": "Get all clusters metadata", "tags": [ - "v1" + "dashboard" ] } }, @@ -61572,7 +61827,7 @@ ], "summary": "Retrieves a list of cluster summary metadata", "tags": [ - "v1" + "dashboard" ] }, "post": { @@ -61610,7 +61865,7 @@ ], "summary": "Retrieves a list of cluster summary", "tags": [ - "v1" + "dashboard" ] } }, @@ -61650,7 +61905,7 @@ ], "summary": "Retrieves a list of cluster metadata with provided search filter spec Supported sort fields - [\"environment\", \"clusterName\", \"clusterState\", \"creationTimestamp\", \"lastModifiedTimestamp\"]", "tags": [ - "v1" + "dashboard" ] } }, @@ -61683,7 +61938,7 @@ ], "summary": "Retrieves a schema for the cluster metadata search filter", "tags": [ - "v1" + "dashboard" ] } }, @@ -61748,7 +62003,7 @@ ], "summary": "Retrieves a list of clusters with the desired repave state", "tags": [ - "v1" + "dashboard" ] } }, @@ -61788,7 +62043,7 @@ ], "summary": "Retrieves spectro clusters resource consumption", "tags": [ - "v1" + "dashboard" ] } }, @@ -61828,7 +62083,7 @@ ], "summary": "Retrieves spectro clusters resources cost summary information", "tags": [ - "v1" + "dashboard" ] } }, @@ -61868,7 +62123,7 @@ ], "summary": "Retrieves spectro clusters resources usage summary information", "tags": [ - "v1" + "dashboard" ] } }, @@ -61929,7 +62184,7 @@ ], "summary": "Retrieves a list of cluster summary with provided search filter spec Supported sort fields - [\"environment\", \"clusterName\", \"memoryUsage\", \"healthState\", \"creationTimestamp\", \"lastModifiedTimestamp\"]", "tags": [ - "v1" + "dashboard" ] } }, @@ -61987,7 +62242,7 @@ ], "summary": "Export and download the list of cluster summary with matching search filter and download as a file(csv)", "tags": [ - "v1" + "dashboard" ] }, "post": { @@ -62043,7 +62298,7 @@ ], "summary": "Export the list of cluster summary with matching search filter and download as a file(csv) Supported sort fields - [\"environment\", \"clusterName\", \"healthState\", \"creationTimestamp\", \"lastModifiedTimestamp\"]", "tags": [ - "v1" + "dashboard" ] } }, @@ -62076,7 +62331,7 @@ ], "summary": "Retrieves a supported input values for the cluster search filter", "tags": [ - "v1" + "dashboard" ] } }, @@ -62109,7 +62364,7 @@ ], "summary": "Retrieves a schema for the cluster search filter", "tags": [ - "v1" + "dashboard" ] } }, @@ -62142,7 +62397,7 @@ ], "summary": "Retrieves a list of Virtual machine enabled clusters", "tags": [ - "v1" + "dashboard" ] } }, @@ -62175,7 +62430,7 @@ ], "summary": "Returns the specified cluster summary", "tags": [ - "v1" + "dashboard" ] }, "parameters": [ @@ -62238,7 +62493,7 @@ ], "summary": "Retrieves the specified cluster cost summary", "tags": [ - "v1" + "dashboard" ] }, "parameters": [ @@ -62279,7 +62534,7 @@ ], "summary": "Returns the specified cluster summary overview", "tags": [ - "v1" + "dashboard" ] }, "parameters": [ @@ -62335,7 +62590,7 @@ ], "summary": "Retrieves specified spectro cluster resource consumption", "tags": [ - "v1" + "dashboard" ] } }, @@ -62383,7 +62638,7 @@ ], "summary": "Retrieves specified cluster workloads", "tags": [ - "v1" + "dashboard" ] } }, @@ -62431,7 +62686,7 @@ ], "summary": "Retrieves specified cluster workload clusterrolebindings", "tags": [ - "v1" + "dashboard" ] } }, @@ -62479,7 +62734,7 @@ ], "summary": "Retrieves specified cluster workload cronjobs", "tags": [ - "v1" + "dashboard" ] } }, @@ -62527,7 +62782,7 @@ ], "summary": "Retrieves specified cluster workload daemonsets", "tags": [ - "v1" + "dashboard" ] } }, @@ -62575,7 +62830,7 @@ ], "summary": "Retrieves specified cluster workload deployments", "tags": [ - "v1" + "dashboard" ] } }, @@ -62623,7 +62878,7 @@ ], "summary": "Retrieves specified cluster workload jobs", "tags": [ - "v1" + "dashboard" ] } }, @@ -62671,7 +62926,7 @@ ], "summary": "Retrieves specified cluster workload namespaces", "tags": [ - "v1" + "dashboard" ] } }, @@ -62719,7 +62974,7 @@ ], "summary": "Retrieves specified cluster workload pods", "tags": [ - "v1" + "dashboard" ] } }, @@ -62767,7 +63022,7 @@ ], "summary": "Retrieves specified cluster workload rolebindings", "tags": [ - "v1" + "dashboard" ] } }, @@ -62815,7 +63070,7 @@ ], "summary": "Retrieves specified cluster workload statefulsets", "tags": [ - "v1" + "dashboard" ] } }, @@ -62848,7 +63103,7 @@ ], "summary": "Retrieves a list of workspace", "tags": [ - "v1" + "dashboard" ] } }, @@ -62896,7 +63151,7 @@ ], "summary": "Retrieves specified workspace clusters workload clusterrolebindings", "tags": [ - "v1" + "dashboard" ] } }, @@ -62944,7 +63199,7 @@ ], "summary": "Retrieves specified workspace clusters workload cronjobs", "tags": [ - "v1" + "dashboard" ] } }, @@ -62992,7 +63247,7 @@ ], "summary": "Retrieves specified workspace clusters workload daemonsets", "tags": [ - "v1" + "dashboard" ] } }, @@ -63040,7 +63295,7 @@ ], "summary": "Retrieves specified workspace clusters workload deployments", "tags": [ - "v1" + "dashboard" ] } }, @@ -63088,7 +63343,7 @@ ], "summary": "Retrieves specified workspace clusters workload jobs", "tags": [ - "v1" + "dashboard" ] } }, @@ -63136,7 +63391,7 @@ ], "summary": "Retrieves specified workspace clusters workload namespaces", "tags": [ - "v1" + "dashboard" ] } }, @@ -63184,7 +63439,7 @@ ], "summary": "Retrieves specified workspace clusters workload pods", "tags": [ - "v1" + "dashboard" ] } }, @@ -63232,7 +63487,7 @@ ], "summary": "Retrieves specified workspace clusters workload rolebindings", "tags": [ - "v1" + "dashboard" ] } }, @@ -63280,7 +63535,7 @@ ], "summary": "Retrieves specified workspace clusters workload statefulsets", "tags": [ - "v1" + "dashboard" ] } }, @@ -63326,7 +63581,7 @@ ], "summary": "sync data to cloud watch", "tags": [ - "v1" + "datasinks" ] } }, @@ -63369,7 +63624,7 @@ ], "summary": "Retrieve the Complete Edgehost Metadata List", "tags": [ - "v1" + "edgehosts" ] }, "post": { @@ -63413,7 +63668,7 @@ ], "summary": "Create the edge host device", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63463,7 +63718,7 @@ ], "summary": "Retrieves a list of edge hosts metadata matching the filter condition", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63503,7 +63758,7 @@ ], "summary": "Registers the edge host device", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63536,7 +63791,7 @@ ], "summary": "Retrieves a list of edge hosts tags", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63569,7 +63824,7 @@ ], "summary": "Retrieves a list of edge tokens", "tags": [ - "v1" + "edgehosts" ] }, "post": { @@ -63613,7 +63868,7 @@ ], "summary": "Create the edge token", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63643,7 +63898,7 @@ ], "summary": "Deletes the specified edge token", "tags": [ - "v1" + "edgehosts" ] }, "get": { @@ -63674,7 +63929,7 @@ ], "summary": "Returns the specified edge token", "tags": [ - "v1" + "edgehosts" ] }, "parameters": [ @@ -63718,7 +63973,7 @@ ], "summary": "Updates the specified edge token", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63764,7 +64019,7 @@ ], "summary": "Revoke or re-activate the edge token access", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63794,7 +64049,7 @@ ], "summary": "Deletes the specified edge host device", "tags": [ - "v1" + "edgehosts" ] }, "get": { @@ -63832,7 +64087,7 @@ ], "summary": "Returns the specified edge host device", "tags": [ - "v1" + "edgehosts" ] }, "parameters": [ @@ -63875,7 +64130,7 @@ ], "summary": "Updates the specified edge host device", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63905,7 +64160,7 @@ ], "summary": "Deassociate the clusters to the edge host", "tags": [ - "v1" + "edgehosts" ] }, "parameters": [ @@ -63948,7 +64203,7 @@ ], "summary": "Associate the clusters to the edge host", "tags": [ - "v1" + "edgehosts" ] } }, @@ -63981,7 +64236,7 @@ ], "summary": "Get the specified edge host device configuration", "tags": [ - "v1" + "edgehosts" ] }, "parameters": [ @@ -64034,7 +64289,7 @@ ], "summary": "Updates the edge host health", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64079,7 +64334,7 @@ ], "summary": "Update the specified edge host device host check sum", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64124,7 +64379,7 @@ ], "summary": "Update the specified edge host device host pairing key", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64169,7 +64424,7 @@ ], "summary": "Updates the specified edge host device meta", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64223,7 +64478,7 @@ ], "summary": "Returns the specified edge host's manifest", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64268,7 +64523,7 @@ ], "summary": "Patch update specified edge host's packs status", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64307,7 +64562,7 @@ ], "summary": "Returns the associated profiles of a specified edge host device", "tags": [ - "v1" + "edgehosts" ] }, "parameters": [ @@ -64350,7 +64605,7 @@ ], "summary": "Associate cluster profiles to the specified edge host device", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64395,7 +64650,7 @@ ], "summary": "Reset the cluster through edge host", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64437,7 +64692,7 @@ ], "summary": "Download the specified edge host device spc", "tags": [ - "v1" + "edgehosts" ] }, "parameters": [ @@ -64490,7 +64745,7 @@ ], "summary": "Updates the specified edge host device tunnel configuration", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64535,7 +64790,7 @@ ], "summary": "Updates the edge host tunnel status", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64580,7 +64835,7 @@ ], "summary": "Updates the specified edge host device vsphere properties", "tags": [ - "v1" + "edgehosts" ] } }, @@ -64653,7 +64908,7 @@ ], "summary": "Returns a paginated list of component events based on request parameters", "tags": [ - "v1" + "events" ] }, "post": { @@ -64698,7 +64953,7 @@ ], "summary": "Creates a component event", "tags": [ - "v1" + "events" ] } }, @@ -64739,7 +64994,7 @@ ], "summary": "Creates the component events in bulk", "tags": [ - "v1" + "events" ] } }, @@ -64769,7 +65024,7 @@ ], "summary": "Delete all the components events for the specified related object", "tags": [ - "v1" + "events" ] }, "get": { @@ -64840,7 +65095,7 @@ ], "summary": "Returns a list of components events for the specified related object", "tags": [ - "v1" + "events" ] }, "parameters": [ @@ -64893,7 +65148,7 @@ ], "summary": "Retrieves the list of features", "tags": [ - "v1" + "features" ] } }, @@ -64939,7 +65194,7 @@ ], "summary": "Update a feature", "tags": [ - "v1" + "features" ] } }, @@ -64993,7 +65248,7 @@ ], "summary": "Returns a list of Filters", "tags": [ - "v1" + "filters" ] } }, @@ -65032,7 +65287,7 @@ ], "summary": "Returns a list of Filters metadata", "tags": [ - "v1" + "filters" ] } }, @@ -65078,7 +65333,7 @@ ], "summary": "Creates a Tag filter", "tags": [ - "v1" + "filters" ] } }, @@ -65108,7 +65363,7 @@ ], "summary": "Delete the specified Filter object", "tags": [ - "v1" + "filters" ] }, "get": { @@ -65139,7 +65394,7 @@ ], "summary": "Returns the specified Filter object", "tags": [ - "v1" + "filters" ] }, "parameters": [ @@ -65182,7 +65437,7 @@ ], "summary": "Updates a Tag filter", "tags": [ - "v1" + "filters" ] } }, @@ -65216,8 +65471,7 @@ ], "summary": "Get Grpc Configuration", "tags": [ - "v1", - "system" + "grpc" ] } }, @@ -65243,7 +65497,7 @@ ], "summary": "Ping Service", "tags": [ - "v1" + "health" ] } }, @@ -65269,7 +65523,7 @@ ], "summary": "Ready Service", "tags": [ - "v1" + "health" ] } }, @@ -65315,8 +65569,7 @@ ], "summary": "Creates the spectro installer", "tags": [ - "v1", - "system" + "installers" ] } }, @@ -65416,7 +65669,7 @@ ], "summary": "Retrieves the list of metrics for a specified resource kind", "tags": [ - "v1" + "metrics" ] } }, @@ -65465,7 +65718,7 @@ ], "summary": "Deletes the metrics of the specified resource", "tags": [ - "v1" + "metrics" ] }, "get": { @@ -65565,7 +65818,7 @@ ], "summary": "Returns the metrics for a specified resource uid", "tags": [ - "v1" + "metrics" ] } }, @@ -65632,7 +65885,7 @@ ], "summary": "Returns a paginated list of notifications based on request parameters", "tags": [ - "v1" + "notifications" ] } }, @@ -65673,7 +65926,7 @@ ], "summary": "Creates a notification event", "tags": [ - "v1" + "notifications" ] } }, @@ -65740,7 +65993,7 @@ ], "summary": "Returns a list of notifications for the specified related object", "tags": [ - "v1" + "notifications" ] }, "parameters": [ @@ -65799,7 +66052,7 @@ ], "summary": "Updates the specified notification for the acknowledgment", "tags": [ - "v1" + "notifications" ] } }, @@ -65831,7 +66084,7 @@ ], "summary": "Updates the specified notification action as done", "tags": [ - "v1" + "notifications" ] } }, @@ -65869,7 +66122,7 @@ ], "summary": "Retrieves a list of overlords owned by the tenant", "tags": [ - "v1" + "overlords" ] } }, @@ -65902,7 +66155,7 @@ ], "summary": "Returns the manifests required for the private gateway installation", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -65964,7 +66217,7 @@ ], "summary": "create the CloudStack cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] }, "put": { @@ -65999,7 +66252,7 @@ ], "summary": "update the CloudStack cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -66055,7 +66308,7 @@ ], "summary": "validate the CloudStack cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -66109,7 +66362,7 @@ ], "summary": "create the CloudStack cloud config for the private gateway", "tags": [ - "v1" + "overlords" ] }, "put": { @@ -66144,7 +66397,7 @@ ], "summary": "update the CloudStack cloud config for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -66177,7 +66430,7 @@ ], "summary": "Returns the specified CloudStack private gateway cluster profile", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -66218,7 +66471,7 @@ ], "summary": "Returns the manifests required for the private gateway installation", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -66280,7 +66533,7 @@ ], "summary": "create the maas cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] }, "put": { @@ -66315,7 +66568,7 @@ ], "summary": "update the maas cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -66370,7 +66623,7 @@ ], "summary": "validate the maas cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -66424,7 +66677,7 @@ ], "summary": "create the maas cloud config for the private gateway", "tags": [ - "v1" + "overlords" ] }, "put": { @@ -66459,7 +66712,7 @@ ], "summary": "update the maas cloud config for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -66492,7 +66745,7 @@ ], "summary": "Returns the specified maas private gateway cluster profile", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -66533,7 +66786,7 @@ ], "summary": "Retrieves a list of IP Pools for the specified maas private gateway", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -66585,7 +66838,7 @@ ], "summary": "Creates an IP pool definition for the specified maas private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -66615,7 +66868,7 @@ ], "summary": "Deletes the maas private gateway's specified IP Pool data", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -66664,7 +66917,7 @@ ], "summary": "Updates the maas private gateway's specified IP Pool data", "tags": [ - "v1" + "overlords" ] } }, @@ -66701,7 +66954,7 @@ ], "summary": "migrate all the clusters from source overlord to target overlord", "tags": [ - "v1" + "overlords" ] } }, @@ -66744,7 +66997,7 @@ ], "summary": "Returns the pairing code for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -66777,7 +67030,7 @@ ], "summary": "Returns the manifests required for the private gateway installation", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -66818,7 +67071,7 @@ ], "summary": "Returns overlord's ova information", "tags": [ - "v1" + "overlords" ] } }, @@ -66865,8 +67118,7 @@ ], "summary": "Creates the system private gateway for the specified tenant", "tags": [ - "v1", - "system" + "overlords" ] } }, @@ -66920,7 +67172,7 @@ ], "summary": "create the vSphere cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] }, "put": { @@ -66955,7 +67207,7 @@ ], "summary": "update the vSphere cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -67010,7 +67262,7 @@ ], "summary": "validate the vSphere cloudaccount for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -67064,7 +67316,7 @@ ], "summary": "create the vSphere cloud config for the private gateway", "tags": [ - "v1" + "overlords" ] }, "put": { @@ -67099,7 +67351,7 @@ ], "summary": "update the vSphere cloud config for the private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -67132,7 +67384,7 @@ ], "summary": "Returns the specified vsphere private gateway cluster profile", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -67173,7 +67425,7 @@ ], "summary": "Retrieves a list of IP Pools for the specified private gateway", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -67225,7 +67477,7 @@ ], "summary": "Creates an IP pool defintion for the sepcified private gateway", "tags": [ - "v1" + "overlords" ] } }, @@ -67255,7 +67507,7 @@ ], "summary": "Deletes the private gateways's specified IP Pool data", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -67304,7 +67556,7 @@ ], "summary": "Updates the private gateways's specified IP Pool data", "tags": [ - "v1" + "overlords" ] } }, @@ -67337,7 +67589,7 @@ ], "summary": "Retrieves the vSphere computecluster resources for the specified private gateway's account", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -67390,7 +67642,7 @@ ], "summary": "Retrieves the vSphere datacenters & datacluster for the specified private gateway's account", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -67431,7 +67683,7 @@ ], "summary": "delete the private gateway", "tags": [ - "v1" + "overlords" ] }, "get": { @@ -67462,7 +67714,7 @@ ], "summary": "Returns the specified private gateway's for the given uid", "tags": [ - "v1" + "overlords" ] }, "parameters": [ @@ -67515,7 +67767,7 @@ ], "summary": "update the private gateway's metadata", "tags": [ - "v1" + "overlords" ] } }, @@ -67556,7 +67808,7 @@ ], "summary": "reset the private gateway by disaaociating the private gateway's resources", "tags": [ - "v1" + "overlords" ] } }, @@ -67628,7 +67880,7 @@ ], "summary": "Retrieves a list of packs", "tags": [ - "v1" + "packs" ] } }, @@ -67689,7 +67941,7 @@ ], "summary": "Retrieves a list of packs based on filter", "tags": [ - "v1" + "packs" ] } }, @@ -67722,7 +67974,7 @@ ], "summary": "Retrieves a list of packs", "tags": [ - "v1" + "packs" ] }, "parameters": [ @@ -67805,7 +68057,7 @@ ], "summary": "Returns the logo for a specified pack", "tags": [ - "v1" + "packs" ] }, "parameters": [ @@ -67847,7 +68099,7 @@ ], "summary": "Returns the specified pack", "tags": [ - "v1" + "packs" ] }, "parameters": [ @@ -67889,7 +68141,7 @@ ], "summary": "Returns the readme of a specified pack", "tags": [ - "v1" + "packs" ] }, "parameters": [ @@ -67938,7 +68190,7 @@ ], "summary": "Returns the private gateway manifest link", "tags": [ - "v1" + "pcg" ] } }, @@ -67987,7 +68239,7 @@ ], "summary": "Registers the pcg", "tags": [ - "v1" + "pcg" ] } }, @@ -68029,7 +68281,7 @@ ], "summary": "Returns the pcg ally manifest", "tags": [ - "v1" + "pcg" ] }, "parameters": [ @@ -68079,7 +68331,7 @@ ], "summary": "Returns the pcg jet manifest", "tags": [ - "v1" + "pcg" ] }, "parameters": [ @@ -68131,7 +68383,7 @@ ], "summary": "Retrieves a list of permissions", "tags": [ - "v1" + "permissions" ] } }, @@ -68203,8 +68455,7 @@ ], "summary": "Retrieves a list of plans", "tags": [ - "v1", - "system" + "plans" ] }, "post": { @@ -68248,8 +68499,7 @@ ], "summary": "Creates a user plan", "tags": [ - "v1", - "system" + "plans" ] } }, @@ -68274,8 +68524,7 @@ ], "summary": "Returns the specified plan", "tags": [ - "v1", - "system" + "plans" ] }, "parameters": [ @@ -68305,8 +68554,7 @@ ], "summary": "Deletes the specified Plan's credit data", "tags": [ - "v1", - "system" + "plans" ] }, "parameters": [ @@ -68349,8 +68597,7 @@ ], "summary": "Updates the specified Plan's credit data", "tags": [ - "v1", - "system" + "plans" ] } }, @@ -68389,8 +68636,7 @@ ], "summary": "Updates the specified plan's expiry", "tags": [ - "v1", - "system" + "plans" ] } }, @@ -68438,8 +68684,7 @@ ], "summary": "Adds free credit to the specified plan", "tags": [ - "v1", - "system" + "plans" ] } }, @@ -68478,8 +68723,7 @@ ], "summary": "Updates the specified plan's limit", "tags": [ - "v1", - "system" + "plans" ] } }, @@ -68518,8 +68762,7 @@ ], "summary": "Changes the plan type for the specified plan", "tags": [ - "v1", - "system" + "plans" ] } }, @@ -68558,8 +68801,7 @@ ], "summary": "Adds renewal data to the existing plan", "tags": [ - "v1", - "system" + "plans" ] } }, @@ -68607,8 +68849,7 @@ ], "summary": "Adds sla breach credit to the specified plan", "tags": [ - "v1", - "system" + "plans" ] } }, @@ -68681,7 +68922,7 @@ ], "summary": "Retrieves a list of projects", "tags": [ - "v1" + "projects" ] }, "post": { @@ -68725,7 +68966,7 @@ ], "summary": "Creates a project", "tags": [ - "v1" + "projects" ] } }, @@ -68750,7 +68991,7 @@ ], "summary": "Retrieves a list of supported alerts for a project", "tags": [ - "v1" + "projects" ] } }, @@ -68786,7 +69027,7 @@ ], "summary": "Deletes the specified project", "tags": [ - "v1" + "projects" ] }, "get": { @@ -68809,7 +69050,7 @@ ], "summary": "Returns the specified project", "tags": [ - "v1" + "projects" ] }, "parameters": [ @@ -68846,7 +69087,7 @@ ], "summary": "Updates the specified project", "tags": [ - "v1" + "projects" ] } }, @@ -68868,7 +69109,7 @@ ], "summary": "Deletes the specified alert to the specified project", "tags": [ - "v1" + "projects" ] }, "parameters": [ @@ -68920,7 +69161,7 @@ ], "summary": "Create the specified alert to the specified project", "tags": [ - "v1" + "projects" ] }, "put": { @@ -68949,7 +69190,7 @@ ], "summary": "Upsert the specified alert to the specified project", "tags": [ - "v1" + "projects" ] } }, @@ -68971,7 +69212,7 @@ ], "summary": "Deletes the specified alert of the specified project", "tags": [ - "v1" + "projects" ] }, "get": { @@ -68994,7 +69235,7 @@ ], "summary": "Get the specified alert of the specified project", "tags": [ - "v1" + "projects" ] }, "parameters": [ @@ -69043,7 +69284,7 @@ ], "summary": "Update the specified alert of the specified project", "tags": [ - "v1" + "projects" ] } }, @@ -69074,7 +69315,7 @@ ], "summary": "Delete the macros for the specified project by macro name", "tags": [ - "v1" + "projects" ] }, "get": { @@ -69097,7 +69338,7 @@ ], "summary": "List the macros of the specified project", "tags": [ - "v1" + "projects" ] }, "parameters": [ @@ -69134,7 +69375,7 @@ ], "summary": "Update the macros for the specified project by macro name", "tags": [ - "v1" + "projects" ] }, "post": { @@ -69163,7 +69404,7 @@ ], "summary": "Create or add new macros for the specified project", "tags": [ - "v1" + "projects" ] }, "put": { @@ -69192,7 +69433,7 @@ ], "summary": "Update the macros of the specified project", "tags": [ - "v1" + "projects" ] } }, @@ -69231,7 +69472,7 @@ ], "summary": "Update the metadata of the specified project", "tags": [ - "v1" + "projects" ] } }, @@ -69256,7 +69497,7 @@ ], "summary": "Get project cluster settings", "tags": [ - "v1" + "projects" ] }, "parameters": [ @@ -69309,7 +69550,7 @@ ], "summary": "Update project clusters nodes auto remediation setting", "tags": [ - "v1" + "projects" ] } }, @@ -69348,7 +69589,7 @@ ], "summary": "Update the teams association to the specified project", "tags": [ - "v1" + "projects" ] } }, @@ -69387,7 +69628,7 @@ ], "summary": "Update the users association to the specified project", "tags": [ - "v1" + "projects" ] } }, @@ -69412,7 +69653,7 @@ ], "summary": "Validate and returns active resource of project before delete", "tags": [ - "v1" + "projects" ] }, "parameters": [ @@ -69492,7 +69733,7 @@ ], "summary": "Retrieves a list of Helm registries", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -69549,7 +69790,7 @@ ], "summary": "Creates a helm registry", "tags": [ - "v1" + "registries" ] } }, @@ -69621,7 +69862,7 @@ ], "summary": "Retrieves a list of helm registries as summary", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -69679,7 +69920,7 @@ ], "summary": "Check if helm registry is valid", "tags": [ - "v1" + "registries" ] } }, @@ -69709,7 +69950,7 @@ ], "summary": "Deletes the specified helm registry", "tags": [ - "v1" + "registries" ] }, "get": { @@ -69740,7 +69981,7 @@ ], "summary": "Returns the specified Helm registry", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -69783,7 +70024,7 @@ ], "summary": "Updates the specified helm registry", "tags": [ - "v1" + "registries" ] } }, @@ -69834,7 +70075,7 @@ ], "summary": "Sync Helm registry", "tags": [ - "v1" + "registries" ] } }, @@ -69868,7 +70109,7 @@ ], "summary": "Get helm registry sync status", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -69909,7 +70150,7 @@ ], "summary": "Retrieves a list of registries metadata", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -69974,7 +70215,7 @@ ], "summary": "Creates a basic oci registry", "tags": [ - "v1" + "registries" ] } }, @@ -70019,7 +70260,7 @@ ], "summary": "Check if oci registry is valid", "tags": [ - "v1" + "registries" ] } }, @@ -70071,7 +70312,7 @@ ], "summary": "Creates a ecr registry", "tags": [ - "v1" + "registries" ] } }, @@ -70116,7 +70357,7 @@ ], "summary": "Check if ecr registry is valid", "tags": [ - "v1" + "registries" ] } }, @@ -70149,7 +70390,7 @@ ], "summary": "Creates a image registry", "tags": [ - "v1" + "registries" ] } }, @@ -70182,7 +70423,7 @@ ], "summary": "Retrieves a oci registries summary", "tags": [ - "v1" + "registries" ] } }, @@ -70215,7 +70456,7 @@ ], "summary": "Returns the information of specified oci registry", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -70258,7 +70499,7 @@ ], "summary": "Deletes the specified basic oci registry", "tags": [ - "v1" + "registries" ] }, "get": { @@ -70289,7 +70530,7 @@ ], "summary": "Returns the basic oci registry", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -70332,7 +70573,7 @@ ], "summary": "Updates the specified basic oci registry", "tags": [ - "v1" + "registries" ] } }, @@ -70383,7 +70624,7 @@ ], "summary": "Sync oci registry", "tags": [ - "v1" + "registries" ] } }, @@ -70417,7 +70658,7 @@ ], "summary": "Get oci registry sync status", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -70455,7 +70696,7 @@ ], "summary": "Deletes the specified ecr registry", "tags": [ - "v1" + "registries" ] }, "get": { @@ -70486,7 +70727,7 @@ ], "summary": "Returns the specified ecr registry", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -70529,7 +70770,7 @@ ], "summary": "Updates the specified ecr registry", "tags": [ - "v1" + "registries" ] } }, @@ -70580,7 +70821,7 @@ ], "summary": "Sync ecr registry", "tags": [ - "v1" + "registries" ] } }, @@ -70614,7 +70855,7 @@ ], "summary": "Get ecr registry sync status", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -70694,7 +70935,7 @@ ], "summary": "Retrieves a list of Pack registries", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -70757,7 +70998,7 @@ ], "summary": "Creates a pack registry", "tags": [ - "v1" + "registries" ] } }, @@ -70829,7 +71070,7 @@ ], "summary": "Retrieves a list of pack registries as summary", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -70887,7 +71128,7 @@ ], "summary": "Check if pack registry is valid", "tags": [ - "v1" + "registries" ] } }, @@ -70917,7 +71158,7 @@ ], "summary": "Deletes the specified pack registry", "tags": [ - "v1" + "registries" ] }, "get": { @@ -70948,7 +71189,7 @@ ], "summary": "Returns the specified Pack registry", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -70991,7 +71232,7 @@ ], "summary": "Updates the specified pack registry", "tags": [ - "v1" + "registries" ] } }, @@ -71042,7 +71283,7 @@ ], "summary": "Sync Pack registry", "tags": [ - "v1" + "registries" ] } }, @@ -71076,7 +71317,7 @@ ], "summary": "Get pack registry sync status", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -71117,7 +71358,7 @@ ], "summary": "Returns the specified system scope registry configuration", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -71155,7 +71396,7 @@ ], "summary": "Deletes the specified registry", "tags": [ - "v1" + "registries" ] }, "parameters": [ @@ -71235,7 +71476,7 @@ ], "summary": "Retrieves a list of roles", "tags": [ - "v1" + "roles" ] }, "post": { @@ -71279,7 +71520,7 @@ ], "summary": "Creates a role with specified permissions", "tags": [ - "v1" + "roles" ] } }, @@ -71301,7 +71542,7 @@ ], "summary": "Deletes the specified role", "tags": [ - "v1" + "roles" ] }, "get": { @@ -71324,7 +71565,7 @@ ], "summary": "Returns the specified role", "tags": [ - "v1" + "roles" ] }, "parameters": [ @@ -71361,7 +71602,7 @@ ], "summary": "Updates the specified role", "tags": [ - "v1" + "roles" ] } }, @@ -71409,7 +71650,7 @@ ], "summary": "Clone the role", "tags": [ - "v1" + "roles" ] } }, @@ -71482,7 +71723,7 @@ ], "summary": "Returns a latest version for a given service name", "tags": [ - "v1" + "services" ] } }, @@ -71580,7 +71821,7 @@ ], "summary": "Returns a service manifest for a given service name and version", "tags": [ - "v1" + "services" ] } }, @@ -71626,7 +71867,7 @@ ], "summary": "Create a new maintenance policy", "tags": [ - "v1" + "spcPolicies" ] } }, @@ -71659,7 +71900,7 @@ ], "summary": "Returns the specified maintenance policy", "tags": [ - "v1" + "spcPolicies" ] }, "parameters": [ @@ -71703,7 +71944,7 @@ ], "summary": "Updates the specified maintenance policy", "tags": [ - "v1" + "spcPolicies" ] } }, @@ -71736,7 +71977,7 @@ ], "summary": "Retrieves a list of spc policy tags", "tags": [ - "v1" + "spcPolicies" ] } }, @@ -71778,7 +72019,7 @@ ], "summary": "Validates the spc policy name", "tags": [ - "v1" + "spcPolicies" ] }, "parameters": [ @@ -71817,7 +72058,7 @@ ], "summary": "Delete a policy by uid", "tags": [ - "v1" + "spcPolicies" ] }, "parameters": [ @@ -71871,7 +72112,7 @@ ], "summary": "Creates an AKS cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -71922,7 +72163,7 @@ ], "summary": "Get AKS cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -71962,7 +72203,7 @@ ], "summary": "Validates AKS cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72008,7 +72249,7 @@ ], "summary": "Creates a CloudStack cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72054,7 +72295,7 @@ ], "summary": "Imports a CloudStack cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72105,7 +72346,7 @@ ], "summary": "Get CloudStack cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72145,7 +72386,7 @@ ], "summary": "Validates CloudStack cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72191,7 +72432,7 @@ ], "summary": "Creates an AWS cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72237,7 +72478,7 @@ ], "summary": "Imports an AWS cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72288,7 +72529,7 @@ ], "summary": "Get AWS cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72328,7 +72569,7 @@ ], "summary": "Validates AWS cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72374,7 +72615,7 @@ ], "summary": "Creates an Azure cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72420,7 +72661,7 @@ ], "summary": "Imports an Azure cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72471,7 +72712,7 @@ ], "summary": "Get Azure cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72511,7 +72752,7 @@ ], "summary": "Validates Azure cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72566,7 +72807,7 @@ ], "summary": "Creates a Custom cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72615,7 +72856,50 @@ ], "summary": "Validates Custom cluster create operation", "tags": [ - "v1" + "spectroclusters" + ] + } + }, + "/v1/spectroclusters/cluster/upgrade/settings": { + "get": { + "operationId": "v1SpectroClustersClusterUpgradeSettingsGet", + "parameters": [ + { + "in": "query", + "name": "hostClusterUid", + "type": "string" + }, + { + "in": "query", + "name": "overlordUid", + "type": "string" + }, + { + "description": "A project UID is required for project-scoped resources and should be omitted when targeting tenant-scoped resources", + "in": "header", + "name": "ProjectUid", + "type": "string" + } + ], + "responses": { + "200": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/v1ClusterUpgradeSettingsSpec" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Get cluster upgrade settings by hostClusterUid or overlordUid", + "tags": [ + "spectroclusters" ] } }, @@ -72661,7 +72945,7 @@ ], "summary": "Upgrades clusters launched from the specified cluster template", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72700,7 +72984,7 @@ ], "summary": "Returns the associated profiles for all the cluster of launched from the specified cluster template", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -72758,7 +73042,7 @@ ], "summary": "Validates if cluster template profile update triggers repave", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72791,7 +73075,7 @@ ], "summary": "Cluster configuration for the edge installer", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72837,7 +73121,7 @@ ], "summary": "Creates an EdgeNative cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72883,7 +73167,7 @@ ], "summary": "Imports an EdgeNative cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72934,7 +73218,7 @@ ], "summary": "Get edge-native cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -72974,7 +73258,7 @@ ], "summary": "Validates edge-native cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73020,7 +73304,7 @@ ], "summary": "Creates an EKS cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73071,7 +73355,7 @@ ], "summary": "Get EKS cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73111,7 +73395,7 @@ ], "summary": "Validates EKS cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73144,7 +73428,7 @@ ], "summary": "Returns the cluster object references based on locationUid", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -73187,7 +73471,7 @@ ], "summary": "Change cluster backup location", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73236,7 +73520,7 @@ ], "summary": "Download log fetcher logs for cluster by log fetcher uid", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -73305,7 +73589,7 @@ ], "summary": "Update log fetcher logs by log fetcher uid", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73351,7 +73635,7 @@ ], "summary": "Creates a GCP cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73397,7 +73681,7 @@ ], "summary": "Imports a GCP cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73448,7 +73732,7 @@ ], "summary": "Get GCP cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73488,7 +73772,7 @@ ], "summary": "Validates GCP cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73535,7 +73819,7 @@ ], "summary": "Imports a cluster of any cloud type in generic way", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73586,7 +73870,7 @@ ], "summary": "Get generic cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73632,7 +73916,7 @@ ], "summary": "Creates an GKE cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73683,7 +73967,7 @@ ], "summary": "Get GKE cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73723,7 +74007,7 @@ ], "summary": "Validates GKE cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73769,7 +74053,7 @@ ], "summary": "Creates a MAAS cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73815,7 +74099,7 @@ ], "summary": "Imports a Maas cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73866,7 +74150,7 @@ ], "summary": "Get maas cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73906,7 +74190,7 @@ ], "summary": "Validates MAAS cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -73955,7 +74239,58 @@ ], "summary": "Downloads the cluster definition archive file", "tags": [ - "v1" + "spectroclusters" + ] + } + }, + "/v1/spectroclusters/system/imagePullSecret": { + "get": { + "operationId": "v1SpectroClustersSystemImagePullSecretGet", + "parameters": [ + { + "description": "Spectro cluster uid", + "in": "query", + "name": "clusterUid", + "type": "string" + }, + { + "description": "Overlord (private cloud gateway) uid", + "in": "query", + "name": "overlordUid", + "type": "string" + }, + { + "description": "Edge host uid", + "in": "query", + "name": "edgeHostUid", + "type": "string" + }, + { + "description": "A project UID is required for project-scoped resources and should be omitted when targeting tenant-scoped resources", + "in": "header", + "name": "ProjectUid", + "type": "string" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/v1SpectroClusterSystemImagePullSecret" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Returns the cluster image pull secret for the given scope", + "tags": [ + "spectroclusters" ] } }, @@ -73988,7 +74323,7 @@ ], "summary": "Retrieves a list of spectrocluster tags", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74021,7 +74356,7 @@ ], "summary": "Get cluster settings by context", "tags": [ - "v1" + "spectroclusters" ] }, "post": { @@ -74062,7 +74397,7 @@ ], "summary": "Update all clusters upgrade settings", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74104,7 +74439,7 @@ ], "summary": "Validates the cluster name", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74144,7 +74479,7 @@ ], "summary": "Validates spectro cluster packs", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74190,7 +74525,7 @@ ], "summary": "Creates a virtual cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74235,7 +74570,7 @@ ], "summary": "Get the cluster pack values yaml", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74275,7 +74610,7 @@ ], "summary": "Validates virtual cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74321,7 +74656,7 @@ ], "summary": "Creates a vSphere cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74367,7 +74702,7 @@ ], "summary": "Imports a vSphere cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74418,7 +74753,7 @@ ], "summary": "Get vSphere cluster estimated rate information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74458,7 +74793,7 @@ ], "summary": "Validates vSphere cluster create operation", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74494,7 +74829,7 @@ ], "summary": "Deletes the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "get": { @@ -74557,7 +74892,7 @@ ], "summary": "Returns the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -74599,7 +74934,7 @@ ], "summary": "Get the cluster asset doc", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -74648,7 +74983,7 @@ ], "summary": "Associate the assets for the cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74690,7 +75025,7 @@ ], "summary": "Returns the specified cluster's kube config file", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -74729,7 +75064,7 @@ ], "summary": "Deletes the cluster's token kube config data", "tags": [ - "v1" + "spectroclusters" ] }, "get": { @@ -74769,7 +75104,7 @@ ], "summary": "Returns the specified cluster's token kube config file", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -74813,7 +75148,7 @@ ], "summary": "Updates the cluster's token kube config data", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74843,7 +75178,7 @@ ], "summary": "Deletes the cluster's frp kube config client data", "tags": [ - "v1" + "spectroclusters" ] }, "get": { @@ -74883,7 +75218,7 @@ ], "summary": "Returns the specified cluster's frp kube config file", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -74927,7 +75262,7 @@ ], "summary": "Updates the cluster's frp kube config data", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -74976,7 +75311,7 @@ ], "summary": "Returns the specified cluster's kube config file", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75020,7 +75355,7 @@ ], "summary": "Updates the cluster's manifest data", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75050,7 +75385,7 @@ ], "summary": "Deletes the cluster's kube config client data", "tags": [ - "v1" + "spectroclusters" ] }, "get": { @@ -75090,7 +75425,7 @@ ], "summary": "Returns the specified cluster's kube config client file", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75134,7 +75469,7 @@ ], "summary": "Updates the cluster's kube config client data", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75167,7 +75502,7 @@ ], "summary": "Returns the specified cluster's manifest data", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75211,7 +75546,7 @@ ], "summary": "Updates the specified cluster's manifest data", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75257,7 +75592,7 @@ ], "summary": "Updates the specified cluster meta attribute", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75303,7 +75638,7 @@ ], "summary": "Updates the specified cluster controlPlane health check timeout", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75349,7 +75684,7 @@ ], "summary": "Updates the specified cluster host config", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75395,7 +75730,7 @@ ], "summary": "Updates the specified cluster Life cycle configuration", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75441,7 +75776,7 @@ ], "summary": "Updates the specified cluster OS patch configuration", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75487,7 +75822,7 @@ ], "summary": "Updates the specified cluster's timezone configuration", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75520,7 +75855,7 @@ ], "summary": "Retrieves namespaces for the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75564,7 +75899,7 @@ ], "summary": "Updates namespaces for the specified cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75597,7 +75932,7 @@ ], "summary": "Retrieves the specified namespace of the cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75648,7 +75983,7 @@ ], "summary": "Updates the specified namespace of the cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75681,7 +76016,7 @@ ], "summary": "Retrieves RBAC information for the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75725,7 +76060,7 @@ ], "summary": "Updates RBAC information for the specified cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75758,7 +76093,7 @@ ], "summary": "Retrieves the specified RBAC of the cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75809,7 +76144,7 @@ ], "summary": "Updates the specified RBAC of the cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75851,7 +76186,7 @@ ], "summary": "Download the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75893,7 +76228,7 @@ ], "summary": "Retrieves a list of edge host of edge-native cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -75947,7 +76282,7 @@ ], "summary": "reset the edge clusters by deleting machine pools and conditions", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -75977,7 +76312,7 @@ ], "summary": "Reset cluster backup schedule settings", "tags": [ - "v1" + "spectroclusters" ] }, "get": { @@ -76013,7 +76348,7 @@ ], "summary": "Returns the cluster backup result", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76065,7 +76400,7 @@ ], "summary": "Create cluster backup settings", "tags": [ - "v1" + "spectroclusters" ] }, "put": { @@ -76100,7 +76435,7 @@ ], "summary": "Update cluster backup settings", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -76154,7 +76489,7 @@ ], "summary": "Create on demand cluster backup", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -76184,7 +76519,7 @@ ], "summary": "Delete cluster backup", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76237,7 +76572,7 @@ ], "summary": "Returns the compliance scan of cluster, if driverType is provided then specific status of driverType will be returned", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76289,7 +76624,7 @@ ], "summary": "Create cluster compliance scan", "tags": [ - "v1" + "spectroclusters" ] }, "put": { @@ -76324,7 +76659,7 @@ ], "summary": "Update cluster compliance scan settings", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -76357,7 +76692,7 @@ ], "summary": "Returns the compliance scan log by cluster uid and driver type", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76410,7 +76745,7 @@ ], "summary": "Update the KubeBench compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -76455,7 +76790,7 @@ ], "summary": "Update the KubeHunter compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -76500,7 +76835,7 @@ ], "summary": "Update the Sonobuoy compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -76545,7 +76880,7 @@ ], "summary": "Update the Syft compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -76575,7 +76910,7 @@ ], "summary": "Delete the compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76622,7 +76957,7 @@ ], "summary": "Returns the KubeBench compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76674,7 +77009,7 @@ ], "summary": "Returns the KubeHunter compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76726,7 +77061,7 @@ ], "summary": "Returns the Sonobuoy compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76778,7 +77113,7 @@ ], "summary": "Returns the Syft compliance scan log by uid", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76834,7 +77169,7 @@ ], "summary": "Returns the image sbom of syft scan log of cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76898,7 +77233,7 @@ ], "summary": "Downloads the driver cluster logs", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -76984,7 +77319,7 @@ ], "summary": "Create on demand cluster compliance scan", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77017,7 +77352,7 @@ ], "summary": "Get the installed helm charts of a specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77063,7 +77398,7 @@ ], "summary": "Get the log fetcher for cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77116,7 +77451,7 @@ ], "summary": "Create the log fetcher for cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77149,7 +77484,7 @@ ], "summary": "Get the installed manifests of a specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77195,7 +77530,7 @@ ], "summary": "Returns the cluster restore of cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77257,7 +77592,7 @@ ], "summary": "Create on demand cluster restore", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77303,7 +77638,7 @@ ], "summary": "Update specific cluster heartbeat", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77336,7 +77671,7 @@ ], "summary": "Returns the metadata of all hybrid pools associated with the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77397,7 +77732,7 @@ ], "summary": "Update specific cluster hybrid settings", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77439,7 +77774,7 @@ ], "summary": "Returns the specified cluster's import manifest file", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77486,7 +77821,7 @@ ], "summary": "Upgrade the specified imported read only cluster with full permissions", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77519,7 +77854,7 @@ ], "summary": "Get K8Certificate for spectro cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77563,7 +77898,7 @@ ], "summary": "Update K8Certificate for spectro cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77602,7 +77937,7 @@ ], "summary": "Sets the cluster control plane nodes Kubernetes certificates for renewal", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77635,7 +77970,7 @@ ], "summary": "Returns the specified cluster's kube config file", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77696,7 +78031,7 @@ ], "summary": "Associate the assets for the cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77737,7 +78072,7 @@ ], "summary": "Returns all manifests attached to the cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77792,7 +78127,7 @@ ], "summary": "Update the specified spectro cluster metadata", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77825,7 +78160,7 @@ ], "summary": "Returns available namespaces for the cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -77879,7 +78214,7 @@ ], "summary": "Returns k8s spectrocluster oidc", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77919,7 +78254,7 @@ ], "summary": "Returns k8s dashboard url", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -77973,7 +78308,7 @@ ], "summary": "Returns the specified cluster's manifest", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78040,7 +78375,7 @@ ], "summary": "Get specified cluster pack properties", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78090,7 +78425,7 @@ ], "summary": "Updates the cluster's pack references", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78123,7 +78458,7 @@ ], "summary": "Returns the specified cluster's packs resolved values", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -78185,7 +78520,7 @@ ], "summary": "Patch update specified cluster's packs status", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78218,7 +78553,7 @@ ], "summary": "Returns the profile updates of a specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -78264,7 +78599,7 @@ ], "summary": "Remove cluster profiles from the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "get": { @@ -78301,7 +78636,7 @@ ], "summary": "Returns the associated profiles of a specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -78352,7 +78687,7 @@ ], "summary": "Patch cluster profiles to the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "put": { @@ -78394,7 +78729,7 @@ ], "summary": "Associate cluster profiles to the specified cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78440,7 +78775,7 @@ ], "summary": "Returns the associated profile's pack manifests of a specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -78503,7 +78838,7 @@ ], "summary": "Returns the specified cluster's profile pack configuration", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78536,7 +78871,7 @@ ], "summary": "Returns the associated profiles pack manifests of the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -78594,7 +78929,7 @@ ], "summary": "Updates cluster profiles pack manifests to the specified cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78627,7 +78962,7 @@ ], "summary": "Returns the estimated rate of the specified cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -78685,7 +79020,7 @@ ], "summary": "Returns the spectrocluster repave approve update", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78725,7 +79060,7 @@ ], "summary": "Returns the spectrocluster repave", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78770,7 +79105,7 @@ ], "summary": "reset the cluster s by deleting machine pools and condtions", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78803,7 +79138,7 @@ ], "summary": "Get the cluster's status", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -78857,7 +79192,7 @@ ], "summary": "Updates the specified cluster status condition", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78905,7 +79240,7 @@ ], "summary": "Updates the specified cluster status conditions", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78953,7 +79288,7 @@ ], "summary": "Updates the specified cluster's service endpoints information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -78991,7 +79326,7 @@ ], "summary": "Updates the specified cluster status as imported", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79039,7 +79374,7 @@ ], "summary": "Updates the specified cluster's services information", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79072,7 +79407,7 @@ ], "summary": "Returns the SPC apply information for the agent", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -79114,7 +79449,7 @@ ], "summary": "Set the CanBeApplied to true on the spcApply status. CanBeApplied indicates the agent to orchestrate the spc changes", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79159,7 +79494,7 @@ ], "summary": "Updates the agent patch time for the SPC changes", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79204,7 +79539,7 @@ ], "summary": "Updates the cluster's upgrade status", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79256,7 +79591,7 @@ ], "summary": "Update specific cluster upgrade settings", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79303,7 +79638,7 @@ ], "summary": "Validates cluster packs", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79350,7 +79685,7 @@ ], "summary": "Validates if cluster gets repaved for the specified packs", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79386,7 +79721,7 @@ ], "summary": "Retrieve a list of variables associated with the cluster", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -79433,7 +79768,7 @@ ], "summary": "Update cluster variable values for specified cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79490,7 +79825,7 @@ ], "summary": "Returns the list of virtual machines", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -79544,7 +79879,7 @@ ], "summary": "Create virtual machine", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79611,7 +79946,7 @@ ], "summary": "Returns the list of snapshots of given namespaces", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -79650,7 +79985,7 @@ ], "summary": "Deletes the virtual machine", "tags": [ - "v1" + "spectroclusters" ] }, "get": { @@ -79681,7 +80016,7 @@ ], "summary": "Get virtual machine", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -79742,7 +80077,7 @@ ], "summary": "Updates the specified virtual machine of the cluster", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79808,7 +80143,7 @@ ], "summary": "Add volume to the virtual machine instance", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79871,7 +80206,7 @@ ], "summary": "Clone virtual machine", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79930,7 +80265,7 @@ ], "summary": "Migrate the virtual machine", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -79989,7 +80324,7 @@ ], "summary": "Pause the virtual machine instance", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80055,7 +80390,7 @@ ], "summary": "Remove volume from the virtual machine instance", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80114,7 +80449,7 @@ ], "summary": "Restart the virtual machine", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80173,7 +80508,7 @@ ], "summary": "Resume the virtual machine instance", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80236,7 +80571,7 @@ ], "summary": "Create snapshot of virtual machine", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80266,7 +80601,7 @@ ], "summary": "Delete the snapshot of virtual machine", "tags": [ - "v1" + "spectroclusters" ] }, "get": { @@ -80297,7 +80632,7 @@ ], "summary": "Get virtual machine snapshot", "tags": [ - "v1" + "spectroclusters" ] }, "parameters": [ @@ -80365,7 +80700,7 @@ ], "summary": "Updates the specified snapshot of a virtual machine", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80424,7 +80759,7 @@ ], "summary": "Start the virtual machine", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80483,7 +80818,7 @@ ], "summary": "Stop the virtual machine", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80528,7 +80863,7 @@ ], "summary": "Sync specified cluster workload", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80591,7 +80926,7 @@ ], "summary": "Sync specified cluster workload", "tags": [ - "v1" + "spectroclusters" ] } }, @@ -80641,7 +80976,6 @@ ], "summary": "Validates activation key, updates plan, logs activation, updates cache", "tags": [ - "v1", "system" ] } @@ -80673,7 +81007,6 @@ ], "summary": "Returns system activations doc, to be used in sysadmin console", "tags": [ - "v1", "system" ] } @@ -80709,7 +81042,6 @@ ], "summary": "email reset for system admin", "tags": [ - "v1", "system" ] } @@ -80745,7 +81077,6 @@ ], "summary": "password reset for system admin", "tags": [ - "v1", "system" ] } @@ -80772,7 +81103,6 @@ ], "summary": "Lists users", "tags": [ - "v1", "system" ] }, @@ -80811,7 +81141,6 @@ ], "summary": "Create a System Administrator", "tags": [ - "v1", "system" ] } @@ -80864,7 +81193,6 @@ ], "summary": "Updates and Activates the specified System Administrator password using the password token", "tags": [ - "v1", "system" ] } @@ -80887,7 +81215,6 @@ ], "summary": "Deletes the specified System Administrator", "tags": [ - "v1", "system" ] }, @@ -80911,7 +81238,6 @@ ], "summary": "Returns the specified System Administrator information", "tags": [ - "v1", "system" ] }, @@ -80978,7 +81304,6 @@ ], "summary": "System Administrator password change request through the verification of the current password", "tags": [ - "v1", "system" ] } @@ -81009,7 +81334,6 @@ ], "summary": "Reset password link for a specified System Administrator", "tags": [ - "v1", "system" ] } @@ -81050,7 +81374,6 @@ ], "summary": "Update User", "tags": [ - "v1", "system" ] } @@ -81076,7 +81399,6 @@ ], "summary": "get the alerts specified for the system", "tags": [ - "v1", "system" ] } @@ -81099,7 +81421,6 @@ ], "summary": "Deletes the specified alert to the specified system", "tags": [ - "v1", "system" ] }, @@ -81137,7 +81458,6 @@ ], "summary": "Upsert the specified alert to the specified system", "tags": [ - "v1", "system" ] } @@ -81163,7 +81483,6 @@ ], "summary": "Get system app features", "tags": [ - "v1", "system" ] }, @@ -81193,7 +81512,6 @@ ], "summary": "Update system app features", "tags": [ - "v1", "system" ] } @@ -81219,7 +81537,6 @@ ], "summary": "Get system auth token settings", "tags": [ - "v1", "system" ] }, @@ -81255,7 +81572,6 @@ ], "summary": "Update system auth token settings", "tags": [ - "v1", "system" ] } @@ -81281,7 +81597,6 @@ ], "summary": "Get system classification banner", "tags": [ - "v1", "system" ] }, @@ -81317,7 +81632,6 @@ ], "summary": "Update system classification banner", "tags": [ - "v1", "system" ] } @@ -81343,7 +81657,6 @@ ], "summary": "get the system cloudstack image", "tags": [ - "v1", "system" ] }, @@ -81377,7 +81690,6 @@ ], "summary": "updates the system default cloudstack devops image", "tags": [ - "v1", "system" ] } @@ -81403,7 +81715,6 @@ ], "summary": "get the system config auth", "tags": [ - "v1", "system" ] }, @@ -81437,7 +81748,6 @@ ], "summary": "Updates the system config auth", "tags": [ - "v1", "system" ] } @@ -81463,7 +81773,6 @@ ], "summary": "get the system config aws devops account", "tags": [ - "v1", "system" ] }, @@ -81497,7 +81806,6 @@ ], "summary": "updates the system config aws devops account", "tags": [ - "v1", "system" ] } @@ -81524,7 +81832,6 @@ ], "summary": "Get AWS API endpoints configuration", "tags": [ - "v1", "system" ] }, @@ -81556,7 +81863,6 @@ ], "summary": "Update AWS API endpoints configuration", "tags": [ - "v1", "system" ] } @@ -81582,7 +81888,6 @@ ], "summary": "get the system aws image", "tags": [ - "v1", "system" ] }, @@ -81616,7 +81921,6 @@ ], "summary": "updates the system default aws devops image", "tags": [ - "v1", "system" ] } @@ -81642,7 +81946,6 @@ ], "summary": "get the system config aws marketplace account", "tags": [ - "v1", "system" ] }, @@ -81676,7 +81979,6 @@ ], "summary": "updates the system config aws marketplace account", "tags": [ - "v1", "system" ] } @@ -81702,7 +82004,6 @@ ], "summary": "get the system config aws sts devops account", "tags": [ - "v1", "system" ] }, @@ -81736,7 +82037,6 @@ ], "summary": "updates the system config AWS sts devops account", "tags": [ - "v1", "system" ] } @@ -81762,7 +82062,6 @@ ], "summary": "get the system config AWS gov sts devops account", "tags": [ - "v1", "system" ] }, @@ -81799,7 +82098,6 @@ ], "summary": "Create the system config AWS gov sts devops account", "tags": [ - "v1", "system" ] }, @@ -81833,7 +82131,6 @@ ], "summary": "Updates the system config AWS gov sts devops account", "tags": [ - "v1", "system" ] } @@ -81859,7 +82156,6 @@ ], "summary": "get the system azure account", "tags": [ - "v1", "system" ] }, @@ -81893,7 +82189,6 @@ ], "summary": "updates the system default azure devops account", "tags": [ - "v1", "system" ] } @@ -81919,7 +82214,6 @@ ], "summary": "get the system azure storage", "tags": [ - "v1", "system" ] }, @@ -81953,7 +82247,6 @@ ], "summary": "updates the system default azure devops storage", "tags": [ - "v1", "system" ] } @@ -81980,7 +82273,6 @@ ], "summary": "get the system certificates", "tags": [ - "v1", "system" ] }, @@ -82014,7 +82306,6 @@ ], "summary": "updates the system certificate", "tags": [ - "v1", "system" ] } @@ -82040,7 +82331,6 @@ ], "summary": "get the system config cluster", "tags": [ - "v1", "system" ] }, @@ -82074,7 +82364,6 @@ ], "summary": "Updates the system config cluster", "tags": [ - "v1", "system" ] } @@ -82100,7 +82389,6 @@ } ], "tags": [ - "v1", "system" ] }, @@ -82135,7 +82423,6 @@ ], "summary": "updates the system backup config", "tags": [ - "v1", "system" ] } @@ -82161,7 +82448,6 @@ ], "summary": "get the system backup interval config", "tags": [ - "v1", "system" ] }, @@ -82195,7 +82481,6 @@ ], "summary": "updates the system backup interval config", "tags": [ - "v1", "system" ] } @@ -82221,7 +82506,6 @@ ], "summary": "get the system backup s3 config", "tags": [ - "v1", "system" ] }, @@ -82255,7 +82539,6 @@ ], "summary": "updates the system backup ftp storage config", "tags": [ - "v1", "system" ] } @@ -82282,7 +82565,6 @@ ], "summary": "get the system domain config", "tags": [ - "v1", "system" ] }, @@ -82317,7 +82599,6 @@ ], "summary": "update domain host url", "tags": [ - "v1", "system" ] } @@ -82343,7 +82624,6 @@ ], "summary": "get the system domain config", "tags": [ - "v1", "system" ] }, @@ -82377,7 +82657,6 @@ ], "summary": "update domain host url and its certificates", "tags": [ - "v1", "system" ] } @@ -82403,7 +82682,6 @@ ], "summary": "get the system edge image", "tags": [ - "v1", "system" ] }, @@ -82437,7 +82715,6 @@ ], "summary": "updates the system default edge devops image", "tags": [ - "v1", "system" ] } @@ -82463,7 +82740,6 @@ ], "summary": "get the system edge-native image", "tags": [ - "v1", "system" ] }, @@ -82497,7 +82773,6 @@ ], "summary": "updates the system default edge-native devops image", "tags": [ - "v1", "system" ] } @@ -82546,7 +82821,6 @@ ], "summary": "validates the ftp config", "tags": [ - "v1", "system" ] } @@ -82572,7 +82846,6 @@ ], "summary": "get the system gcp account", "tags": [ - "v1", "system" ] }, @@ -82605,7 +82878,6 @@ ], "summary": "updates the system default gcp devops account", "tags": [ - "v1", "system" ] } @@ -82631,7 +82903,6 @@ ], "summary": "get the system gcp image", "tags": [ - "v1", "system" ] }, @@ -82665,7 +82936,64 @@ ], "summary": "updates the system default gcp devops image", "tags": [ - "v1", + "system" + ] + } + }, + "/v1/system/config/imagePullSecret": { + "get": { + "operationId": "V1SystemConfigImagePullSecretGet", + "responses": { + "200": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/v1SystemConfigImagePullSecretSpec" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "get the system DHI image pull secret config", + "tags": [ + "system" + ] + }, + "put": { + "operationId": "V1SystemConfigImagePullSecretUpdate", + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1SystemConfigImagePullSecretSpec" + } + } + ], + "responses": { + "204": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/v1Updated" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "create or update the system DHI image pull secret config", + "tags": [ "system" ] } @@ -82697,7 +83025,6 @@ ], "summary": "Updates the specified property for the key", "tags": [ - "v1", "system" ] } @@ -82720,7 +83047,6 @@ ], "summary": "Deletes the specified property for the key", "tags": [ - "v1", "system" ] }, @@ -82744,7 +83070,6 @@ ], "summary": "Gets the specified property for the key", "tags": [ - "v1", "system" ] }, @@ -82778,7 +83103,6 @@ ], "summary": "get the system web kubectl config", "tags": [ - "v1", "system" ] }, @@ -82812,7 +83136,6 @@ ], "summary": "updates the system web kubectl config", "tags": [ - "v1", "system" ] } @@ -82838,7 +83161,6 @@ ], "summary": "get the system logger", "tags": [ - "v1", "system" ] }, @@ -82872,7 +83194,6 @@ ], "summary": "updates the system logger", "tags": [ - "v1", "system" ] } @@ -82898,7 +83219,6 @@ ], "summary": "get the system maas image", "tags": [ - "v1", "system" ] }, @@ -82932,7 +83252,6 @@ ], "summary": "updates the system default maas devops image", "tags": [ - "v1", "system" ] } @@ -82968,7 +83287,6 @@ ], "summary": "updates the payment secrets", "tags": [ - "v1", "system" ] } @@ -82994,7 +83312,6 @@ ], "summary": "get the billing preference", "tags": [ - "v1", "system" ] }, @@ -83028,7 +83345,6 @@ ], "summary": "updates the billing preference", "tags": [ - "v1", "system" ] } @@ -83054,7 +83370,6 @@ ], "summary": "get the cluster preference", "tags": [ - "v1", "system" ] }, @@ -83088,7 +83403,6 @@ ], "summary": "updates the cluster preference", "tags": [ - "v1", "system" ] } @@ -83114,7 +83428,6 @@ ], "summary": "get the system proxy", "tags": [ - "v1", "system" ] }, @@ -83148,7 +83461,6 @@ ], "summary": "updates the system proxy", "tags": [ - "v1", "system" ] } @@ -83174,7 +83486,6 @@ ], "summary": "get the system config oci image registry", "tags": [ - "v1", "system" ] }, @@ -83208,7 +83519,6 @@ ], "summary": "updates the system config oci image registry", "tags": [ - "v1", "system" ] } @@ -83231,7 +83541,6 @@ ], "summary": "Deletes the specified Registry", "tags": [ - "v1", "system" ] }, @@ -83255,7 +83564,6 @@ ], "summary": "Gets the specified Registry", "tags": [ - "v1", "system" ] }, @@ -83293,7 +83601,6 @@ ], "summary": "Updates the specified Registry", "tags": [ - "v1", "system" ] } @@ -83319,7 +83626,6 @@ ], "summary": "get the system config reverse proxy", "tags": [ - "v1", "system" ] }, @@ -83353,7 +83659,6 @@ ], "summary": "updates the system config reverse proxy", "tags": [ - "v1", "system" ] } @@ -83402,7 +83707,6 @@ ], "summary": "validates the s3 config", "tags": [ - "v1", "system" ] } @@ -83428,7 +83732,6 @@ ], "summary": "get the system Spectro repository", "tags": [ - "v1", "system" ] }, @@ -83462,7 +83765,6 @@ ], "summary": "updates the system Spectro repository", "tags": [ - "v1", "system" ] } @@ -83488,7 +83790,6 @@ ], "summary": "validate existing scar config", "tags": [ - "v1", "system" ] } @@ -83514,7 +83815,6 @@ ], "summary": "get the system smtp", "tags": [ - "v1", "system" ] }, @@ -83548,7 +83848,6 @@ ], "summary": "updates the system smtp", "tags": [ - "v1", "system" ] } @@ -83587,7 +83886,6 @@ ], "summary": "validates the system smtp", "tags": [ - "v1", "system" ] } @@ -83613,7 +83911,6 @@ ], "summary": "get the system sso", "tags": [ - "v1", "system" ] }, @@ -83647,7 +83944,6 @@ ], "summary": "updates the system sso", "tags": [ - "v1", "system" ] } @@ -83686,7 +83982,6 @@ ], "summary": "validates the system sso for github", "tags": [ - "v1", "system" ] } @@ -83725,7 +84020,6 @@ ], "summary": "validates the system sso for oidc based logins", "tags": [ - "v1", "system" ] } @@ -83751,7 +84045,6 @@ ], "summary": "get the system storage s3 config", "tags": [ - "v1", "system" ] }, @@ -83785,7 +84078,6 @@ ], "summary": "updates the system storage config", "tags": [ - "v1", "system" ] } @@ -83811,7 +84103,6 @@ ], "summary": "get the system timeseries", "tags": [ - "v1", "system" ] }, @@ -83845,7 +84136,6 @@ ], "summary": "updates the system timeseries", "tags": [ - "v1", "system" ] } @@ -83871,7 +84161,6 @@ ], "summary": "get the system vsphere image", "tags": [ - "v1", "system" ] }, @@ -83905,7 +84194,6 @@ ], "summary": "updates the system default vsphere devops image", "tags": [ - "v1", "system" ] } @@ -83942,7 +84230,6 @@ ], "summary": "backup the database", "tags": [ - "v1", "system" ] } @@ -83979,7 +84266,6 @@ ], "summary": "get the database status", "tags": [ - "v1", "system" ] } @@ -84019,7 +84305,6 @@ ], "summary": "delete the database backup", "tags": [ - "v1", "system" ] } @@ -84063,7 +84348,6 @@ ], "summary": "recover the database", "tags": [ - "v1", "system" ] } @@ -84106,7 +84390,6 @@ ], "summary": "restore the database", "tags": [ - "v1", "system" ] } @@ -84142,7 +84425,6 @@ ], "summary": "encrypt the system data", "tags": [ - "v1", "system" ] } @@ -84168,7 +84450,6 @@ ], "summary": "Lists all feature flags", "tags": [ - "v1", "system" ] } @@ -84208,7 +84489,6 @@ ], "summary": "Updates the feature permission", "tags": [ - "v1", "system" ] } @@ -84234,7 +84514,6 @@ ], "summary": "Get system login banner settings", "tags": [ - "v1", "system" ] }, @@ -84270,7 +84549,6 @@ ], "summary": "Update system login banner settings", "tags": [ - "v1", "system" ] } @@ -84296,7 +84574,6 @@ ], "summary": "get the system password policy", "tags": [ - "v1", "system" ] }, @@ -84330,7 +84607,6 @@ ], "summary": "updates the system admin", "tags": [ - "v1", "system" ] } @@ -84363,7 +84639,6 @@ ], "summary": "Delete a list of block listed passwords", "tags": [ - "v1", "system" ] }, @@ -84397,7 +84672,6 @@ ], "summary": "List of block listed passwords", "tags": [ - "v1", "system" ] } @@ -84423,7 +84697,6 @@ ], "summary": "get the system plan", "tags": [ - "v1", "system" ] } @@ -84446,7 +84719,6 @@ ], "summary": "Deletes the specified Plan's credit data", "tags": [ - "v1", "system" ] }, @@ -84484,7 +84756,6 @@ ], "summary": "Updates the specified Plan's credit data", "tags": [ - "v1", "system" ] } @@ -84525,7 +84796,6 @@ ], "summary": "Add system free credit", "tags": [ - "v1", "system" ] } @@ -84557,7 +84827,6 @@ ], "summary": "Updates the specified system plan's limit", "tags": [ - "v1", "system" ] } @@ -84598,7 +84867,6 @@ ], "summary": "Adds system sla breach credit", "tags": [ - "v1", "system" ] } @@ -84634,7 +84902,6 @@ ], "summary": "updates the system start date", "tags": [ - "v1", "system" ] } @@ -84660,7 +84927,6 @@ ], "summary": "get the system plan", "tags": [ - "v1", "system" ] }, @@ -84684,7 +84950,6 @@ ], "summary": "toggles the rate limit", "tags": [ - "v1", "system" ] } @@ -84710,7 +84975,6 @@ ], "summary": "Get system resource limits", "tags": [ - "v1", "system" ] }, @@ -84740,7 +85004,6 @@ ], "summary": "Update system resource limits", "tags": [ - "v1", "system" ] } @@ -84766,7 +85029,6 @@ ], "summary": "Get the system security mode", "tags": [ - "v1", "system" ] }, @@ -84800,7 +85062,6 @@ ], "summary": "Updates the system security mode", "tags": [ - "v1", "system" ] } @@ -84832,7 +85093,6 @@ ], "summary": "Returns system plan document", "tags": [ - "v1", "system" ] } @@ -84873,7 +85133,6 @@ ], "summary": "Stores the theme json fields like logo, name at system level.", "tags": [ - "v1", "system" ] } @@ -84899,7 +85158,6 @@ ], "summary": "Returns the active theme", "tags": [ - "v1", "system" ] } @@ -84925,7 +85183,6 @@ ], "summary": "Returns the metadata of all the themes", "tags": [ - "v1", "system" ] } @@ -84948,7 +85205,6 @@ ], "summary": "Deletes the theme json fields like logo, name at system level.", "tags": [ - "v1", "system" ] }, @@ -84972,7 +85228,6 @@ ], "summary": "Get the theme json fields like logo, name at system level.", "tags": [ - "v1", "system" ] }, @@ -85016,7 +85271,6 @@ ], "summary": "Updates the theme json fields like logo, name at system level.", "tags": [ - "v1", "system" ] } @@ -85053,7 +85307,6 @@ ], "summary": "Activates a theme", "tags": [ - "v1", "system" ] } @@ -85090,7 +85343,6 @@ ], "summary": "Deactivates a theme", "tags": [ - "v1", "system" ] } @@ -85114,7 +85366,6 @@ ], "summary": "Re-send the email to the user to be able to verify the email", "tags": [ - "v1", "system" ] } @@ -85138,7 +85389,6 @@ ], "summary": "Verifies the system user email using the email token", "tags": [ - "v1", "system" ] }, @@ -85174,7 +85424,6 @@ ], "summary": "Verifies the system user email using the email token", "tags": [ - "v1", "system" ] } @@ -85223,7 +85472,6 @@ ], "summary": "Creates request to reset system password via email", "tags": [ - "v1", "system" ] } @@ -85276,7 +85524,6 @@ ], "summary": "Resets the system user password using the password token", "tags": [ - "v1", "system" ] } @@ -85302,7 +85549,6 @@ ], "summary": "get the system installed version", "tags": [ - "v1", "system" ] } @@ -85328,7 +85574,6 @@ ], "summary": "get the system latest available version", "tags": [ - "v1", "system" ] } @@ -85401,7 +85646,7 @@ ], "summary": "Retrieves a list of teams", "tags": [ - "v1" + "teams" ] }, "post": { @@ -85445,7 +85690,7 @@ ], "summary": "Creates a team with the specified users and roles", "tags": [ - "v1" + "teams" ] } }, @@ -85512,7 +85757,7 @@ ], "summary": "Retrieves a list of team summary", "tags": [ - "v1" + "teams" ] }, "post": { @@ -85544,7 +85789,7 @@ ], "summary": "Retrieves a list of teams summary with provided filter spec", "tags": [ - "v1" + "teams" ] } }, @@ -85566,7 +85811,7 @@ ], "summary": "Deletes the specified team", "tags": [ - "v1" + "teams" ] }, "get": { @@ -85589,7 +85834,7 @@ ], "summary": "Returns the sepcified team", "tags": [ - "v1" + "teams" ] }, "parameters": [ @@ -85627,7 +85872,7 @@ ], "summary": "Patches the specified team", "tags": [ - "v1" + "teams" ] }, "put": { @@ -85656,7 +85901,7 @@ ], "summary": "Updates the sepcified team", "tags": [ - "v1" + "teams" ] } }, @@ -85681,7 +85926,7 @@ ], "summary": "Returns the specified team's project and roles data", "tags": [ - "v1" + "teams" ] }, "parameters": [ @@ -85719,7 +85964,7 @@ ], "summary": "Updates the projects and roles for the specified team", "tags": [ - "v1" + "teams" ] } }, @@ -85745,7 +85990,7 @@ ], "summary": "Returns the specified individual and resource roles for a team", "tags": [ - "v1" + "teams" ] }, "parameters": [ @@ -85784,7 +86029,7 @@ ], "summary": "Add resource roles for team", "tags": [ - "v1" + "teams" ] } }, @@ -85806,7 +86051,7 @@ ], "summary": "Deleted the resource roles from team", "tags": [ - "v1" + "teams" ] }, "parameters": [ @@ -85851,7 +86096,7 @@ ], "summary": "Updates the resource roles for team", "tags": [ - "v1" + "teams" ] } }, @@ -85876,7 +86121,7 @@ ], "summary": "Returns the specified team's tenant roles", "tags": [ - "v1" + "teams" ] }, "parameters": [ @@ -85914,7 +86159,7 @@ ], "summary": "Updates the tenant roles of the specified team", "tags": [ - "v1" + "teams" ] } }, @@ -85986,8 +86231,7 @@ ], "summary": "Retrieves a list of tenants", "tags": [ - "v1", - "system" + "tenants" ] }, "post": { @@ -86031,8 +86275,7 @@ ], "summary": "Creates a tenant", "tags": [ - "v1", - "system" + "tenants" ] } }, @@ -86066,7 +86309,7 @@ ], "summary": "Validates the AWS Marketplace token and redirects the browser to the UI setup page", "tags": [ - "v1" + "tenants" ] } }, @@ -86107,7 +86350,7 @@ ], "summary": "Registers a marketplace user by resolving the registration token, verifying entitlements, and provisioning a tenant", "tags": [ - "v1" + "tenants" ] } }, @@ -86144,8 +86387,7 @@ ], "summary": "Self signing up", "tags": [ - "v1", - "system" + "tenants" ] } }, @@ -86175,8 +86417,7 @@ ], "summary": "Activates the self signed tenant using the password token", "tags": [ - "v1", - "system" + "tenants" ] } }, @@ -86213,8 +86454,7 @@ ], "summary": "Validate tenant", "tags": [ - "v1", - "system" + "tenants" ] } }, @@ -86236,8 +86476,7 @@ ], "summary": "Deletes the specified tenant", "tags": [ - "v1", - "system" + "tenants" ] }, "get": { @@ -86260,8 +86499,7 @@ ], "summary": "Returns the specified tenant", "tags": [ - "v1", - "system" + "tenants" ] }, "parameters": [ @@ -86308,8 +86546,7 @@ ], "summary": "activates the specified tenant", "tags": [ - "v1", - "system" + "tenants" ] } }, @@ -86348,7 +86585,7 @@ ], "summary": "Update tenant address", "tags": [ - "v1" + "tenants" ] } }, @@ -86373,7 +86610,7 @@ ], "summary": "lists the certificates for the tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -86419,7 +86656,7 @@ ], "summary": "create the tenant certificate", "tags": [ - "v1" + "tenants" ] } }, @@ -86441,7 +86678,7 @@ ], "summary": "deletes the tenant certificate", "tags": [ - "v1" + "tenants" ] }, "get": { @@ -86464,7 +86701,7 @@ ], "summary": "Returns the ca certificate for the tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -86507,7 +86744,7 @@ ], "summary": "updates the tenant certificate", "tags": [ - "v1" + "tenants" ] } }, @@ -86529,7 +86766,7 @@ ], "summary": "deletes the tenant data sink config", "tags": [ - "v1" + "tenants" ] }, "get": { @@ -86552,7 +86789,7 @@ ], "summary": "Returns data sink config of tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -86598,7 +86835,7 @@ ], "summary": "create data sink config", "tags": [ - "v1" + "tenants" ] }, "put": { @@ -86627,7 +86864,7 @@ ], "summary": "updates the tenant data sink config", "tags": [ - "v1" + "tenants" ] } }, @@ -86652,7 +86889,7 @@ ], "summary": "Get tenant auth token settings", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -86695,7 +86932,7 @@ ], "summary": "Update tenant auth token settings", "tags": [ - "v1" + "tenants" ] } }, @@ -86717,8 +86954,7 @@ ], "summary": "Clean up tenant resources", "tags": [ - "v1", - "system" + "tenants" ] }, "parameters": [ @@ -86775,8 +87011,7 @@ ], "summary": "Updates the tenant contract settings", "tags": [ - "v1", - "system" + "tenants" ] } }, @@ -86812,7 +87047,7 @@ ], "summary": "Tenant to accept the contract agreement", "tags": [ - "v1" + "tenants" ] } }, @@ -86842,7 +87077,7 @@ ], "summary": "Deletes the aws credit account for tenants", "tags": [ - "v1" + "tenants" ] }, "get": { @@ -86865,7 +87100,7 @@ ], "summary": "Get the credit accounts for the tenants with free tier access", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -86877,6 +87112,371 @@ } ] }, + "/v1/tenants/{tenantUid}/datasinks/splunk": { + "post": { + "operationId": "V1TenantUidDatasinksSplunkCreate", + "parameters": [ + { + "in": "path", + "name": "tenantUid", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1SplunkSinkEntity" + } + } + ], + "responses": { + "201": { + "description": "Created successfully", + "headers": { + "AuditUid": { + "description": "Audit uid for the request", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/v1Uid" + } + }, + "400": { + "description": "Invalid request data", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "403": { + "description": "Forbidden", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "409": { + "description": "Sink already exists for tenant + kind (runtime code=SinkAlreadyExists)", + "schema": { + "$ref": "#/definitions/v1Error" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Creates the Splunk HEC data sink for the specified tenant", + "tags": [ + "tenants" + ] + } + }, + "/v1/tenants/{tenantUid}/datasinks/splunk/validate": { + "post": { + "operationId": "V1TenantUidDatasinksSplunkValidate", + "parameters": [ + { + "in": "path", + "name": "tenantUid", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1SplunkSinkSpec" + } + } + ], + "responses": { + "204": { + "description": "Ok response without content", + "headers": { + "AuditUid": { + "description": "Audit uid for the request", + "type": "string" + } + } + }, + "400": { + "description": "Invalid request data", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "403": { + "description": "Forbidden", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "504": { + "description": "Network/TLS/timeout error", + "schema": { + "$ref": "#/definitions/v1Error" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Validates the Splunk HEC data sink connection for the specified tenant", + "tags": [ + "tenants" + ] + } + }, + "/v1/tenants/{tenantUid}/datasinks/splunk/{uid}": { + "delete": { + "operationId": "V1TenantUidDatasinksSplunkDelete", + "parameters": [ + { + "in": "path", + "name": "tenantUid", + "required": true, + "type": "string" + }, + { + "in": "path", + "name": "uid", + "required": true, + "type": "string" + } + ], + "responses": { + "204": { + "description": "The resource was deleted successfully" + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "403": { + "description": "Forbidden", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "404": { + "description": "The specified resource was not found", + "schema": { + "$ref": "#/definitions/v1Error" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Deletes the Splunk HEC data sink for the specified tenant", + "tags": [ + "tenants" + ] + }, + "get": { + "operationId": "V1TenantUidDatasinksSplunkGet", + "parameters": [ + { + "in": "path", + "name": "tenantUid", + "required": true, + "type": "string" + }, + { + "in": "path", + "name": "uid", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/v1SplunkSink" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "403": { + "description": "Forbidden", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "404": { + "description": "The specified resource was not found", + "schema": { + "$ref": "#/definitions/v1Error" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Returns the Splunk HEC data sink for the specified tenant", + "tags": [ + "tenants" + ] + }, + "put": { + "operationId": "V1TenantUidDatasinksSplunkUpdate", + "parameters": [ + { + "in": "path", + "name": "tenantUid", + "required": true, + "type": "string" + }, + { + "in": "path", + "name": "uid", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1SplunkSinkEntity" + } + } + ], + "responses": { + "204": { + "description": "Ok response without content", + "headers": { + "AuditUid": { + "description": "Audit uid for the request", + "type": "string" + } + } + }, + "400": { + "description": "Invalid request data", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "403": { + "description": "Forbidden", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "404": { + "description": "The specified resource was not found", + "schema": { + "$ref": "#/definitions/v1Error" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Updates the Splunk HEC data sink for the specified tenant", + "tags": [ + "tenants" + ] + } + }, + "/v1/tenants/{tenantUid}/datasinks/summary": { + "get": { + "operationId": "V1TenantUidDatasinksSummaryGet", + "parameters": [ + { + "in": "path", + "name": "tenantUid", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/v1DataSinksSummary" + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "$ref": "#/definitions/v1Error" + } + }, + "403": { + "description": "Forbidden", + "schema": { + "$ref": "#/definitions/v1Error" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Returns a summary of all data sinks configured for the specified tenant", + "tags": [ + "tenants" + ] + } + }, "/v1/tenants/{tenantUid}/domains": { "get": { "operationId": "V1TenantUidDomainsGet", @@ -86898,7 +87498,7 @@ ], "summary": "retrieves the domains for tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -86935,7 +87535,7 @@ ], "summary": "creates or updates domains for tenant", "tags": [ - "v1" + "tenants" ] } }, @@ -86974,7 +87574,7 @@ ], "summary": "Update tenant emailId", "tags": [ - "v1" + "tenants" ] } }, @@ -86999,7 +87599,7 @@ ], "summary": "Get tenant level freemium configuration", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87036,7 +87636,7 @@ ], "summary": "Update tenant freemium configuration", "tags": [ - "v1" + "tenants" ] } }, @@ -87061,7 +87661,40 @@ ], "summary": "Get tenant freemium usage", "tags": [ - "v1" + "tenants" + ] + }, + "parameters": [ + { + "in": "path", + "name": "tenantUid", + "required": true, + "type": "string" + } + ] + }, + "/v1/tenants/{tenantUid}/idp/palette/config": { + "get": { + "operationId": "V1TenantUidIdpPaletteConfigGet", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/v1TenantPaletteIdpConfigSpec" + } + } + }, + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "summary": "Returns the Palette IDP config for the tenant", + "tags": [ + "tenants" ] }, "parameters": [ @@ -87094,7 +87727,7 @@ ], "summary": "Returns a specified invoice", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87146,7 +87779,7 @@ ], "summary": "Downloads the specified invoice report", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87198,7 +87831,7 @@ ], "summary": "Downloads the specified monthly invoice report", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87250,7 +87883,7 @@ ], "summary": "Downloads the specified tenant usage", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87291,8 +87924,7 @@ ], "summary": "Get cleaned up tenant resources", "tags": [ - "v1", - "system" + "tenants" ] }, "parameters": [ @@ -87325,7 +87957,7 @@ ], "summary": "Get tenant login banner settings", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87368,7 +88000,7 @@ ], "summary": "Update tenant login banner settings", "tags": [ - "v1" + "tenants" ] } }, @@ -87399,7 +88031,7 @@ ], "summary": "Delete the macros for the specified tenant by given macro name", "tags": [ - "v1" + "tenants" ] }, "get": { @@ -87422,7 +88054,7 @@ ], "summary": "List the macros of the specified tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87459,7 +88091,7 @@ ], "summary": "Update the macros for the specified tenant by given macro name", "tags": [ - "v1" + "tenants" ] }, "post": { @@ -87488,7 +88120,7 @@ ], "summary": "Create or add new macros for the specified tenant", "tags": [ - "v1" + "tenants" ] }, "put": { @@ -87517,7 +88149,7 @@ ], "summary": "Update the macros of the specified tenant", "tags": [ - "v1" + "tenants" ] } }, @@ -87542,7 +88174,7 @@ ], "summary": "Returns the oidc Spec for tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87579,7 +88211,7 @@ ], "summary": "Associates the oidc Spec for the tenant", "tags": [ - "v1" + "tenants" ] } }, @@ -87604,7 +88236,7 @@ ], "summary": "retrieves the password policy for tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87641,7 +88273,7 @@ ], "summary": "creates or updates a password policy for tenant", "tags": [ - "v1" + "tenants" ] } }, @@ -87666,8 +88298,7 @@ ], "summary": "Returns the current tenant's plan", "tags": [ - "v1", - "system" + "tenants" ] }, "parameters": [ @@ -87700,8 +88331,7 @@ ], "summary": "Returns the tenant's monthly planUsage grouped by projects", "tags": [ - "v1", - "system" + "tenants" ] }, "parameters": [ @@ -87747,7 +88377,7 @@ ], "summary": "Get is cluster group enabled for a specific tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87784,7 +88414,7 @@ ], "summary": "Enable or Disable cluster group for a specific tenant", "tags": [ - "v1" + "tenants" ] } }, @@ -87809,7 +88439,7 @@ ], "summary": "Get tenant cluster RBAC settings", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87852,7 +88482,7 @@ ], "summary": "Update tenant cluster RBAC settings", "tags": [ - "v1" + "tenants" ] } }, @@ -87877,7 +88507,7 @@ ], "summary": "Get tenant cluster settings", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87930,7 +88560,7 @@ ], "summary": "Update tenant clusters nodes auto remediation setting", "tags": [ - "v1" + "tenants" ] } }, @@ -87955,7 +88585,7 @@ ], "summary": "Get developer credit enabled for a specific tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -87992,7 +88622,7 @@ ], "summary": "update developer credit for a specific tenant", "tags": [ - "v1" + "tenants" ] } }, @@ -88017,7 +88647,7 @@ ], "summary": "Get tenant fips settings", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -88060,7 +88690,7 @@ ], "summary": "Update tenant fips setting", "tags": [ - "v1" + "tenants" ] } }, @@ -88085,7 +88715,7 @@ ], "summary": "Get all rate config for public and private cloud", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -88122,7 +88752,7 @@ ], "summary": "updates the rate config for public and private cloud", "tags": [ - "v1" + "tenants" ] } }, @@ -88147,7 +88777,7 @@ ], "summary": "Get tenant level resource limits configuration", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -88184,7 +88814,7 @@ ], "summary": "Update tenant resource limits configuration", "tags": [ - "v1" + "tenants" ] } }, @@ -88209,7 +88839,7 @@ ], "summary": "Returns the specified service provider metadata and Saml Spec for tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -88246,7 +88876,7 @@ ], "summary": "Associates the specified federation metadata for the tenant", "tags": [ - "v1" + "tenants" ] } }, @@ -88271,7 +88901,7 @@ ], "summary": "get sso logins for the tenants", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -88308,7 +88938,7 @@ ], "summary": "enable sso logins for the tenants", "tags": [ - "v1" + "tenants" ] } }, @@ -88334,7 +88964,7 @@ ], "summary": "Returns the details of a specific AWS marketplace subscription", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -88374,7 +89004,7 @@ ], "summary": "Returns the metadata of marketplace subscriptions for the tenant", "tags": [ - "v1" + "tenants" ] }, "parameters": [ @@ -88407,8 +89037,7 @@ ], "summary": "Returns the tenant's cpu corehours usages grouped by projects", "tags": [ - "v1", - "system" + "tenants" ] }, "parameters": [ @@ -88455,8 +89084,7 @@ ], "summary": "Returns the user object of the specified tenant", "tags": [ - "v1", - "system" + "tenants" ] }, "parameters": [ @@ -88498,8 +89126,7 @@ ], "summary": "Get Tunnel Configuration", "tags": [ - "v1", - "system" + "tunnel" ] } }, @@ -88572,7 +89199,7 @@ ], "summary": "Lists users", "tags": [ - "v1" + "users" ] }, "post": { @@ -88617,7 +89244,7 @@ ], "summary": "Create User", "tags": [ - "v1" + "users" ] } }, @@ -88656,7 +89283,7 @@ ], "summary": "Returns the specified users location", "tags": [ - "v1" + "users" ] } }, @@ -88696,7 +89323,7 @@ ], "summary": "Create a Azure location", "tags": [ - "v1" + "users" ] } }, @@ -88721,7 +89348,7 @@ ], "summary": "Returns the specified Azure location", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -88759,7 +89386,7 @@ ], "summary": "Updates the specified Azure location", "tags": [ - "v1" + "users" ] } }, @@ -88799,7 +89426,7 @@ ], "summary": "Create a GCP location", "tags": [ - "v1" + "users" ] } }, @@ -88824,7 +89451,7 @@ ], "summary": "Returns the specified GCP location", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -88862,7 +89489,7 @@ ], "summary": "Updates the specified GCP location", "tags": [ - "v1" + "users" ] } }, @@ -88902,7 +89529,7 @@ ], "summary": "Create a MinIO location", "tags": [ - "v1" + "users" ] } }, @@ -88927,7 +89554,7 @@ ], "summary": "Returns the specified MinIO location", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -88965,7 +89592,7 @@ ], "summary": "Updates the specified MinIO location", "tags": [ - "v1" + "users" ] } }, @@ -89005,7 +89632,7 @@ ], "summary": "Create a S3 location", "tags": [ - "v1" + "users" ] } }, @@ -89027,7 +89654,7 @@ ], "summary": "Returns the specified S3 location", "tags": [ - "v1" + "users" ] }, "get": { @@ -89050,7 +89677,7 @@ ], "summary": "Returns the specified S3 location", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -89088,7 +89715,7 @@ ], "summary": "Updates the specified S3 location", "tags": [ - "v1" + "users" ] } }, @@ -89126,7 +89753,7 @@ ], "summary": "Update the default backup location", "tags": [ - "v1" + "users" ] } }, @@ -89148,7 +89775,7 @@ ], "summary": "Deletes the specified location", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -89196,7 +89823,7 @@ ], "summary": "Returns the SSH keys", "tags": [ - "v1" + "users" ] }, "post": { @@ -89234,7 +89861,7 @@ ], "summary": "Creates a SSH key", "tags": [ - "v1" + "users" ] } }, @@ -89256,7 +89883,7 @@ ], "summary": "Returns the specified user ssh key", "tags": [ - "v1" + "users" ] }, "get": { @@ -89279,7 +89906,7 @@ ], "summary": "Returns the specified user ssh key", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -89317,7 +89944,7 @@ ], "summary": "Updates the specified user ssh key", "tags": [ - "v1" + "users" ] } }, @@ -89365,7 +89992,7 @@ ], "summary": "Returns the specified vSphere DNS mapping", "tags": [ - "v1" + "users" ] } }, @@ -89404,7 +90031,7 @@ ], "summary": "Returns the specified vSphere DNS mappings", "tags": [ - "v1" + "users" ] }, "post": { @@ -89442,7 +90069,7 @@ ], "summary": "Create a vSphere DNS mapping", "tags": [ - "v1" + "users" ] } }, @@ -89464,7 +90091,7 @@ ], "summary": "Deletes the specified vSphere DNS mapping", "tags": [ - "v1" + "users" ] }, "get": { @@ -89487,7 +90114,7 @@ ], "summary": "Returns the specified vSphere DNS mapping", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -89525,7 +90152,7 @@ ], "summary": "Updates the specified vSphere DNS mapping", "tags": [ - "v1" + "users" ] } }, @@ -89556,7 +90183,7 @@ ], "summary": "Revoke access of specific token(s)", "tags": [ - "v1" + "users" ] } }, @@ -89581,7 +90208,7 @@ ], "summary": "Get the system Spectro repository. Restricted to edge services", "tags": [ - "v1" + "users" ] } }, @@ -89607,7 +90234,7 @@ ], "summary": "Returns the base information of specified User", "tags": [ - "v1" + "users" ] } }, @@ -89641,7 +90268,7 @@ ], "summary": "gets users kubectl session", "tags": [ - "v1" + "users" ] } }, @@ -89666,7 +90293,7 @@ ], "summary": "Retrieves a list of users metadata", "tags": [ - "v1" + "users" ] } }, @@ -89691,8 +90318,7 @@ ], "summary": "V1UsersMfaDevicesList", "tags": [ - "v1", - "system" + "users" ] } }, @@ -89728,8 +90354,7 @@ ], "summary": "V1UsersMfaDevicesNameDelete", "tags": [ - "v1", - "system" + "users" ] }, "get": { @@ -89760,8 +90385,7 @@ ], "summary": "V1UsersMfaDevicesNameGet", "tags": [ - "v1", - "system" + "users" ] } }, @@ -89798,8 +90422,7 @@ ], "summary": "V1UsersMfaRegisterDeviceFinish", "tags": [ - "v1", - "system" + "users" ] } }, @@ -89838,8 +90461,7 @@ ], "summary": "V1UsersMfaRegisterDeviceStart", "tags": [ - "v1", - "system" + "users" ] } }, @@ -89894,7 +90516,7 @@ ], "summary": "User password change request using the user emailId", "tags": [ - "v1" + "users" ] } }, @@ -89941,7 +90563,7 @@ ], "summary": "User password reset request using the email id", "tags": [ - "v1" + "users" ] } }, @@ -89990,7 +90612,7 @@ ], "summary": "Returns the specified user summary list", "tags": [ - "v1" + "users" ] }, "post": { @@ -90022,7 +90644,7 @@ ], "summary": "Retrieves a list of users summary with provided filter spec", "tags": [ - "v1" + "users" ] } }, @@ -90048,7 +90670,7 @@ ], "summary": "Returns the users system feature", "tags": [ - "v1" + "users" ] } }, @@ -90079,7 +90701,7 @@ ], "summary": "Delete the macros for the system user by macro name", "tags": [ - "v1" + "users" ] }, "get": { @@ -90102,7 +90724,7 @@ ], "summary": "List the macros of the system", "tags": [ - "v1" + "users" ] }, "patch": { @@ -90131,7 +90753,7 @@ ], "summary": "Update the macros for the system user by macro name", "tags": [ - "v1" + "users" ] }, "post": { @@ -90160,7 +90782,7 @@ ], "summary": "Create or add new macros for the system user", "tags": [ - "v1" + "users" ] }, "put": { @@ -90189,7 +90811,7 @@ ], "summary": "Update the macros of the system", "tags": [ - "v1" + "users" ] } }, @@ -90212,7 +90834,7 @@ ], "summary": "Deletes the specified User", "tags": [ - "v1" + "users" ] }, "get": { @@ -90236,7 +90858,7 @@ ], "summary": "Returns the specified User", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -90275,7 +90897,7 @@ ], "summary": "Patches the specified User", "tags": [ - "v1" + "users" ] }, "put": { @@ -90305,7 +90927,7 @@ ], "summary": "Update User", "tags": [ - "v1" + "users" ] } }, @@ -90363,7 +90985,7 @@ ], "summary": "User password change request using the user uid", "tags": [ - "v1" + "users" ] } }, @@ -90400,7 +91022,7 @@ ], "summary": "User password reset request using the user uid", "tags": [ - "v1" + "users" ] } }, @@ -90426,7 +91048,7 @@ ], "summary": "Returns the specified User Projects and Roles information", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -90465,7 +91087,7 @@ ], "summary": "Updates the projects and roles for user", "tags": [ - "v1" + "users" ] } }, @@ -90491,7 +91113,7 @@ ], "summary": "Returns the specified individual and resource roles for a user", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -90530,7 +91152,7 @@ ], "summary": "Add resource roles for user", "tags": [ - "v1" + "users" ] } }, @@ -90552,7 +91174,7 @@ ], "summary": "Deleted the resource roles from user", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -90597,7 +91219,7 @@ ], "summary": "Updates the resource roles for user", "tags": [ - "v1" + "users" ] } }, @@ -90623,7 +91245,7 @@ ], "summary": "Returns the specified individual and team roles for a user", "tags": [ - "v1" + "users" ] }, "parameters": [ @@ -90662,7 +91284,7 @@ ], "summary": "Updates the roles for user", "tags": [ - "v1" + "users" ] } }, @@ -90701,7 +91323,7 @@ ], "summary": "Users status login mode", "tags": [ - "v1" + "users" ] } }, @@ -90747,7 +91369,7 @@ ], "summary": "Create workspace", "tags": [ - "v1" + "workspaces" ] } }, @@ -90780,7 +91402,7 @@ ], "summary": "Returns the specified team's workspaces and roles data", "tags": [ - "v1" + "workspaces" ] }, "parameters": [ @@ -90824,7 +91446,7 @@ ], "summary": "Updates the workspace roles for the specified team", "tags": [ - "v1" + "workspaces" ] } }, @@ -90858,7 +91480,7 @@ ], "summary": "Returns the specified User workspaces and Roles information", "tags": [ - "v1" + "workspaces" ] }, "parameters": [ @@ -90903,7 +91525,7 @@ ], "summary": "Updates the workspace roles for user", "tags": [ - "v1" + "workspaces" ] } }, @@ -90945,7 +91567,7 @@ ], "summary": "Validates the workspace name", "tags": [ - "v1" + "workspaces" ] } }, @@ -90975,7 +91597,7 @@ ], "summary": "Deletes the specified workspace", "tags": [ - "v1" + "workspaces" ] }, "get": { @@ -91006,7 +91628,7 @@ ], "summary": "Returns the specified workspace", "tags": [ - "v1" + "workspaces" ] }, "parameters": [ @@ -91051,7 +91673,7 @@ ], "summary": "Delete workspace backup", "tags": [ - "v1" + "workspaces" ] }, "get": { @@ -91087,7 +91709,7 @@ ], "summary": "Returns the workspace backup result", "tags": [ - "v1" + "workspaces" ] }, "parameters": [ @@ -91139,7 +91761,7 @@ ], "summary": "Create workspace backup settings", "tags": [ - "v1" + "workspaces" ] }, "put": { @@ -91174,7 +91796,7 @@ ], "summary": "Update workspace backup settings", "tags": [ - "v1" + "workspaces" ] } }, @@ -91228,7 +91850,7 @@ ], "summary": "Create On demand Workspace Backup", "tags": [ - "v1" + "workspaces" ] } }, @@ -91273,7 +91895,7 @@ ], "summary": "Updates the specified workspace namespaces", "tags": [ - "v1" + "workspaces" ] } }, @@ -91327,7 +91949,7 @@ ], "summary": "Create cluster rbac in workspace", "tags": [ - "v1" + "workspaces" ] } }, @@ -91357,7 +91979,7 @@ ], "summary": "Deletes the specified workspace cluster rbac", "tags": [ - "v1" + "workspaces" ] }, "parameters": [ @@ -91406,7 +92028,7 @@ ], "summary": "Updates the specified workspace cluster rbac", "tags": [ - "v1" + "workspaces" ] } }, @@ -91451,7 +92073,7 @@ ], "summary": "Updates the specified workspace meta", "tags": [ - "v1" + "workspaces" ] } }, @@ -91497,7 +92119,7 @@ ], "summary": "Updates the specified workspace resource allocations", "tags": [ - "v1" + "workspaces" ] } }, @@ -91535,7 +92157,7 @@ ], "summary": "Returns the workspace restore result", "tags": [ - "v1" + "workspaces" ] }, "parameters": [ @@ -91597,7 +92219,7 @@ ], "summary": "Create On demand Workspace Restore", "tags": [ - "v1" + "workspaces" ] } } @@ -91623,5 +92245,172 @@ "type": "apiKey" } }, - "swagger": "2.0" -} + "swagger": "2.0", + "tags": [ + { + "name": "activations", + "x-displayName": "Activations" + }, + { + "name": "apiKeys", + "x-displayName": "Api Keys" + }, + { + "name": "appDeployments", + "x-displayName": "App Deployments" + }, + { + "name": "appProfiles", + "x-displayName": "App Profiles" + }, + { + "name": "audits", + "x-displayName": "Audits" + }, + { + "name": "auth", + "x-displayName": "Auth" + }, + { + "name": "cloudaccounts", + "x-displayName": "Cloudaccounts" + }, + { + "name": "cloudconfigs", + "x-displayName": "Cloudconfigs" + }, + { + "name": "clouds", + "x-displayName": "Clouds" + }, + { + "name": "clusterTemplates", + "x-displayName": "Cluster Templates" + }, + { + "name": "clustergroups", + "x-displayName": "Clustergroups" + }, + { + "name": "clusterprofiles", + "x-displayName": "Clusterprofiles" + }, + { + "name": "dashboard", + "x-displayName": "Dashboard" + }, + { + "name": "datasinks", + "x-displayName": "Datasinks" + }, + { + "name": "edgehosts", + "x-displayName": "Edgehosts" + }, + { + "name": "events", + "x-displayName": "Events" + }, + { + "name": "features", + "x-displayName": "Features" + }, + { + "name": "filters", + "x-displayName": "Filters" + }, + { + "name": "grpc", + "x-displayName": "Grpc" + }, + { + "name": "health", + "x-displayName": "Health" + }, + { + "name": "installers", + "x-displayName": "Installers" + }, + { + "name": "metrics", + "x-displayName": "Metrics" + }, + { + "name": "notifications", + "x-displayName": "Notifications" + }, + { + "name": "overlords", + "x-displayName": "Overlords" + }, + { + "name": "packs", + "x-displayName": "Packs" + }, + { + "name": "pcg", + "x-displayName": "Pcg" + }, + { + "name": "permissions", + "x-displayName": "Permissions" + }, + { + "name": "plans", + "x-displayName": "Plans" + }, + { + "name": "projects", + "x-displayName": "Projects" + }, + { + "name": "registries", + "x-displayName": "Registries" + }, + { + "name": "roles", + "x-displayName": "Roles" + }, + { + "name": "services", + "x-displayName": "Services" + }, + { + "name": "spcPolicies", + "x-displayName": "Spc Policies" + }, + { + "name": "spectroclusters", + "x-displayName": "Spectroclusters" + }, + { + "name": "system", + "x-displayName": "System" + }, + { + "name": "teams", + "x-displayName": "Teams" + }, + { + "name": "tenants", + "x-displayName": "Tenants" + }, + { + "name": "tunnel", + "x-displayName": "Tunnel" + }, + { + "name": "users", + "x-displayName": "Users" + }, + { + "name": "workspaces", + "x-displayName": "Workspaces" + } + ], + "servers": [ + { + "url": "https://api.spectrocloud.com" + } + ] +} \ No newline at end of file diff --git a/static/apis/v1/palette-apis.json b/static/apis/v1/palette-apis.json index 2e71a5b0a65..21dfef0673e 100644 --- a/static/apis/v1/palette-apis.json +++ b/static/apis/v1/palette-apis.json @@ -12953,6 +12953,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -13560,6 +13564,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -13858,6 +13866,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -15529,6 +15541,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -15705,6 +15721,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -15954,6 +15974,10 @@ "controlPlaneEndpoint": { "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" + }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" } } } @@ -16164,6 +16188,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -16469,6 +16497,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -18348,6 +18380,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -19136,6 +19172,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -19461,6 +19501,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -19767,6 +19811,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -20123,6 +20171,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -20461,6 +20513,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -22392,6 +22448,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -22999,6 +23059,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -23297,6 +23361,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -26957,6 +27025,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -26966,6 +27038,16 @@ "type": "integer", "format": "int32" }, + "skipK8sUpgrade": { + "description": "Skip Kubernetes version upgrade validation for worker pools with N-3 version skew.\n- enabled: Bypasses version skew validation, allows Control Plane upgrade even when this worker pool is >3 minor versions behind\n- disabled: Automatically upgrade worker pool to match Control Plane Kubernetes version (default)\n", + "type": "string", + "default": "disabled", + "enum": [ + "enabled", + "disabled" + ], + "x-omitempty": true + }, "taints": { "description": "control plane or worker taints", "type": "array", @@ -27378,6 +27460,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -27673,6 +27759,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -29117,6 +29207,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -29656,6 +29750,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -30070,6 +30168,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -30465,6 +30567,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -32210,6 +32316,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -32625,6 +32735,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -32891,6 +33005,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -34728,6 +34846,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -34988,6 +35110,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -36577,6 +36703,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -36992,6 +37122,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -37258,6 +37392,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -39021,6 +39159,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -39473,6 +39615,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -39772,6 +39918,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -43195,6 +43345,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -43892,6 +44046,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -44210,6 +44368,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -102549,6 +102711,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -103318,6 +103484,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -126172,6 +126342,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -126860,6 +127034,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -128126,6 +128304,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -128593,6 +128775,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -129301,6 +129487,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -129802,6 +129992,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -130062,6 +130256,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -130528,6 +130726,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -131236,6 +131438,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -132284,7 +132490,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -132484,6 +132691,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -133257,6 +133468,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -134292,7 +134507,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -134492,6 +134708,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -135759,6 +135979,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -136571,6 +136795,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -137837,6 +138065,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -138640,7 +138872,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -139264,7 +139497,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -139562,6 +139796,55 @@ } ] }, + "/v1/spectroclusters/cluster/upgrade/settings": { + "get": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Get cluster upgrade settings by hostClusterUid or overlordUid", + "operationId": "v1SpectroClustersClusterUpgradeSettingsGet", + "parameters": [ + { + "type": "string", + "name": "hostClusterUid", + "in": "query" + }, + { + "type": "string", + "name": "overlordUid", + "in": "query" + }, + { + "type": "string", + "description": "A project UID is required for project-scoped resources and should be omitted when targeting tenant-scoped resources", + "name": "ProjectUid", + "in": "header" + } + ], + "responses": { + "200": { + "description": "(empty)", + "schema": { + "type": "object", + "properties": { + "spectroComponentsUpgradeForbidden": { + "type": "boolean", + "x-omitempty": false + } + } + } + } + } + } + }, "/v1/spectroclusters/clusterTemplates/{uid}/clusters/upgrade": { "patch": { "security": [ @@ -141489,6 +141772,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -142189,6 +142476,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -143334,6 +143625,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -143905,6 +144200,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -144377,6 +144676,15 @@ } } }, + "clusterType": { + "type": "string", + "default": "PureManage", + "enum": [ + "PureManage", + "PureAttach", + "PureAdopt" + ] + }, "fargateProfiles": { "type": "array", "items": { @@ -144685,6 +144993,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -145136,6 +145448,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -145404,6 +145720,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -145974,6 +146294,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -146446,6 +146770,15 @@ } } }, + "clusterType": { + "type": "string", + "default": "PureManage", + "enum": [ + "PureManage", + "PureAttach", + "PureAdopt" + ] + }, "fargateProfiles": { "type": "array", "items": { @@ -146754,6 +147087,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -148076,6 +148413,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -148718,6 +149059,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -149814,6 +150159,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -150544,6 +150893,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -151640,6 +151993,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -152158,6 +152515,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -153254,6 +153615,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -154232,7 +154597,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -154393,6 +154759,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -155069,6 +155439,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -156046,7 +156420,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -156207,6 +156582,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -156774,6 +157153,64 @@ } } }, + "/v1/spectroclusters/system/imagePullSecret": { + "get": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Returns the cluster image pull secret for the given scope", + "operationId": "v1SpectroClustersSystemImagePullSecretGet", + "parameters": [ + { + "type": "string", + "description": "Spectro cluster uid", + "name": "clusterUid", + "in": "query" + }, + { + "type": "string", + "description": "Overlord (private cloud gateway) uid", + "name": "overlordUid", + "in": "query" + }, + { + "type": "string", + "description": "Edge host uid", + "name": "edgeHostUid", + "in": "query" + }, + { + "type": "string", + "description": "A project UID is required for project-scoped resources and should be omitted when targeting tenant-scoped resources", + "name": "ProjectUid", + "in": "header" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "description": "Image pull secret for cluster system operations", + "type": "object", + "properties": { + "imagePullSecret": { + "description": "base64-encoded image pull secret token", + "type": "string" + } + } + } + } + } + } + }, "/v1/spectroclusters/tags": { "get": { "security": [ @@ -159890,6 +160327,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -160654,6 +161095,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -161874,6 +162319,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -215809,6 +216258,80 @@ } } }, + "/v1/system/config/imagePullSecret": { + "get": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1", + "system" + ], + "summary": "get the system DHI image pull secret config", + "operationId": "V1SystemConfigImagePullSecretGet", + "responses": { + "200": { + "description": "(empty)", + "schema": { + "description": "system DHI image pull secret config spec", + "type": "object", + "properties": { + "imagePullSecret": { + "description": "base64 encoded docker config JSON", + "type": "string" + } + } + } + } + } + }, + "put": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1", + "system" + ], + "summary": "create or update the system DHI image pull secret config", + "operationId": "V1SystemConfigImagePullSecretUpdate", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "description": "system DHI image pull secret config spec", + "type": "object", + "properties": { + "imagePullSecret": { + "description": "base64 encoded docker config JSON", + "type": "string" + } + } + } + } + ], + "responses": { + "204": { + "description": "(empty)", + "schema": { + "description": "The resource was updated successfully" + } + } + } + } + }, "/v1/system/config/keyValueStore": { "put": { "security": [ @@ -224794,6 +225317,1019 @@ } ] }, + "/v1/tenants/{tenantUid}/datasinks/splunk": { + "post": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Creates the Splunk HEC data sink for the specified tenant", + "operationId": "V1TenantUidDatasinksSplunkCreate", + "parameters": [ + { + "type": "string", + "name": "tenantUid", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "description": "Input payload for creating or updating a Splunk HEC sink.", + "type": "object", + "required": [ + "name", + "spec" + ], + "properties": { + "name": { + "description": "Human-readable name for this sink. Must be unique per tenant.", + "type": "string" + }, + "spec": { + "description": "Splunk HEC connection configuration.", + "type": "object", + "required": [ + "hecUrl", + "token" + ], + "properties": { + "hecUrl": { + "description": "Splunk HEC URL, e.g. https://stack.splunkcloud.com:8088 or\nhttps://http-inputs-.splunkcloud.com:443. Must use https,\nexcept http://localhost:* / http://127.0.0.1:* permitted for dev.\n", + "type": "string" + }, + "index": { + "description": "Optional. If empty, the HEC token's default index is used.", + "type": "string" + }, + "source": { + "description": "Optional. If empty, the HEC token's default source is used.", + "type": "string" + }, + "tlsConfig": { + "type": "object", + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + } + }, + "token": { + "description": "HEC token. Returned masked ('***') on GET. PUT with the masked literal\n'***' preserves the existing encrypted value; PUT with any other value\nre-encrypts and replaces.\n", + "type": "string", + "format": "password" + } + } + } + } + } + } + ], + "responses": { + "201": { + "description": "Created successfully", + "schema": { + "type": "object", + "required": [ + "uid" + ], + "properties": { + "uid": { + "type": "string" + } + } + }, + "headers": { + "AuditUid": { + "type": "string", + "description": "Audit uid for the request" + } + } + }, + "400": { + "description": "Invalid request data", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "403": { + "description": "Forbidden", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "409": { + "description": "Sink already exists for tenant + kind (runtime code=SinkAlreadyExists)", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + } + } + } + }, + "/v1/tenants/{tenantUid}/datasinks/splunk/validate": { + "post": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Validates the Splunk HEC data sink connection for the specified tenant", + "operationId": "V1TenantUidDatasinksSplunkValidate", + "parameters": [ + { + "type": "string", + "name": "tenantUid", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "description": "Splunk HEC connection configuration.", + "type": "object", + "required": [ + "hecUrl", + "token" + ], + "properties": { + "hecUrl": { + "description": "Splunk HEC URL, e.g. https://stack.splunkcloud.com:8088 or\nhttps://http-inputs-.splunkcloud.com:443. Must use https,\nexcept http://localhost:* / http://127.0.0.1:* permitted for dev.\n", + "type": "string" + }, + "index": { + "description": "Optional. If empty, the HEC token's default index is used.", + "type": "string" + }, + "source": { + "description": "Optional. If empty, the HEC token's default source is used.", + "type": "string" + }, + "tlsConfig": { + "type": "object", + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + } + }, + "token": { + "description": "HEC token. Returned masked ('***') on GET. PUT with the masked literal\n'***' preserves the existing encrypted value; PUT with any other value\nre-encrypts and replaces.\n", + "type": "string", + "format": "password" + } + } + } + } + ], + "responses": { + "204": { + "description": "Ok response without content", + "headers": { + "AuditUid": { + "type": "string", + "description": "Audit uid for the request" + } + } + }, + "400": { + "description": "Invalid request data", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "403": { + "description": "Forbidden", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "504": { + "description": "Network/TLS/timeout error", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + } + } + } + }, + "/v1/tenants/{tenantUid}/datasinks/splunk/{uid}": { + "get": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Returns the Splunk HEC data sink for the specified tenant", + "operationId": "V1TenantUidDatasinksSplunkGet", + "parameters": [ + { + "type": "string", + "name": "tenantUid", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "uid", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "description": "Splunk HEC audit-log sink configuration.", + "type": "object", + "properties": { + "metadata": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "type": "object", + "properties": { + "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "creationTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "deletionTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "lastModifiedTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + } + }, + "spec": { + "description": "Splunk HEC connection configuration.", + "type": "object", + "required": [ + "hecUrl", + "token" + ], + "properties": { + "hecUrl": { + "description": "Splunk HEC URL, e.g. https://stack.splunkcloud.com:8088 or\nhttps://http-inputs-.splunkcloud.com:443. Must use https,\nexcept http://localhost:* / http://127.0.0.1:* permitted for dev.\n", + "type": "string" + }, + "index": { + "description": "Optional. If empty, the HEC token's default index is used.", + "type": "string" + }, + "source": { + "description": "Optional. If empty, the HEC token's default source is used.", + "type": "string" + }, + "tlsConfig": { + "type": "object", + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + } + }, + "token": { + "description": "HEC token. Returned masked ('***') on GET. PUT with the masked literal\n'***' preserves the existing encrypted value; PUT with any other value\nre-encrypts and replaces.\n", + "type": "string", + "format": "password" + } + } + }, + "status": { + "description": "Data sink status", + "type": "object", + "properties": { + "sync": { + "description": "Status of the data sink delivery sync loop", + "type": "object", + "properties": { + "lastRunTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "lastSuccessTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "message": { + "description": "Last error message when status=Failed. Empty when status=Success.", + "type": "string" + }, + "status": { + "description": "Last known delivery status.", + "type": "string", + "enum": [ + "Success", + "Failed" + ] + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "403": { + "description": "Forbidden", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "404": { + "description": "The specified resource was not found", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + } + } + }, + "put": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Updates the Splunk HEC data sink for the specified tenant", + "operationId": "V1TenantUidDatasinksSplunkUpdate", + "parameters": [ + { + "type": "string", + "name": "tenantUid", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "uid", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "description": "Input payload for creating or updating a Splunk HEC sink.", + "type": "object", + "required": [ + "name", + "spec" + ], + "properties": { + "name": { + "description": "Human-readable name for this sink. Must be unique per tenant.", + "type": "string" + }, + "spec": { + "description": "Splunk HEC connection configuration.", + "type": "object", + "required": [ + "hecUrl", + "token" + ], + "properties": { + "hecUrl": { + "description": "Splunk HEC URL, e.g. https://stack.splunkcloud.com:8088 or\nhttps://http-inputs-.splunkcloud.com:443. Must use https,\nexcept http://localhost:* / http://127.0.0.1:* permitted for dev.\n", + "type": "string" + }, + "index": { + "description": "Optional. If empty, the HEC token's default index is used.", + "type": "string" + }, + "source": { + "description": "Optional. If empty, the HEC token's default source is used.", + "type": "string" + }, + "tlsConfig": { + "type": "object", + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + } + }, + "token": { + "description": "HEC token. Returned masked ('***') on GET. PUT with the masked literal\n'***' preserves the existing encrypted value; PUT with any other value\nre-encrypts and replaces.\n", + "type": "string", + "format": "password" + } + } + } + } + } + } + ], + "responses": { + "204": { + "description": "Ok response without content", + "headers": { + "AuditUid": { + "type": "string", + "description": "Audit uid for the request" + } + } + }, + "400": { + "description": "Invalid request data", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "403": { + "description": "Forbidden", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "404": { + "description": "The specified resource was not found", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + } + } + }, + "delete": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Deletes the Splunk HEC data sink for the specified tenant", + "operationId": "V1TenantUidDatasinksSplunkDelete", + "parameters": [ + { + "type": "string", + "name": "tenantUid", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "uid", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "description": "The resource was deleted successfully" + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "403": { + "description": "Forbidden", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "404": { + "description": "The specified resource was not found", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + } + } + } + }, + "/v1/tenants/{tenantUid}/datasinks/summary": { + "get": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Returns a summary of all data sinks configured for the specified tenant", + "operationId": "V1TenantUidDatasinksSummaryGet", + "parameters": [ + { + "type": "string", + "name": "tenantUid", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "description": "Summary of all sinks configured for a tenant, across kinds.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "type": "array", + "uniqueItems": true, + "items": { + "description": "Data sink summary", + "type": "object", + "properties": { + "kind": { + "description": "Sink kind discriminator (e.g. splunk, cloudwatch). For legacy cloudwatch\nentries the caller treats kind=cloudwatch as a presence signal and calls\n/v1/tenants/{t}/assets/dataSinks to fetch the legacy CloudWatch configuration.\n", + "type": "string" + }, + "metadata": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "type": "object", + "properties": { + "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "creationTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "deletionTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "lastModifiedTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + } + }, + "status": { + "description": "Data sink status", + "type": "object", + "properties": { + "sync": { + "description": "Status of the data sink delivery sync loop", + "type": "object", + "properties": { + "lastRunTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "lastSuccessTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "message": { + "description": "Last error message when status=Failed. Empty when status=Success.", + "type": "string" + }, + "status": { + "description": "Last known delivery status.", + "type": "string", + "enum": [ + "Success", + "Failed" + ] + } + } + } + } + } + } + } + } + } + } + }, + "401": { + "description": "Unauthorized", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + }, + "403": { + "description": "Forbidden", + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "details": { + "type": "object" + }, + "message": { + "type": "string" + }, + "ref": { + "type": "string" + } + } + } + } + } + } + }, "/v1/tenants/{tenantUid}/domains": { "get": { "security": [ @@ -225102,6 +226638,65 @@ } ] }, + "/v1/tenants/{tenantUid}/idp/palette/config": { + "get": { + "security": [ + { + "ApiKey": [] + }, + { + "Authorization": [] + } + ], + "tags": [ + "v1" + ], + "summary": "Returns the Palette IDP config for the tenant", + "operationId": "V1TenantUidIdpPaletteConfigGet", + "responses": { + "200": { + "description": "OK", + "schema": { + "description": "Palette IDP configuration for the tenant", + "type": "object", + "properties": { + "clientId": { + "description": "The client ID for Palette OIDC", + "type": "string", + "x-omitempty": false + }, + "clientSecret": { + "description": "The client secret for Palette OIDC", + "type": "string", + "x-omitempty": false + }, + "issuerUrl": { + "description": "The issuer URL for Palette acting as OIDC identity provider", + "type": "string", + "x-omitempty": false + }, + "scopes": { + "description": "The OIDC scopes", + "type": "array", + "items": { + "type": "string" + }, + "x-omitempty": false + } + } + } + } + } + }, + "parameters": [ + { + "type": "string", + "name": "tenantUid", + "in": "path", + "required": true + } + ] + }, "/v1/tenants/{tenantUid}/invoices/{invoiceUid}": { "get": { "security": [ @@ -247151,6 +248746,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -247664,6 +249263,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -249899,6 +251502,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -250197,6 +251804,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -253037,6 +254648,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -253592,6 +255207,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -254609,6 +256228,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -254845,6 +256468,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -258809,6 +260436,10 @@ "controlPlaneEndpoint": { "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" + }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" } } } @@ -258899,6 +260530,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -259075,6 +260710,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -259311,6 +260950,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -259487,6 +261130,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -259699,6 +261346,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -259802,6 +261453,10 @@ "controlPlaneEndpoint": { "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" + }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" } } }, @@ -260548,6 +262203,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -260859,6 +262518,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -281990,7 +283653,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "v1ClusterUpgradeSettingsEntity": { @@ -282004,6 +283668,15 @@ } } }, + "v1ClusterUpgradeSettingsSpec": { + "type": "object", + "properties": { + "spectroComponentsUpgradeForbidden": { + "type": "boolean", + "x-omitempty": false + } + } + }, "v1ClusterUsageSummary": { "description": "Cluster usage summary", "type": "object", @@ -302382,6 +304055,93 @@ } } }, + "v1DataSinkSummary": { + "description": "Data sink summary", + "type": "object", + "properties": { + "kind": { + "description": "Sink kind discriminator (e.g. splunk, cloudwatch). For legacy cloudwatch\nentries the caller treats kind=cloudwatch as a presence signal and calls\n/v1/tenants/{t}/assets/dataSinks to fetch the legacy CloudWatch configuration.\n", + "type": "string" + }, + "metadata": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "type": "object", + "properties": { + "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "creationTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "deletionTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "lastModifiedTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + } + }, + "status": { + "description": "Data sink status", + "type": "object", + "properties": { + "sync": { + "description": "Status of the data sink delivery sync loop", + "type": "object", + "properties": { + "lastRunTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "lastSuccessTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "message": { + "description": "Last error message when status=Failed. Empty when status=Success.", + "type": "string" + }, + "status": { + "description": "Last known delivery status.", + "type": "string", + "enum": [ + "Success", + "Failed" + ] + } + } + } + } + } + } + }, "v1DataSinkableSpec": { "type": "object", "properties": { @@ -302537,6 +304297,106 @@ } } }, + "v1DataSinksSummary": { + "description": "Summary of all sinks configured for a tenant, across kinds.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "items": { + "type": "array", + "uniqueItems": true, + "items": { + "description": "Data sink summary", + "type": "object", + "properties": { + "kind": { + "description": "Sink kind discriminator (e.g. splunk, cloudwatch). For legacy cloudwatch\nentries the caller treats kind=cloudwatch as a presence signal and calls\n/v1/tenants/{t}/assets/dataSinks to fetch the legacy CloudWatch configuration.\n", + "type": "string" + }, + "metadata": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "type": "object", + "properties": { + "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "creationTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "deletionTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "lastModifiedTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + } + }, + "status": { + "description": "Data sink status", + "type": "object", + "properties": { + "sync": { + "description": "Status of the data sink delivery sync loop", + "type": "object", + "properties": { + "lastRunTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "lastSuccessTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "message": { + "description": "Last error message when status=Failed. Empty when status=Success.", + "type": "string" + }, + "status": { + "description": "Last known delivery status.", + "type": "string", + "enum": [ + "Success", + "Failed" + ] + } + } + } + } + } + } + } + } + } + }, "v1DatabaseTransferJob": { "description": "database transfer job details", "type": "object", @@ -309853,6 +311713,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -309862,6 +311726,16 @@ "type": "integer", "format": "int32" }, + "skipK8sUpgrade": { + "description": "Skip Kubernetes version upgrade validation for worker pools with N-3 version skew.\n- enabled: Bypasses version skew validation, allows Control Plane upgrade even when this worker pool is >3 minor versions behind\n- disabled: Automatically upgrade worker pool to match Control Plane Kubernetes version (default)\n", + "type": "string", + "default": "disabled", + "enum": [ + "enabled", + "disabled" + ], + "x-omitempty": true + }, "taints": { "description": "control plane or worker taints", "type": "array", @@ -310209,6 +312083,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -310218,6 +312096,16 @@ "type": "integer", "format": "int32" }, + "skipK8sUpgrade": { + "description": "Skip Kubernetes version upgrade validation for worker pools with N-3 version skew.\n- enabled: Bypasses version skew validation, allows Control Plane upgrade even when this worker pool is >3 minor versions behind\n- disabled: Automatically upgrade worker pool to match Control Plane Kubernetes version (default)\n", + "type": "string", + "default": "disabled", + "enum": [ + "enabled", + "disabled" + ], + "x-omitempty": true + }, "taints": { "description": "control plane or worker taints", "type": "array", @@ -311801,6 +313689,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -311810,6 +313702,16 @@ "type": "integer", "format": "int32" }, + "skipK8sUpgrade": { + "description": "Skip Kubernetes version upgrade validation for worker pools with N-3 version skew.\n- enabled: Bypasses version skew validation, allows Control Plane upgrade even when this worker pool is >3 minor versions behind\n- disabled: Automatically upgrade worker pool to match Control Plane Kubernetes version (default)\n", + "type": "string", + "default": "disabled", + "enum": [ + "enabled", + "disabled" + ], + "x-omitempty": true + }, "taints": { "description": "control plane or worker taints", "type": "array", @@ -312022,6 +313924,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -313076,6 +314982,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -313263,6 +315173,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -313788,6 +315702,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -314289,6 +316207,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -315149,6 +317071,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -317008,6 +318934,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -317355,6 +319285,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -318092,6 +320026,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -318301,6 +320239,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -319911,6 +321853,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -322606,6 +324552,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -322994,6 +324944,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -323279,6 +325233,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -328026,6 +329984,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -328486,6 +330448,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -329315,6 +331281,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -329566,6 +331536,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -330763,6 +332737,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -330912,6 +332890,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -338515,6 +340497,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -359513,6 +361499,68 @@ } } }, + "v1SinkStatus": { + "description": "Data sink status", + "type": "object", + "properties": { + "sync": { + "description": "Status of the data sink delivery sync loop", + "type": "object", + "properties": { + "lastRunTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "lastSuccessTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "message": { + "description": "Last error message when status=Failed. Empty when status=Success.", + "type": "string" + }, + "status": { + "description": "Last known delivery status.", + "type": "string", + "enum": [ + "Success", + "Failed" + ] + } + } + } + } + }, + "v1SinkSyncStatus": { + "description": "Status of the data sink delivery sync loop", + "type": "object", + "properties": { + "lastRunTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "lastSuccessTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "message": { + "description": "Last error message when status=Failed. Empty when status=Success.", + "type": "string" + }, + "status": { + "description": "Last known delivery status.", + "type": "string", + "enum": [ + "Success", + "Failed" + ] + } + } + }, "v1SonobuoyEntity": { "description": "Sonobuoy response", "required": [ @@ -361143,7 +363191,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -361343,6 +363392,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -362003,6 +364056,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -362937,6 +364994,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -363636,6 +365697,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -363770,6 +365835,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -364478,6 +366547,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -364866,6 +366939,10 @@ "description": "Endpoint IP to be used for API server, should only be enabled for static CloudStack network", "type": "string" }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "project": { "description": "Cloud stack resource information", "type": "object", @@ -365126,6 +367203,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -378279,6 +380360,16 @@ } } }, + "v1SpectroClusterSystemImagePullSecret": { + "description": "Image pull secret for cluster system operations", + "type": "object", + "properties": { + "imagePullSecret": { + "description": "base64-encoded image pull secret token", + "type": "string" + } + } + }, "v1SpectroClusterTags": { "type": "object", "properties": { @@ -384944,7 +387035,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -385851,6 +387943,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -386800,6 +388896,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -387743,6 +389843,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -388329,6 +390433,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -388567,6 +390675,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -389039,6 +391151,15 @@ } } }, + "clusterType": { + "type": "string", + "default": "PureManage", + "enum": [ + "PureManage", + "PureAttach", + "PureAdopt" + ] + }, "fargateProfiles": { "type": "array", "items": { @@ -389347,6 +391468,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -389736,6 +391861,10 @@ } } }, + "overrideClusterAPIConfig": { + "description": "YAML override for CAPI properties at cluster level.\nOverrides pack-level and Palette-managed values.\n", + "type": "string" + }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" @@ -390004,6 +392133,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -390768,6 +392901,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -391297,6 +393434,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -391631,6 +393772,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -392756,7 +394901,8 @@ "default": "PureManage", "enum": [ "PureManage", - "PureAttach" + "PureAttach", + "PureAdopt" ] }, "machinepoolconfig": { @@ -392917,6 +395063,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -393480,6 +395630,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -395970,6 +398124,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -396621,6 +398779,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" @@ -396707,6 +398869,226 @@ } } }, + "v1SplunkSink": { + "description": "Splunk HEC audit-log sink configuration.", + "type": "object", + "properties": { + "metadata": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "type": "object", + "properties": { + "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "creationTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "deletionTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "lastModifiedTimestamp": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "type": "string" + } + } + }, + "spec": { + "description": "Splunk HEC connection configuration.", + "type": "object", + "required": [ + "hecUrl", + "token" + ], + "properties": { + "hecUrl": { + "description": "Splunk HEC URL, e.g. https://stack.splunkcloud.com:8088 or\nhttps://http-inputs-.splunkcloud.com:443. Must use https,\nexcept http://localhost:* / http://127.0.0.1:* permitted for dev.\n", + "type": "string" + }, + "index": { + "description": "Optional. If empty, the HEC token's default index is used.", + "type": "string" + }, + "source": { + "description": "Optional. If empty, the HEC token's default source is used.", + "type": "string" + }, + "tlsConfig": { + "type": "object", + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + } + }, + "token": { + "description": "HEC token. Returned masked ('***') on GET. PUT with the masked literal\n'***' preserves the existing encrypted value; PUT with any other value\nre-encrypts and replaces.\n", + "type": "string", + "format": "password" + } + } + }, + "status": { + "description": "Data sink status", + "type": "object", + "properties": { + "sync": { + "description": "Status of the data sink delivery sync loop", + "type": "object", + "properties": { + "lastRunTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "lastSuccessTime": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "message": { + "description": "Last error message when status=Failed. Empty when status=Success.", + "type": "string" + }, + "status": { + "description": "Last known delivery status.", + "type": "string", + "enum": [ + "Success", + "Failed" + ] + } + } + } + } + } + } + }, + "v1SplunkSinkEntity": { + "description": "Input payload for creating or updating a Splunk HEC sink.", + "type": "object", + "required": [ + "name", + "spec" + ], + "properties": { + "name": { + "description": "Human-readable name for this sink. Must be unique per tenant.", + "type": "string" + }, + "spec": { + "description": "Splunk HEC connection configuration.", + "type": "object", + "required": [ + "hecUrl", + "token" + ], + "properties": { + "hecUrl": { + "description": "Splunk HEC URL, e.g. https://stack.splunkcloud.com:8088 or\nhttps://http-inputs-.splunkcloud.com:443. Must use https,\nexcept http://localhost:* / http://127.0.0.1:* permitted for dev.\n", + "type": "string" + }, + "index": { + "description": "Optional. If empty, the HEC token's default index is used.", + "type": "string" + }, + "source": { + "description": "Optional. If empty, the HEC token's default source is used.", + "type": "string" + }, + "tlsConfig": { + "type": "object", + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + } + }, + "token": { + "description": "HEC token. Returned masked ('***') on GET. PUT with the masked literal\n'***' preserves the existing encrypted value; PUT with any other value\nre-encrypts and replaces.\n", + "type": "string", + "format": "password" + } + } + } + } + }, + "v1SplunkSinkSpec": { + "description": "Splunk HEC connection configuration.", + "type": "object", + "required": [ + "hecUrl", + "token" + ], + "properties": { + "hecUrl": { + "description": "Splunk HEC URL, e.g. https://stack.splunkcloud.com:8088 or\nhttps://http-inputs-.splunkcloud.com:443. Must use https,\nexcept http://localhost:* / http://127.0.0.1:* permitted for dev.\n", + "type": "string" + }, + "index": { + "description": "Optional. If empty, the HEC token's default index is used.", + "type": "string" + }, + "source": { + "description": "Optional. If empty, the HEC token's default source is used.", + "type": "string" + }, + "tlsConfig": { + "type": "object", + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + } + }, + "token": { + "description": "HEC token. Returned masked ('***') on GET. PUT with the masked literal\n'***' preserves the existing encrypted value; PUT with any other value\nre-encrypts and replaces.\n", + "type": "string", + "format": "password" + } + } + }, "v1SpotMarketOptions": { "description": "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", "type": "object", @@ -398810,6 +401192,16 @@ } } }, + "v1SystemConfigImagePullSecretSpec": { + "description": "system DHI image pull secret config spec", + "type": "object", + "properties": { + "imagePullSecret": { + "description": "base64 encoded docker config JSON", + "type": "string" + } + } + }, "v1SystemConfigStoreEntity": { "type": "object", "required": [ @@ -403145,6 +405537,35 @@ } } }, + "v1TenantPaletteIdpConfigSpec": { + "description": "Palette IDP configuration for the tenant", + "type": "object", + "properties": { + "clientId": { + "description": "The client ID for Palette OIDC", + "type": "string", + "x-omitempty": false + }, + "clientSecret": { + "description": "The client secret for Palette OIDC", + "type": "string", + "x-omitempty": false + }, + "issuerUrl": { + "description": "The issuer URL for Palette acting as OIDC identity provider", + "type": "string", + "x-omitempty": false + }, + "scopes": { + "description": "The OIDC scopes", + "type": "array", + "items": { + "type": "string" + }, + "x-omitempty": false + } + } + }, "v1TenantPasswordPolicyEntity": { "description": "Tenant Password Policy Entity", "type": "object", @@ -404398,6 +406819,20 @@ } } }, + "v1TlsCA": { + "type": "object", + "properties": { + "caCertBase64": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "insecureSkipVerify": { + "type": "boolean" + } + } + }, "v1TlsConfiguration": { "description": "TLS configuration", "type": "object", @@ -427682,6 +430117,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -428370,6 +430809,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -430060,6 +432503,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\n", "type": "string" @@ -430478,6 +432925,10 @@ "description": "YAML override for CAPI properties at pool level.\nOverrides pack-level and Palette-managed values. See PCP-4787.\n", "type": "string" }, + "overrideHealthCheckConfiguration": { + "description": "YAML config to override Machine Health Check values at the node pool level.\nAccepts CAPI MachineHealthCheck fields such as maxUnhealthy, nodeStartupTimeout,\nand unhealthyNodeConditions. Falls back to Palette defaults when unset and\nremains subject to the project/tenant Cluster Auto Remediation setting.\n", + "type": "string" + }, "overrideKubeadmConfiguration": { "description": "YAML config for kubeletExtraArgs, preKubeadmCommands, postKubeadmCommands.\nOverrides pack-level settings. Worker pools only.\nCurrently implemented for CloudStack only.\n", "type": "string" diff --git a/static/assets/docs/images/certificate-management_certificate-renew-page.webp b/static/assets/docs/images/certificate-management_certificate-renew-page.webp new file mode 100644 index 00000000000..8158fe89e3a Binary files /dev/null and b/static/assets/docs/images/certificate-management_certificate-renew-page.webp differ diff --git a/static/assets/docs/images/certificate-management_cluster-details-page.webp b/static/assets/docs/images/certificate-management_cluster-details-page.webp new file mode 100644 index 00000000000..975d075643d Binary files /dev/null and b/static/assets/docs/images/certificate-management_cluster-details-page.webp differ diff --git a/static/assets/docs/images/clusters_site-installation_initial-setup_tui-management-interface_4.8.webp b/static/assets/docs/images/clusters_site-installation_initial-setup_tui-management-interface_4.8.webp new file mode 100644 index 00000000000..57b38aba8e9 Binary files /dev/null and b/static/assets/docs/images/clusters_site-installation_initial-setup_tui-management-interface_4.8.webp differ diff --git a/static/assets/docs/images/configure-image-pull-secret_palette.webp b/static/assets/docs/images/configure-image-pull-secret_palette.webp new file mode 100644 index 00000000000..fe5f5eec640 Binary files /dev/null and b/static/assets/docs/images/configure-image-pull-secret_palette.webp differ diff --git a/static/assets/docs/images/configure-image-pull-secret_vertex.webp b/static/assets/docs/images/configure-image-pull-secret_vertex.webp new file mode 100644 index 00000000000..956b775ad81 Binary files /dev/null and b/static/assets/docs/images/configure-image-pull-secret_vertex.webp differ diff --git a/static/assets/docs/images/palette_installation_install-on-vmware_palette-system-console.webp b/static/assets/docs/images/palette_installation_install-on-vmware_palette-system-console.webp index ed93c439499..2ba0851a80e 100644 Binary files a/static/assets/docs/images/palette_installation_install-on-vmware_palette-system-console.webp and b/static/assets/docs/images/palette_installation_install-on-vmware_palette-system-console.webp differ diff --git a/static/assets/docs/images/vertex_install-on-kubernetes_install_system-console.webp b/static/assets/docs/images/vertex_install-on-kubernetes_install_system-console.webp index a356fc00717..c046e264af6 100644 Binary files a/static/assets/docs/images/vertex_install-on-kubernetes_install_system-console.webp and b/static/assets/docs/images/vertex_install-on-kubernetes_install_system-console.webp differ