Merge branch 'master' into dependabot/npm_and_yarn/master/docusaurus-…

…plugin-image-zoom-2.0.0
spectrocloud · Sep 4, 2024 · b45ac62 · b45ac62
2 parents 092e5e4 + 8c1f97f
commit b45ac62
Show file tree

Hide file tree

Showing 6 changed files with 205 additions and 96 deletions.
diff --git a/.github/workflows/nightly-docker-build.yaml b/.github/workflows/nightly-docker-build.yaml
@@ -67,7 +67,7 @@ jobs:
           tags: ghcr.io/${{ github.repository }}:nightly
           labels: ${{ steps.meta.outputs.labels }}
 
-      - uses: sigstore/cosign-installer@v3.5.0
+      - uses: sigstore/cosign-installer@v3.6.0
 
       - name: Image Signing
         run: |

diff --git a/docs/api-content/api-docs/palette-apis.json b/docs/api-content/api-docs/palette-apis.json
@@ -139037,4 +139037,24 @@
                                         "type": "object",
                                         "additionalProperties": {
                                           "type": "string"
-
+                                        }
+                                      }
+                                    }
+                                  }
+                                }
+                              }
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        ]
+      }
+    }
+  }
+}
diff --git a/docs/docs-content/clusters/cluster-management/certificate-management.md b/docs/docs-content/clusters/cluster-management/certificate-management.md
@@ -16,8 +16,6 @@ documentation to learn more about the auto-generated certificates and to better
 This reference page focuses on how to renew the PKI certificates through Palette. You have two options for how you can
 renew the cluster PKI certificates:
 
-<br />
-
 - Automatic Certificate Renewal
 
 - Manual Certificate Renewal
@@ -31,6 +29,12 @@ years.
 
 You can learn more about each option in the following sections.
 
+## Limitations
+
+- Neither automatic nor manual certificate renewal through the Palette UI is supported by Edge clusters. For Edge airgap
+  clusters, you can renew the certificates from Local UI. Refer to
+  [Renew Certificates for Airgapped Edge Hosts](../edge/cluster-management/certificate-renewal.md) for more information.
+
 ## Automatic Certificate Renewal
 
 Palette will automatically update the cluster PKI certificates 30 days before they expire. The automatic renewal process
@@ -41,8 +45,6 @@ Another scenario that results in new PKI certificates is upgrading a cluster's K
 Kubernetes version, whether a minor patch or a major release, results in renewed PKI certificates. We recommend
 regularly updating your clusters to stay current with security fixes and best practices.
 
-<br />
-
 :::info
 
 You can upgrade the Kubernetes version of a cluster by updating the Kubernetes layer of the cluster profile and applying

diff --git a/...ontent/clusters/edge/site-deployment/deploy-custom-registries/local-registry.md b/...ontent/clusters/edge/site-deployment/deploy-custom-registries/local-registry.md
@@ -45,7 +45,9 @@ to <VersionedLink text="Harbor Edge-Native Config pack" url="/integrations/packs
 - An Edge cluster profile. For information about how to create a cluster profile for Edge, refer to
   [Model Edge Cluster Profile](../../site-deployment/model-profile.md).
 
-## Enable Local Harbor Registry
+## Enablement
+
+### Enable Local Harbor Registry
 
 1. Log in to [Palette](https://console.spectrocloud.com).
 
@@ -78,6 +80,90 @@ to <VersionedLink text="Harbor Edge-Native Config pack" url="/integrations/packs
 7. In the `harbor-config.storage` parameter, make sure you allocate enough storage in the `registry` field to store all
    your images.
 
+### Provide Credentials to Private Registries (Optional)
+
+If your cluster profile does not reference a private registry for images or helm charts or you have configured the
+Palette agent to download all images from an external private registry, you can skip this step.
+
+:::info
+
+Configuring external registries through user data will instruct the Palette agent to download all images from the
+external registry and prepend the registry URL to every image referenced in the cluster profile. Therefore, if you have
+configured an external registry through user data, you no longer need to provide credentials to the private registries
+referenced in the profile because those private registries will not be used. You are instead responsible for ensuring
+that all images are present in the external registry. For more information, refer to
+[Deploy with External Private Registry](./deploy-external-registry.md).
+
+:::
+
+If your have not configured an external registry for your Edge host through the Edge installer configuration user data,
+and your cluster profile references private registries, you must provide credentials to those private registries through
+[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/) using a manifest in your cluster
+profile.
+
+8. Add a new manifest to your cluster profile. For more information, refer to
+   [Add a Manifest](../../../../profiles/cluster-profiles/create-cluster-profiles/create-addon-profile/create-manifest-addon.md).
+
+9. In your manifest, provide the following YAML configuration. Replace the placeholders with the correct values
+   according to the table below. You need to do this for every private registry referenced and may use dividers `---` to
+   separate the secrets .
+
+   ```yaml
+   apiVersion: v1
+   data:
+     password: <base64-encdoded-password>
+     url: <base64-encoded-url>
+     username: <base64-encoded-username>
+   kind: Secret
+   metadata:
+     labels:
+       spectrocloud.com/registry: "true"
+       spectrocloud.com/copyToTarget: "true"
+     name: <registry-name>
+   type: Opaque
+   ```
+
+   | Parameter       | Description                                                                                                                                                                                                                                                                                                   |
+   | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+   | `data.url`      | The URL of the registry in base-64 encoded format. For image registries, this includes only the hostname. For example, `aHR0cHM6Ly9kb2NrZXIuaW8=` for `docker.io`. For helm registries, include both scheme and hostname. For example, `https://blr-artifactory.apps.beehive.net` in based-64 encoded format. |
+   | `data.username` | The username used to log in to the registry in base-64 encoded format.                                                                                                                                                                                                                                        |
+   | `data.password` | The password of the user in base-64 encoded format.                                                                                                                                                                                                                                                           |
+   | `metadata.name` | Optional. A human-readable name you may give the registry.                                                                                                                                                                                                                                                    |
+
+   The following is an example of a manifest providing the credentials providing credentials to multiple registries,
+   including both image registries and helm registries.
+
+   ```yaml
+   apiVersion: v1
+   data:
+     password: <base64-encdoded-password>
+     url: ZWRnZS51cy13ZXN0Mi5hcnRpZmFjdG9yeS5jb20=
+     username: dXNlcjE=
+   kind: Secret
+   metadata:
+     labels:
+       spectrocloud.com/registry: "true"
+     name: image-registry1
+   type: Opaque
+   ---
+   apiVersion: v1
+   data:
+     password: <base64-encdoded-password>
+     url: aHR0cHM6Ly9lZGdlLnVzLXdlc3QyLmFydGlmYWN0b3J5LmNvbQ==
+     username: dXNlcjE=
+   kind: Secret
+   metadata:
+     labels:
+       spectrocloud.com/registry: "true"
+     name: helm-registry1
+   type: Opaque
+   ```
+
+10. Use the cluster profile to create your Edge cluster. For more information, refer to
+    [Create Cluster Definition](../cluster-deployment.md).
+
+### Save Profile and Deploy Cluster
+
 8. Click **Save Changes**.
 
 9. Deploy a new Edge cluster with your updated profile. Or, if you have an active cluster, update the cluster to use the