diff --git a/.gitleaksignore b/.gitleaksignore index cc61b83e1e..1ce9d983f3 100644 --- a/.gitleaksignore +++ b/.gitleaksignore @@ -114,3 +114,4 @@ e4040084011d4d7935a589959b96ebc5cfba7a94:docs/docs-content/integrations/kubernet 969ac609f82bacb36093c429adfc096c5a97e10f:docs/docs-content/tutorials/cluster-deployment/pde/deploy-app.md:generic-api-key:1195 969ac609f82bacb36093c429adfc096c5a97e10f:docs/docs-content/tutorials/cluster-deployment/pde/deploy-app.md:generic-api-key:1232 969ac609f82bacb36093c429adfc096c5a97e10f:docs/docs-content/tutorials/edge/deploy-cluster.md:generic-api-key:240 +8f515d46ce2bb80b7173bf9684ed8e87cb96fd83:docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md:generic-api-key:229 diff --git a/docs/docs-content/byoos/capi-image-builder/config-reference.md b/docs/docs-content/byoos/capi-image-builder/config-reference.md index 424e8591ae..5af5a3a0cd 100644 --- a/docs/docs-content/byoos/capi-image-builder/config-reference.md +++ b/docs/docs-content/byoos/capi-image-builder/config-reference.md @@ -13,8 +13,7 @@ Review these parameters to understand how to tailor the CAPI Image Builder to yo :::warning -At this time, VMware vSphere is the only supported infrastructure provider for the CAPI Image Builder, and only -non-airgap workflows are available. +At this time, VMware vSphere is the only supported infrastructure provider for the CAPI Image Builder. ::: diff --git a/docs/docs-content/clusters/cluster-management/compliance-scan.md b/docs/docs-content/clusters/cluster-management/compliance-scan.md index a130ebfc3b..3b625e1bf5 100644 --- a/docs/docs-content/clusters/cluster-management/compliance-scan.md +++ b/docs/docs-content/clusters/cluster-management/compliance-scan.md @@ -163,30 +163,33 @@ page for that particular vulnerability. ## Scan Options -The following options are available for running cluster scans: +The following options are available cluster scans. -## On Demand +- **On Demand**: Start a scan immediately. +- **Scheduled**: Schedule a scan to start at a specific time. -A cluster scan of any type can be started by navigating to the **Scans** tab of a cluster in Palette. Scan progress -displays as 'Initiated' and transitions to 'Completed' when the scan is complete. +#### On Demand -| **On Demand Scan** | -| ---------------------------------------------------------- | -| Select the cluster to scan -> Scan(top panel) -> Run Scan. | +On demand scans can be initiated by navigating to the **Scans** tab of a cluster's details page in Palette. The scan +progress displays as **Initiated** and changes to **Completed** when the scan is complete. -## Scheduled +| **On Demand Scan** | +| --------------------------------------------------------------------------------------------------- | +| From the cluster details page. Select the Scan tab. Click on **Run Scan** on the desired scan type. | -You can set a schedule for each scan type when you deploy the cluster, and you can change the schedule at a later time. +#### Scheduled -| **During Cluster Deployment** | -| ----------------------------------------------------------------------------------- | -| Add New Cluster -> Settings -> Schedule scans -> Enable and schedule desired scans. | +You can set a fixed schedule for a scan when you deploy the cluster. You can also change the schedule at a later time. -| **Running Cluster** | -| ------------------------------------------------------------------------------------------------------------------------ | -| Select the cluster to scan -> Settings -> Cluster Settings -> Scan Policies -> Enable and schedule scans of your choice. | +| **Cluster Deployment** | +| ----------------------------------------------------------------------------------------------------- | +| From the cluster creation settings page. Click on **Schedule scans** tab and configured the schedule. | -### Schedule Options Available +| **Active Cluster** | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| From the cluster details page. Click on the **Settings drop-down Menu**. Select **Cluster Settings**, followed by clicking on the **Scan Policies** tab. Enable and schedule the scans of your choice. | + +#### Schedule Options Available This operation can be performed on all cluster types across all clouds. Schedule your compliance scan for month, day, hour, or minute. The following options are available: @@ -195,3 +198,43 @@ hour, or minute. The following options are available: - Every two weeks at midnight. - Every month on the first day of the month at midnight. - Every two months on the first day of the month at midnight + +## Scan reports + +All scan reports are available in the Palette UI. You can download them in CSV or PDF formats. + +The Palette agent stores reports in the Kubernetes cluster as a Kubernetes resource. You can list all available reports +in the cluster and gather each report's status. To retrieve the list of all available reports, use the admin kubeconfig +file downloaded and kubectl. Refer to the [Kubectl](./palette-webctl.md) to learn how to download the kubeconfig file +and configure kubectl. + +To list all available reports, use the following command. + +``` +kubectl get audits.cluster.spectrocloud.com --all-namespaces +``` + +The output of this command provides the list of all reports executed on this Kubernetes cluster with the status for each +report. + +```shell hideClipboard +NAMESPACE NAME AGE STATUS +cluster-66d8a761ed405e70b86a8a17 kube-bench-66df28ab3c13fb7876674c98-xscvq 5h14m Complete +cluster-66d8a761ed405e70b86a8a17 kube-hunter-66df65dced406e0856d8536a-zetys 53m Complete +cluster-66d8a761ed405e70b86a8a17 syft-66df6d437cda16db7074cefe-czfxq 21m Complete +``` + +To check the details for a particular report, including report content. Issue the following command and replace the +`` with the actual cluster UUID and `` with the name of the report from the list. + +```shell +kubectl get audits.cluster.spectrocloud.com --namespace cluster- --output yaml +``` + +Below is an example of the command to get the details of the kube-bench report. + +```shell +kubectl get audits.cluster.spectrocloud.com --namespace cluster-66d8a761ed405e70b86a8a17 kube-bench-66df28ab3c13fb7876674c98-xscvq --output yaml +``` + +The scan report content is available in the output block `status.results..scanReport.Worker.reportData`. diff --git a/docs/docs-content/clusters/cluster-management/platform-settings/pause-platform-upgrades.md b/docs/docs-content/clusters/cluster-management/platform-settings/pause-platform-upgrades.md index 01ed4ec891..eaa2015bbc 100644 --- a/docs/docs-content/clusters/cluster-management/platform-settings/pause-platform-upgrades.md +++ b/docs/docs-content/clusters/cluster-management/platform-settings/pause-platform-upgrades.md @@ -7,12 +7,81 @@ sidebar_position: 0 tags: ["clusters", "cluster management"] --- -Palette supports the **Pause Agent Upgrades** feature to exclude a cluster or a group of clusters from getting -automatically upgraded when Palette is upgraded. The three ways to activate this feature are: +Palette supports the **Pause Agent Upgrades** feature to exclude a cluster or a group of clusters from having their +Palette agent automatically upgraded when Palette is upgraded. -- Pause Upgrades for a Single Cluster -- Pause Upgrades for all Clusters within Project Scope -- Pause Upgrades for all Clusters within Tenant Scope +:::info + +This feature only pauses upgrades for Palette agents, not updates to the clusters themselves. + +::: + +## Pause Agent Upgrade Scopes + +Agent upgrades can be paused and resumed in the following scopes: + +- Pause agent upgrades for a single cluster +- Pause agent upgrades for all clusters within a project +- Pause agent upgrades for all clusters within a tenant + +When determining if the agent upgrades for one cluster is paused or not, you only need to look at the setting for the +cluster itself. Agent upgrade settings are always applied based on individual cluster settings. Project and tenant agent +upgrade settings are not inherited - instead cluster level settings are set to match _each time_ project and tenant +level settings are changed. + +Pausing or resuming agent upgrades at a higher-level scope will automatically pause or resume agent upgrades in the +lower-level scopes. For example, if you pause agent upgrades at the tenant level, then agent upgrades will be paused for +all projects within that tenant, and all clusters within those projects. Similarly, if you resume upgrades at the +project level, then all clusters within that project will have their agent upgrades resumed. + +This is a one-time change that happens at the moment when you pause or resume upgrades in the project or tenant scope, +and it does not mandate that the same setting be kept at the lower scopes. If you pause or resume agent upgrades in a +lower-level scope, it will override the setting from the higher-level scope. For example, even if all agent upgrades are +paused at the tenant level, you can override the tenant-level pause by resuming upgrades in a specific project or a +specific cluster. + +:::warning + +Overrides of agent upgrade settings are not permanent. When the pause agent settings at the project or tenant scope +change, the agent upgrade setting in the cluster or project scopes will always be set to match the higher-level scope +setting regardless. If you want to override the project or tenant level agent upgrade setting, you must change the agent +upgrade setting in the lower scope _after_ the change in the higher scope. + +::: + +The following table lists some example upgrade configurations and whether the Palette agent will be upgrades in those +settings. Note that only the settings at the cluster level determines whether the Palette agent will be upgraded. + +| Tenant | Project | Cluster | Outcome | +| ---------------- | ---------------- | ---------------- | ----------------------------------------- | +| Upgrades paused | Upgrades paused | Upgrades enabled | Palette agent will upgrade automatically. | +| Upgrades enabled | Upgrades enabled | Upgrade paused | Palette agent upgrades are paused. | + +## Agent Upgrades for PCG and Edge Hosts + +Aside from clusters, you can also pause the agent upgrades on Private Cloud Gateways (PCG) and Edge hosts that are +registered with Palette but are not part of a cluster. + +Since PCGs are scoped to tenants, you can pause the agent upgrades on a PCG by pausing agent upgrades on the tenant to +which the PCG is associated. You can also pause or resume upgrades for a PCG in the PCG details page through **Cluster +Settings**. Similar to clusters, pausing and resuming upgrades at the tenant level will pause or resume agent upgrades +for all PCGs in the tenant. Pausing and resuming upgrades for a PCG individually will override the tenant-level setting. + +Edge hosts that are part of a cluster have their agent upgrades managed by the settings of their cluster. Edge hosts +that are not part of a cluster have their agent upgrades managed at the project and tenant level. Similar to clusters, +pausing or resuming agent upgrades at the tenant level will automatically pause or resume agent upgrades for all +projects within that tenant. However, you can override the tenant level setting by manually changing the upgrade setting +at the project level. + +The following is a table showing the scopes at which you can pause agent upgrades for different objects. The same +relationship between the scopes applies: Changing the setting in a higher scope will trigger a one-time change to the +lower scopes, and changing the setting at the lower scope will override the setting in the higher scope. + +| | Individual Cluster/PCG | Project | Tenant | +| --------------- | ---------------------- | ------- | ------ | +| Cluster | ✅ | ✅ | ✅ | +| PCG | ✅ | ❌ | ✅ | +| Idle Edge hosts | ❌ | ✅ | ✅ | ## Prerequisites @@ -71,6 +140,24 @@ clusters within the project scope, or all within the tenant scope. + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant administrator. + +2. Navigate to the left **Main Menu** and select **Tenant Settings**. + +3. Select **Private Cloud Gateways** from the **Tenant Settings Menu** + +4. Click on the PCG you want to pause or resume upgrades for. + +5. From the PCG details page, click **Settings** > **Cluster Settings**. + +6. Toggle the **Pause Agent Upgrades** button to pause upgrades for the PCG. + +7. A pop-up box will ask you to confirm the action. Click **OK**. + + + ## Validate @@ -93,6 +180,9 @@ clusters within the project scope, or all within the tenant scope. +Pausing upgrades in a project also pauses agent upgrades for all Edge hosts in the project that are not part of a +cluster. + 1. Log in to [Palette](https://console.spectrocloud.com). 2. Navigate to the left **Main Menu** and click on **Project Settings**. @@ -105,6 +195,9 @@ clusters within the project scope, or all within the tenant scope. +Pausing upgrades in a Tenant also pauses agent upgrades for all Edge hosts in the tenant that are not part of a cluster, +as well as PCGs in the tenant. + 1. Log in to [Palette](https://console.spectrocloud.com). 2. Navigate to the left **Main Menu** and click on **Tenant Settings**. @@ -115,4 +208,20 @@ clusters within the project scope, or all within the tenant scope. + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant administrator. + +2. Navigate to the left **Main Menu** and select **Tenant Settings**. + +3. Select **Private Cloud Gateways** from the **Tenant Settings Menu** + +4. Click on the PCG you want to pause or resume upgrades for. + +5. From the PCG details page, click **Settings** > **Cluster Settings**. + +6. The **Pause Agent Upgrades** toggle button is checked. + + + diff --git a/docs/docs-content/clusters/edge/edge-configuration/installer-reference.md b/docs/docs-content/clusters/edge/edge-configuration/installer-reference.md index 5e80480533..5bfb52f8f6 100644 --- a/docs/docs-content/clusters/edge/edge-configuration/installer-reference.md +++ b/docs/docs-content/clusters/edge/edge-configuration/installer-reference.md @@ -42,6 +42,11 @@ listed in alphabetical order. You can point the Edge Installer to a non-default registry to load content from another source. Use the `registryCredentials` parameter object to specify the registry configurations. +If you are using an external registry and want to use content bundles when deploying your Edge cluster, you must also +enable the local Harbor registry. For more information, refer to +[Build Content Bundles](../edgeforge-workflow/palette-canvos/build-content-bundle.md) and +[Enable Local Harbor Registry](../site-deployment/deploy-custom-registries/local-registry.md). + | Parameter | Description | Default | | -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | `stylus.registryCredentials.domain` | The domain of the registry. You can use an IP address plus the port or a domain name. | | diff --git a/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/build-content-bundle.md b/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/build-content-bundle.md index 29d39705c7..575d281046 100644 --- a/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/build-content-bundle.md +++ b/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos/build-content-bundle.md @@ -41,6 +41,15 @@ Creating a content bundle provides several benefits that may address common use - Organizations that want better control over the software used by their Edge hosts can use content bundles to ensure that only approved software is consumed. +## Limitation + +- You cannot use content bundles with an external registry if you do not enable the local Harbor registry on your Edge + host. If you specify a external registry without enabling the local Harbor registry, the images will be downloaded + from the external registry even if you provide a content bundle, and deployment will fail if the necessary images + cannot be located in the external registry. For more information, refer to + [Deploy Cluster with External Registry](../../site-deployment/deploy-custom-registries/deploy-external-registry.md) + and [Enable Local Harbor Registry](../../site-deployment/deploy-custom-registries/local-registry.md). + ## Prerequisites - Linux Machine (Physical or VM) with an AMD64 architecture. diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-custom-registries/deploy-external-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-custom-registries/deploy-external-registry.md index f1d34cad87..a55bd4c638 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-custom-registries/deploy-external-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-custom-registries/deploy-external-registry.md @@ -38,6 +38,13 @@ information, refer to [Enable Local Harbor Registry](./local-registry.md). - Palette Edge supports basic username/password authentication. Token authentication schemes used by services such as AWS ECR and Google Artifact Registry are not supported. +- You cannot use content bundles with an external registry if you do not enable the local Harbor registry on your Edge + host. If you specify a external registry without enabling the local Harbor registry, the images will be downloaded + from the external registry even if you provide a content bundle, and deployment will fail if the necessary images + cannot be located in the external registry. For more information, refer to + [Build Content Bundles](../../edgeforge-workflow/palette-canvos/build-content-bundle.md) and + [Enable Local Harbor Registry](../../site-deployment/deploy-custom-registries/local-registry.md). + ## Prerequisites - Specifying the external registry and providing credentials happens during the EdgeForge process. You should become diff --git a/docs/docs-content/security-bulletins/reports/cve-2005-2541.md b/docs/docs-content/security-bulletins/reports/cve-2005-2541.md index 9d9016cbb3..0f67c22371 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2005-2541.md +++ b/docs/docs-content/security-bulletins/reports/cve-2005-2541.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -8/16/2024 +9/23/24 ## NIST CVE Summary @@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor. ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -41,3 +41,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-20107.md b/docs/docs-content/security-bulletins/reports/cve-2015-20107.md index d547fb191a..371e352886 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2015-20107.md +++ b/docs/docs-content/security-bulletins/reports/cve-2015-20107.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -08/16/2024 +9/23/24 ## NIST CVE Summary @@ -33,7 +33,7 @@ Waiting on a fix from third party mongodb vendor ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -43,3 +43,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md index aa91c7da10..721cb802c9 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md +++ b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/31/2024 +9/23/24 ## NIST CVE Summary @@ -32,7 +32,7 @@ application. ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -42,3 +42,4 @@ Ongoing - 1.0 07/31/2024 Initial Publication - 2.0 08/17/2024 Remediated in Palette VerteX 4.4.14 +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2016-1585.md b/docs/docs-content/security-bulletins/reports/cve-2016-1585.md index 9b7b5a2796..c028888105 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2016-1585.md +++ b/docs/docs-content/security-bulletins/reports/cve-2016-1585.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -8/16/2024 +9/23/24 ## NIST CVE Summary @@ -30,7 +30,7 @@ Spectro Cloud Official Summary coming soon. ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -40,3 +40,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20225.md b/docs/docs-content/security-bulletins/reports/cve-2018-20225.md index 6da0b1150f..35bc061639 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2018-20225.md +++ b/docs/docs-content/security-bulletins/reports/cve-2018-20225.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -08/16/2024 +9/23/24 ## NIST CVE Summary @@ -34,7 +34,7 @@ Waiting on a fix from third party mongodb vendor ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -44,3 +44,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-19244.md b/docs/docs-content/security-bulletins/reports/cve-2019-19244.md index 8a34e44c8f..20569b1439 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-19244.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-19244.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -08/16/2024 +9/23/24 ## NIST CVE Summary @@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor. ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -41,3 +41,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9674.md b/docs/docs-content/security-bulletins/reports/cve-2019-9674.md index 8c7ebd8bf7..5889792f26 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9674.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9674.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -08/16/2024 +9/23/24 ## NIST CVE Summary @@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -41,3 +41,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9923.md b/docs/docs-content/security-bulletins/reports/cve-2019-9923.md index 77145cf0f6..aa0ed7bf16 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9923.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9923.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -8/16/2024 +9/23/24 ## NIST CVE Summary @@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor. ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -41,3 +41,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9936.md b/docs/docs-content/security-bulletins/reports/cve-2019-9936.md index f62384a630..8b399c50a3 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9936.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9936.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -8/16/2024 +9/23/24 ## NIST CVE Summary @@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor. ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -41,3 +41,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9937.md b/docs/docs-content/security-bulletins/reports/cve-2019-9937.md index d6a5ad591c..99d23a5a06 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2019-9937.md +++ b/docs/docs-content/security-bulletins/reports/cve-2019-9937.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -8/16/2024 +9/23/24 ## NIST CVE Summary @@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor. ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -41,3 +41,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-35512.md b/docs/docs-content/security-bulletins/reports/cve-2020-35512.md index 9b6286667e..dbfe7516fd 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2020-35512.md +++ b/docs/docs-content/security-bulletins/reports/cve-2020-35512.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -08/16/2024 +9/23/24 ## NIST CVE Summary @@ -33,7 +33,7 @@ Waiting on a fix from third party mongodb vendor ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -43,3 +43,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 3.0 9/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3737.md b/docs/docs-content/security-bulletins/reports/cve-2021-3737.md index fddfb770e7..7f8fad5340 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2021-3737.md +++ b/docs/docs-content/security-bulletins/reports/cve-2021-3737.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -08/16/2024 +9/23/24 ## NIST CVE Summary @@ -32,7 +32,7 @@ Waiting on a fix from third party mongodb vendor ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -42,3 +42,4 @@ Ongoing - 1.0 08/16/2024 Initial Publication - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-23990.md b/docs/docs-content/security-bulletins/reports/cve-2022-23990.md index 410927650c..a53bdc876b 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-23990.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-23990.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -08/16/2024 +9/23/24 ## NIST CVE Summary @@ -30,7 +30,7 @@ Waiting on a fix from third party mongodb vendor ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -40,3 +40,4 @@ Ongoing - 1.0 08/16/2024 Initial Publications - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md index 1003714536..e1da2a3ea3 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -7/16/24 +9/23/24 ## NIST CVE Summary @@ -31,7 +31,7 @@ The CVE reported in virtual cluster CAPI provider. Govulncheck reports it as non ## Status -Ongoing +Resolved ## Affected Products & Versions @@ -41,3 +41,4 @@ Ongoing - 1.0 07/16/2024 Initial Publication - 2.0 08/17/2024 Remediated in Palette VerteX 4.4.14 +- 3.0 09/23/2024 Changed CVE status to Resolved diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-28948.md b/docs/docs-content/security-bulletins/reports/cve-2022-28948.md index 35ec303fa1..840d553e06 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-28948.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-28948.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -09/15/2024 +09/20/2024 ## NIST CVE Summary @@ -23,7 +23,9 @@ input. ## Our Official Summary -Investigation is ongoing to determine how this vulnerability affects our products. +A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to +convert (or deserialize) invalid input data, potentially impacting system stability and reliability. 3rd party images +affected will be upgraded to remove the vulnerability. ## CVE Severity diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24534.md b/docs/docs-content/security-bulletins/reports/cve-2023-24534.md index 6a12c59573..a6975fc52f 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24534.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24534.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -09/15/2024 +09/20/2024 ## NIST CVE Summary @@ -27,7 +27,12 @@ parsed headers. ## Our Official Summary -Investigation is ongoing to determine how this vulnerability affects our products. +This CVE involves excessive memory allocation in net/http and net/textproto, potentially leading to a denial-of-service +due to large memory allocation while parsing HTTP and MIME headers even for small inputs. Attackers can exploit this +vulnerability to exhaust an HTTP server's memory resources, causing a denial of service. By crafting specific input data +patterns, an attacker can trigger the excessive memory allocation behavior in the HTTP and MIME header parsing +functions, leading to memory exhaustion. The risk of this vulnerability exploited in Spectro Cloud products is very low. +3rd party images affected will be upgraded to remove the vulnerability. ## CVE Severity diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-52356.md b/docs/docs-content/security-bulletins/reports/cve-2023-52356.md index 4bddf91140..7212699f55 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-52356.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-52356.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -09/15/2024 +09/20/2024 ## NIST CVE Summary @@ -24,7 +24,10 @@ service. ## Our Official Summary -Investigation is ongoing to determine how this vulnerability affects our products. +This is a vulnerability in libtiff that can be exploited by a remote attacker to cause a heap-buffer overflow and +denial-of-service. The vulnerability is caused by a segment fault (SEGV) flaw that can be triggered when a crafted TIFF +file is passed to the TIFFReadRGBATileExt() API. Investigating a possible fix for this vulnerability on the affected +images. ## CVE Severity diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md index e4a1d2437a..727439a21e 100644 --- a/docs/docs-content/security-bulletins/reports/reports.md +++ b/docs/docs-content/security-bulletins/reports/reports.md @@ -44,30 +44,30 @@ Click on the CVE ID to view the full details of the vulnerability. | [CVE-2023-39325](./cve-2023-39325.md) | 10/11/23 | 4/28/24 | 4.4.11 & 4.4.14 & 4.4.18 | Third-party component: Go project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | :mag: Ongoing | | [CVE-2023-47108](./cve-2023-47108.md) | 11/20/23 | 11/20/23 | 4.4.11 & 4.4.14 & 4.4.18 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | :mag: Ongoing | | [CVE-2023-44487](./cve-2023-44487.md) | 10/10/23 | 6/27/24 | 4.4.11 & 4.4.14 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | :mag: Ongoing | -| [CVE-2022-25883](./cve-2022-25883.md) | 6/21/23 | 11/6/24 | 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | :mag: Ongoing | -| [CVE-2015-8855](./cve-2015-8855.md) | 1/23/17 | 1/26/12 | 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | :mag: Ongoing | +| [CVE-2022-25883](./cve-2022-25883.md) | 6/21/23 | 9/23/24 | 4.4.11 & 4.4.14 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | :white_check_mark: Resolved | +| [CVE-2015-8855](./cve-2015-8855.md) | 1/23/17 | 9/23/24 | 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | :white_check_mark: Resolved | | [CVE-2019-12900](./cve-2019-12900.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: BZ2 | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) | :mag: Ongoing | | [CVE-2023-37920](./cve-2023-37920.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: Certifi | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | :mag: Ongoing | | [CVE-2019-1010022](./cve-2019-1010022.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: GNU Libc | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) | :mag: Ongoing | -| [CVE-2016-1585](./cve-2016-1585.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: Ubuntu | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2016-1585) | :mag: Ongoing | +| [CVE-2016-1585](./cve-2016-1585.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: Ubuntu | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2016-1585) | :white_check_mark: Resolved | | [CVE-2018-20839](./cve-2018-20839.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20839) | :mag: Ongoing | | [CVE-2024-38428](./cve-2024-38428.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2024-38428) | :mag: Ongoing | | [CVE-2021-42694](./cve-2021-42694.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | [8.3](https://nvd.nist.gov/vuln/detail/CVE-2021-42694) | :mag: Ongoing | | [CVE-2021-39537](./cve-2021-39537.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2021-39537) | :mag: Ongoing | -| [CVE-2019-9923](./cve-2019-9923.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9923) | :mag: Ongoing | +| [CVE-2019-9923](./cve-2019-9923.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9923) | :white_check_mark: Resolved | | [CVE-2020-36325](./cve-2020-36325.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: Jansson | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2020-36325) | :mag: Ongoing | -| [CVE-2005-2541](./cve-2005-2541.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | :mag: Ongoing | -| [CVE-2019-9937](./cve-2019-9937.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937) | :mag: Ongoing | -| [CVE-2019-9936](./cve-2019-9936.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936) | :mag: Ongoing | -| [CVE-2019-19244](./cve-2019-19244.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-19244) | :mag: Ongoing | +| [CVE-2005-2541](./cve-2005-2541.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541) | :white_check_mark: Resolved | +| [CVE-2019-9937](./cve-2019-9937.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937) | :white_check_mark: Resolved | +| [CVE-2019-9936](./cve-2019-9936.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936) | :white_check_mark: Resolved | +| [CVE-2019-19244](./cve-2019-19244.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-19244) | :white_check_mark: Resolved | | [CVE-2016-20013](./cve-2016-20013.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2016-20013) | :mag: Ongoing | | [CVE-2022-0391](./cve-2022-0391.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0391) | :mag: Ongoing | -| [CVE-2021-3737](./cve-2021-3737.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-3737) | :mag: Ongoing | -| [CVE-2019-9674](./cve-2019-9674.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9674) | :mag: Ongoing | +| [CVE-2021-3737](./cve-2021-3737.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-3737) | :white_check_mark: Resolved | +| [CVE-2019-9674](./cve-2019-9674.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9674) | :white_check_mark: Resolved | | [CVE-2023-26604](./cve-2023-26604.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: Ubuntu | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-26604) | :mag: Ongoing | -| [CVE-2015-20107](./cve-2015-20107.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.6](https://nvd.nist.gov/vuln/detail/CVE-2015-20107) | :mag: Ongoing | +| [CVE-2015-20107](./cve-2015-20107.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.6](https://nvd.nist.gov/vuln/detail/CVE-2015-20107) | :white_check_mark: Resolved | | [CVE-2017-11164](./cve-2017-11164.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2017-11164) | :mag: Ongoing | -| [CVE-2018-20225](./cve-2018-20225.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20225) | :mag: Ongoing | +| [CVE-2018-20225](./cve-2018-20225.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20225) | :white_check_mark: Resolved | | [CVE-2022-41409](./cve-2022-41409.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41409) | :mag: Ongoing | | [CVE-2019-17543](./cve-2019-17543.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2019-17543) | :mag: Ongoing | | [CVE-2022-4899](./cve-2022-4899.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4899) | :mag: Ongoing | @@ -77,8 +77,8 @@ Click on the CVE ID to view the full details of the vulnerability. | [CVE-2023-29499](./cve-2023-29499.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-29499) | :mag: Ongoing | | [CVE-2024-24790](./cve-2024-24790.md) | 8/6/24 | 8/6/24 | 4.4.11 & 4.4.14 | Third-party component: Go Project | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-24790) | :mag: Ongoing | | [CVE-2023-4156](./cve-2023-4156.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.1](https://nvd.nist.gov/vuln/detail/CVE-2023-4156) | :mag: Ongoing | -| [CVE-2022-23990](./cve-2022-23990.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-23990) | :mag: Ongoing | -| [CVE-2020-35512](./cve-2020-35512.md) | 08/16/24 | 08/16/24 | 4.4.14 | Third-party component: MongoDB | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2020-35512) | :mag: Ongoing | +| [CVE-2022-23990](./cve-2022-23990.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-23990) | :white_check_mark: Resolved | +| [CVE-2020-35512](./cve-2020-35512.md) | 08/16/24 | 9/23/24 | 4.4.14 | Third-party component: MongoDB | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2020-35512) | :white_check_mark: Resolved | | [CVE-2012-2663](./cve-2012-2663.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: iPtables | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) | :mag: Ongoing | | [CVE-2019-9192](./cve-2019-9192.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) | :mag: Ongoing | | [CVE-2018-20796](./cve-2018-20796.md) | 08/16/24 | 08/16/24 | 4.4.14 & 4.4.18 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) | :mag: Ongoing | diff --git a/docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md b/docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md new file mode 100644 index 0000000000..b971d06b15 --- /dev/null +++ b/docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md @@ -0,0 +1,686 @@ +--- +sidebar_position: 10 +sidebar_label: "Deploy an Edge Cluster on VirtualBox" +title: "Deploy an Edge Cluster on VirtualBox" +description: + "Learn how to deploy Kubernetes workloads at the edge with Palette and VirtualBox. This tutorial teaches you how to + get started with Kubernetes at the edge using a virtual machine as your Edge host, and without having to worry about + physical devices." +tags: ["edge", "tutorial"] +toc_max_heading_level: 2 +category: ["tutorial"] +--- + +Palette Edge allows users to deploy Kubernetes workloads in remote locations with limited connectivity and compute +infrastructure. This means you can use Palette to manage the lifecycle of your Kubernetes clusters at the edge in places +such as hospitals, rural areas, restaurants, and more. + +Edge clusters are Kubernetes clusters set up on Edge hosts, which can be bare metal or virtual machines. These hosts can +be managed locally on-site through the [Local UI](../../clusters/edge/local-ui/local-ui.md) or centrally through the +Palette management plane. + +Before forming a cluster, the Edge hosts must be prepared and registered with Palette. This involves the +[EdgeForge workflow](../../clusters/edge/edgeforge-workflow/edgeforge-workflow.md), which is responsible for building +the required Edge artifacts, such as the +[Installer ISO](../../clusters/edge/edgeforge-workflow/palette-canvos/build-installer-iso.md) and +[Provider Images](../../clusters/edge/edgeforge-workflow/palette-canvos/build-provider-images.md). Once these artifacts +are built, you can use the Installer ISO to bootstrap the Edge installation on your Edge host and the Provider Images to +create a cluster profile. + +This tutorial will help you understand how the different Edge components work together. You will build and test the Edge +artifacts and deploy an Edge cluster without the need for a complex lab environment or separate physical devices. +Specifically, you will learn to deploy an Edge cluster along with a demo application using a VirtualBox VM as the Edge +host. + +The diagram below illustrates how the components that will be deployed in this tutorial interact with each other. + +![A diagram showing the Edge VirtualBox tutorial workflow.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_diagram.webp) + +## Prerequisites + +To complete this tutorial, you will need the following prerequisites in place. + +- A host with _AMD64_ (also known as _x86_64_) processor architecture and access to the Internet. The host must meet the + [minimum requirements](../../clusters/edge/edgeforge-workflow/palette-canvos/build-installer-iso.md#prerequisites) to + build the artifacts and allow the creation of a VM with the following specifications: + - 2 CPU + - 8 GB memory + - 100 GB storage +- A DHCP-enabled network. +- Three available IP addresses on the same network as the host machine. One address is for the Edge host, one is for the + cluster's Virtual IP (VIP) address, and one is for the MetalLB load balancer. +- A [Palette account](https://www.spectrocloud.com/get-started) with + [tenant admin](../../tenant-settings/tenant-settings.md) access. +- A Palette tenant registration token. Refer to the + [Create a Registration Token](../../clusters/edge/site-deployment/site-installation/create-registration-token.md) + guide for instructions on how to create a token. +- The following software installed: + - A text editor such as Vi or Nano. This tutorial uses Vi as an example. + - [Docker Engine](https://docs.docker.com/engine/install/) with `sudo` privileges + - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) + - [VirtualBox](https://www.virtualbox.org/wiki/Downloads) version 7.0 + +## EdgeForge Workflow + +The first step to deploying an Edge cluster is to prepare your Edge host with all the required components. This process +is called [EdgeForge](../../clusters/edge/edgeforge-workflow/edgeforge-workflow.md) and uses the +[CanvOS](https://github.com/spectrocloud/CanvOS/blob/main/README.md) utility. In this section, you will build the +Installer ISO and provider images Edge artifacts. + +- Installer ISO: ISO file that contains the Palette Edge host agent and metadata. It bootstraps the Edge installation in + your Edge host. +- Provider Images: [Kairos-based](https://kairos.io) images containing the OS and the desired Kubernetes versions. The + provider images are used in the OS layer when creating an Edge cluster profile. + +:::tip + +If you want your Edge host to have preloaded content and be able to create clusters using this content, you can create a +[content bundle](../../clusters/edge/edgeforge-workflow/palette-canvos/build-content-bundle.md) and build it into your +Installer ISO. + +::: + +### Setup Your Local Environment + +Open up a terminal window in your host machine and clone the **CanvOS** repository. This repository contains the code +and scripts required to build Edge artifacts. + +```shell +git clone https://github.com/spectrocloud/CanvOS.git +``` + +Next, navigate to the **CanvOS** directory. + +```shell +cd CanvOS +``` + +Check the available git tags. + +```shell +git tag +``` + +Check out the newest available tag. This tutorial uses the tag **v4.4.12** as an example. + +``` +git checkout v4.4.12 +``` + +### Define Arguments + +EdgeForge leverages [Earthly](https://earthly.dev) to build the Installer ISO and provider images artifacts. The +**.arg** file is used to pass the values of a few arguments, such as the image tag and registry name, to Earthly for the +build process. + +Execute the command below to create a custom tag for the provider images. The tag must be an alphanumeric lowercase +string. This tutorial uses `vbox-tutorial` as an example. + +```bash +export CUSTOM_TAG=vbox-tutorial +``` + +Next, issue the following command to create the **.arg** file with the custom tag. The other arguments will use the +predefined values. For example, [K3s](https://k3s.io/) will be defined as the Kubernetes distribution, Ubuntu as the OS +distribution, and [ttl.sh](https://ttl.sh/) as the image registry. + +```bash +cat << EOF > .arg +CUSTOM_TAG=$CUSTOM_TAG +IMAGE_REGISTRY=ttl.sh +OS_DISTRIBUTION=ubuntu +IMAGE_REPO=ubuntu +OS_VERSION=22 +K8S_DISTRIBUTION=k3s +ISO_NAME=palette-installer +ARCH=amd64 +UPDATE_KERNEL=false +EOF +``` + +Verify that the file was created correctly using the `cat` command. + +``` +cat .arg +``` + +:::info + +Different versions of CanvOS may require different arguments. Refer to the +[CanvOS](https://github.com/spectrocloud/CanvOS#readme) repository to learn more about the required arguments for each +version tag. + +::: + +### Create User Data + +Once the **.arg** file is ready, the next step is to create a +[**user-data**](../../clusters/edge/edgeforge-workflow/prepare-user-data.md) file, which allows you to provide +customized configuration to the Edge Installer ISO. In this tutorial, the file will be used to embed the Palette +registration token, Palette endpoint, and Edge host login information into the Edge Installer ISO. The login credentials +allow you to SSH into your Edge host. + +Export your Palette registration token. + +```bash +export TOKEN= +``` + +Then, issue the command below to create the **user-data** file using the token. + +```bash +cat << EOF > user-data +#cloud-config +stylus: + site: + edgeHostToken: $TOKEN + paletteEndpoint: api.spectrocloud.com + +users: + - name: kairos + passwd: kairos +EOF +``` + +Confirm that the file was created correctly. + +```bash +cat user-data +``` + +The output should contain the value of your Palette registration token assigned to the `edgeHostToken` parameter, as +displayed in the example output below. + +```text hideClipboard +#cloud-config +stylus: + site: + paletteEndpoint: api.spectrocloud.com + edgeHostToken: **************** + +users: + - name: kairos + passwd: kairos +``` + +### Build Edge Artifacts + +By default, Earthly builds multiple images with different K3s Kubernetes versions. You can exclude the image versions +you do not need from the build process by deleting the lines under the `k3s` section in the **k8s_version.json** file. +This will speed up the build process and reduce the amount of space that is required from your host machine. + +Open the **k8s_version.json** file with an editor of your choice. + +```bash +vi k8s_version.json +``` + +Next, delete the K3s versions you do not need. This tutorial uses K3s version `1.29.6`. Below is an example of the file +with all other versions deleted. + +```text {18} hideClipboard +{ + "k3s": [ + "1.29.6" + ], + + ... + +} +``` + +Once you are done making the alterations, save and exit the file. + +:::warning + +If you are using a CanvOS tag that is earlier than v4.4.12, the **k8s_version.json** file does not exist in those tags. +Instead, open the **Earthfile** in the CanvOS directory. Under `build-provider-images`, remove the lines containing +Kubernetes versions that you do not need. + +::: + +Next, execute the command below to build the Edge Installer ISO and provider images artifacts. + +```bash +sudo ./earthly.sh +build-all-images +``` + +The build may take 15 to 20 minutes to complete, depending on the hardware resources available on the host machine. Once +finished, you get a success message similar to the one displayed below. + +```text hideClipboard +# Lines omitted for readability +========================== 🌍 Earthly Build ✅ SUCCESS ========================== +``` + +The output also includes a manifest with predefined parameters that are required to create the cluster profile. Copy and +save the manifest, as you will need it later. + + +```yaml +pack: + content: + images: + - image: "{{.spectro.pack.edge-native-byoi.options.system.uri}}" + # Below config is default value, please uncomment if you want to modify default values + #drain: + #cordon: true + #timeout: 60 # The length of time to wait before giving up, zero means infinite + #gracePeriod: 60 # Period of time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used + #ignoreDaemonSets: true + #deleteLocalData: true # Continue even if there are pods using emptyDir (local data that will be deleted when the node is drained) + #force: true # Continue even if there are pods that do not declare a controller + #disableEviction: false # Force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, use with caution + #skipWaitForDeleteTimeout: 60 # If pod DeletionTimestamp older than N seconds, skip waiting for the pod. Seconds must be greater than 0 to skip. +options: + system.uri: "{{ .spectro.pack.edge-native-byoi.options.system.registry }}/{{ .spectro.pack.edge-native-byoi.options.system.repo }}:{{ .spectro.pack.edge-native-byoi.options.system.k8sDistribution }}-{{ .spectro.system.kubernetes.version }}-{{ .spectro.pack.edge-native-byoi.options.system.peVersion }}-{{ .spectro.pack.edge-native-byoi.options.system.customTag }}" + + + system.registry: ttl.sh + system.repo: ubuntu + system.k8sDistribution: k3s + system.osName: ubuntu + system.peVersion: v4.4.12 + system.customTag: vbox-tutorial + system.osVersion: 22 +``` + +Once the build is complete, confirm that the Edge Installer ISO and its checksum were created correctly. + +```bash +ls build +``` + +```text hideClipboard +palette-installer.iso +palette-installer.iso.sha256 +``` + +List the container images to confirm that the provider images were built successfully. + +```bash +docker images --filter=reference="*/*:*$CUSTOM_TAG" +``` + +```text hideClipboard +REPOSITORY TAG IMAGE ID CREATED SIZE +ttl.sh/ubuntu k3s-1.29.6-v4.4.12-vbox-tutorial 75811e3dfb42 13 minutes ago 3.63GB +``` + +### Push Provider Images + +Push the provider images to the [ttl.sh](https://ttl.sh/) registry so that you can reference it when creating the +cluster profile. + +```bash +docker push ttl.sh/ubuntu:k3s-1.29.6-v4.4.12-$CUSTOM_TAG +``` + +The output confirms that the image was pushed to the registry with the correct tag. + +```text hideClipboard +# Lines omitted for readability +k3s-1.29.6-v4.4.12-vbox-tutorial: digest: sha256:42f8805830c7fd3816bb27e8d710d1747fea31a70cb7718d74e42fe1c0ed53ac size: 17815 +``` + +:::warning + +[ttl.sh](https://ttl.sh/) is free and does not require you to sign in to use it. However, this is a short-lived image +registry, which means that the pushed images will expire after 24 hours. Refer to the +[Build Edge Artifacts](../../clusters/edge/edgeforge-workflow/palette-canvos/palette-canvos.md) guide to learn how to +push images to a different registry. + +::: + +## Create Cluster Profile + +Once the provider images are available in the registry, create the cluster profile. + +Log in to [Palette](https://console.spectrocloud.com/). Then, select **Profiles** from the left **Main Menu**. Click +**Add Cluster Profile** to create a cluster profile. + +Follow the wizard to create a new profile. + +In the **Basic Information** section, assign the name **edge-vbox-profile** and a brief profile description, select the +type as **Full**, and assign the tag **env:edge**. You can leave the version empty if you want to. Just be aware that +the version defaults to **1.0.0**. Click on **Next**. + +The **Cloud Type** section allows you to choose the infrastructure provider for the cluster. Select **Edge Native** and +click **Next**. + +The **Profile Layers** section specifies the packs that compose the profile. + +Add the **BYOS Edge OS** pack to the OS layer. + +| **Pack Name** | **Version** | **Registry** | **Layer** | +| ------------- | ----------- | ------------ | ---------------- | +| BYOS Edge OS | 1.0.0 | Public Repo | Operating System | + +Replace the layer manifest with the custom manifest you built in the [Build Edge Artifacts](#build-edge-artifacts) +section. This will make the cluster profile pull the provider images from the _ttl.sh_ registry. The image below +displays the OS layer with the custom manifest. + +![A screenshot of the cluster profile creation step with the OS layer.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_byos-cluster-profile.webp) + +Click **Next Layer** to proceed to the next layer. Add the following Kubernetes layer to your cluster profile. The +Kubernetes version must match the version used in the provider images. + +| **Pack Name** | **Version** | **Registry** | **Layer** | +| --------------------- | ----------- | ------------ | ---------- | +| Palette Optimized K3S | 1.29.6 | Public Repo | Kubernetes | + +Click **Values** under **Pack Details**, and replace the predefined **cluster-cidr** and **service-cidr** IP CIDRs if +they overlap with your network. For example, you can set the **cluster-cidr** parameter to `"100.64.0.0/18"` and +**service-cidr** to `"100.64.64.0/18"`. This prevents any routing conflicts in the internal pod networking. + +![A screenshot of the cluster profile creation step with the Kubernetes layer.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-k8s.webp) + +Click **Next Layer** to add the network layer. This tutorial uses Cilium as an example. + +| **Pack Name** | **Version** | **Registry** | **Layer** | +| ------------- | ----------- | ------------ | --------- | +| Cilium | 1.15.3 | Public Repo | Network | + +Click **Confirm** after you have completed filling out all the core layers. + +Next, to add the add-on layers, click **Add New Pack** and search for **MetalLB**. Add the following pack to your +cluster profile. + +| **Pack Name** | **Version** | **Registry** | **Layer** | +| -------------- | ----------- | ------------ | ------------- | +| MetalLB (Helm) | 0.14.8 | Public Repo | Load Balancer | + +The MetalLB pack provides a load-balancer implementation for your Edge Kubernetes cluster. The load balancer is required +to help the _LoadBalancer_ service specified in the Hello Universe pack obtain an IP address, so that you can access the +demo application from your browser. + +Click **Values** under **Pack Details** and replace the predefined `192.168.10.0/24` IP CIDR listed below the +**addresses** line with a valid IP address or IP range from your network. Next, click **Confirm & Create** to add the +MetalLB pack. + +![A screenshot of the cluster profile creation step with the MetalLB layer.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-metallb.webp) + +Finally, click **Add New Pack** again and search for the Hello Universe pack. + +| **Pack Name** | **Version** | **Registry** | **Layer** | +| -------------- | ----------- | -------------------------- | ----------- | +| Hello Universe | 1.1.2 | Palette Community Registry | Application | + +Once you select the pack, Palette will display its README file, providing additional guidance on usage and configuration +options. This pack deploys the [hello-universe](https://github.com/spectrocloud/hello-universe) application. + +Click on **Values** under the **Pack Details** section. Next, click on **Presets** on the right-hand side. + +This pack has two configured presets: + +1. **Disable Hello Universe API** configures the hello-universe application as a standalone front-end application. This + is the default preset selection. +2. **Enable Hello Universe API** configures the hello-universe application as a three-tier application with a frontend, + API server, and Postgres database. + +Select the **Enable Hello Universe API** preset. The pack manifest changes according to this preset. + +The pack requires two values to be replaced for the authorization token and for the database password when using this +preset. Replace these values with your own base64 encoded values. The +[hello-universe](https://github.com/spectrocloud/hello-universe?tab=readme-ov-file#single-load-balancer) repository +provides a token that you can use. + +:::tip + +You can use the `base64` command to create a base64 encoded value. + +```shell +echo "mypassword" | base64 +``` + +The output contains your base64 encoded value. + +```text hideClipboard +bXlwYXNzd29yZAo= +``` + +::: + +![A screenshot of the cluster profile creation step with the Hello Universe layer.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-hellouni.webp) + +Click **Confirm & Create** to save the alterations and add the pack to your cluster profile. + +Click **Next**. If there are no compatibility issues, Palette displays the cluster profile for review. Verify the layers +you added are correct, and click on **Finish Configuration** to create the cluster profile. + +## Deploy VirtualBox VM + +Once the Edge artifacts and cluster profile have been created, proceed to the VM deployment. The VirtualBox VM will use +the Installer ISO to bootstrap the Edge installation and serve as the Edge host for your cluster. + +Launch the VirtualBox application and click **New** to create a new VM. + +Give the machine a name, for example, `edge-vm`. + +In the **ISO Image** field, select the Edge Installer ISO file you built in the +[Build Edge Artifacts](#build-edge-artifacts) section. The ISO file is stored in the `CanvOS/build` folder. + +Set the machine **Type** as `Linux` and the **Version** as `Ubuntu (64-bit)`, and click **Next**. + +![A screenshot of the VirtualBox VM configuration.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-config.webp) + +Adjust the **Base Memory** to `8000 MB` and **Processors** to `2 CPU`. Click **Next** to proceed. + +Set the **Disk Size** to 100 GB and ensure the option **Pre-Allocate Full Size** is **not** checked. Click **Next**. + +:::info + +These are the minimum hardware requirements for an Edge host. In production environments, the required configuration may +vary. + +::: + +Confirm the VM settings and click **Finish** to create the VM. + +Select the VM to adjust its network settings. Click **Settings** and select **Network**. + +Change the **Attached to:** option from `NAT` to `Bridged Adapter` so that the VM can receive an IP address from the +same network as the host machine's network. Click **OK**. + +![A screenshot of the VirtualBox VM network configuration.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-network.webp) + +## Prepare Edge Host + +### Install Palette Edge + +In VirtualBox, select the created VM and click **Start** to turn it on. The Edge Installer will bootstrap the Palette +Edge installation onto the VM. + +Wait for the Edge Installer to complete copying content to the VM, which may take a few minutes. The VM will reboot upon +completion. Ensure that you stop the VM before the reboot proceeds. + +When the image below appears for the second time, right-click the VM, select **Stop**, and then click **Power Off** to +turn it off. + +![A screenshot of the VirtualBox VM after installation.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-reboot.webp) + +Next, click **Settings** and select **Storage**. + +Select the Edge Installer ISO and click **Remove Attachment** to remove it from your VM. Confirm the deletion with +**Remove** and click **OK** to close the settings window. + +![A screenshot of the VirtualBox VM storage configuration.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-remove-iso.webp) + +### Register Edge Host + +Select the VirtualBox VM you created and click **Start** to turn it on. The VM will boot and get an IP address from the +bridged network of the host machine. This address should be on the same subnet as the host machine. + +After a few minutes, the VM screen displays an IP address and registers automatically in Palette as an Edge host using +the provided Palette registration token. + +![A screenshot of the Edge host.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_edge-host.webp) + +### Validate the Edge Host Registration + +Navigate back to [Palette](https://console.spectrocloud.com/). Then, select **Clusters** from the left **Main Menu**. +Click on the **Edge Hosts** tab to view the registered hosts. + +Confirm your Edge host is listed as **Healthy** and with a **Ready** status. The **Machine ID** should match the ID +displayed on your VM's screen. + +![A screenshot of the Edge host in Palette.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_edge-host-palette.webp) + +## Deploy Edge Cluster + +From the left **Main Menu**, select **Clusters**, then click **Create Cluster**. If you already have clusters deployed, +click **Add New Cluster** instead. Ensure you are in the **Default** project. + +Palette will prompt you to select the type of cluster. Select **Edge Native** and click the **Start Edge Native +Configuration** button. + +In the **Basic Information** section, assign the name **edge-vbox-cluster**, a brief cluster description, and assign the +tag **env:edge**. Click **Next**. + +In the **Cluster Profile** section, click **Add Cluster Profile**. Select the cluster profile you created earlier in +this tutorial and click **Confirm**. + +Review the cluster profile layers, then click **Next** to proceed. + +In the **Cluster Config** section, provide a Virtual IP (VIP) address for the Edge cluster. This address must be an +unused address on the same network as your Edge host. + +:::tip + +You can use the [nmap](https://nmap.org/book/man.html) tool to scan your network and check which IP addresses are in +use. Issue the following command in your terminal, replacing the example CIDR `192.168.0.0/24` with your network's CIDR. + + ```bash + nmap -sn 192.168.0.0/24 + ``` + +The output displays the IP addresses that are currently in use on your network. + +::: + +Optionally, you can also select an SSH key to access the cluster's nodes and a Network Time Protocol (NTP) server list. + +Click **Next** to continue. + +In the **Nodes Config** section, specify what Edge hosts make up the Edge cluster. This tutorial deploys a single-node +Edge cluster with no worker pools. + +Provide the following details for the control plane pool. + +| Field | Value | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Node pool name | control-plane-pool | +| Allow worker capability | Yes | +| Additional Labels (Optional) | None | +| Taints | None | +| Pool Configuration > Edge Hosts | Choose the registered Edge hosts you created in the [Register Edge Host](#register-edge-host) section of this tutorial. Palette automatically displays the NIC Name for the selected host. | + +Next, click **Remove** to delete the worker pool and click **Next** to proceed with the cluster deployment. + +![A screenshot of the nodes config during cluster deployment.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-deployment-nodes.webp) + +The **Cluster Settings** section provides advanced options for OS patching, scheduled scans, scheduled backups, and +cluster role binding. For this tutorial, you can use the default settings. Click on **Validate** to continue. + +Finally, the **Review** section allows you to review the cluster configuration. If everything looks correct, click +**Finish Configuration** to deploy the cluster. + +The cluster deployment can take 15 to 30 minutes, depending on its configuration. You can click on the **Events** tab to +visualize the event log and learn more about the deployment progress. + +## Validate + +In Palette, select **Clusters** from the left **Main Menu**. + +Next, click on your cluster to view its **Overview** tab. + +Confirm that your cluster has a **Running** status and is listed as **Healthy**. + +When the Hello Universe application is deployed and ready for network traffic, Palette exposes the service URL in the +**Services** field. Click on the URL for port **:8080** to access the application landing page. + +![A screenshot of the cluster's Overview tab](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-overview.webp) + +Welcome to Hello Universe, an application that helps you learn more about Palette and its features. Feel free to click +on the logo to increase the global counter and for a fun image change. + +![A screenshot of the Hello Universe application.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_hello-universe.webp) + +## Clean Up + +You have successfully provisioned an Edge cluster with a three-tier demo application. Use the following steps to remove +the resources created for this tutorial. + +### Cluster and Cluster Profile + +To remove the Edge cluster, log in to Palette and click **Clusters** from the left **Main Menu**. Click on the cluster +named **edge-vbox-cluster** to access its details page. + +Next, click **Settings** and select **Delete Cluster**. + +Type in the cluster name to proceed with the deletion. This process may take several minutes to complete. + +:::info + +If a cluster remains in the delete phase for over 15 minutes, it becomes eligible for a force delete. To trigger a force +delete, navigate to the cluster’s details page, click on **Settings**, then select **Force Delete Cluster**. Palette +automatically removes clusters stuck in the cluster deletion phase for over 24 hours. + +::: + +After deleting your Edge cluster, proceed with the cluster profile deletion. + +Click **Profiles** from the left **Main Menu**. Select the **edge-vbox-profile** cluster profile, and then click on the +**three-dot Menu** to display the **Delete** button. Click **Delete** and confirm the selection to remove the cluster +profile. + +### Edge Host + +Once the Edge cluster and cluster profile are deleted, click **Clusters** from the left **Main Menu**. + +Locate the Edge host deployed in the [Register Edge Host](#register-edge-host) section of this tutorial. Click on the +**three-dot Menu** and select **Delete** to delete the Edge host. Confirm the deletion by clicking **OK**. This will +remove the Edge host from Palette but not delete the underlying infrastructure. + +![A screenshot of the Edge Hosts page.](/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_delete-host.webp) + +To delete the VM, open the **VirtualBox** application on your host machine. + +Right-click the `edge-vm` VM and select **Stop**. Then, click **Power Off** to turn the machine off. + +Next, right-click the VM again and select **Remove**. Click **Delete all files** to delete the VM and its hard disk. + +### Edge Artifacts + +Delete the Edge Installer ISO image and its checksum by issuing the following commands from the **CanvOS/** directory. + +```bash +rm build/palette-installer.iso +rm build/palette-installer.iso.sha256 +``` + +Next, delete the provider images. + +```bash +docker rmi ttl.sh/ubuntu:k3s-1.29.6-v4.4.12-vbox-tutorial +docker rmi ttl.sh/ubuntu:k3s-1.29.6-v4.4.12-vbox-tutorial_linux_amd64 +``` + +## Wrap-up + +In this tutorial, you successfully deployed a single-node Edge cluster along with a demo application using a VirtualBox +VM as the Edge host. You learned how to build and test Edge artifacts, prepare an Edge host, and use it to deploy an +Edge cluster. + +Palette Edge enables you to customize your Edge hosts with the desired OS, Kubernetes distribution, dependencies, and +user data configurations. + +This tutorial has provided you with hands-on experience with Palette Edge using a single VM, eliminating the need for a +complex lab environment or separate physical devices. You can also use this setup to test and validate Edge +configurations before deploying them in production. + +We encourage you to check the reference resources below to learn more about Palette Edge. + +- [Palette Edge](../../clusters/edge/edge.md) +- [Edge Architecture](../../clusters/edge/architecture.md) +- [EdgeForge Workflow](../../clusters/edge/edgeforge-workflow/edgeforge-workflow.md) diff --git a/docs/docs-content/tutorials/profiles/deploy-pack.md b/docs/docs-content/tutorials/profiles/deploy-pack.md index 5207b7d69a..6eb5dfc4a9 100644 --- a/docs/docs-content/tutorials/profiles/deploy-pack.md +++ b/docs/docs-content/tutorials/profiles/deploy-pack.md @@ -5,6 +5,7 @@ description: "Learn how to deploy applications to a Kubernetes cluster using Palette's custom packs, hosted in either the Spectro registry or an OCI registry." sidebar_position: 0 +toc_max_heading_level: 2 tags: ["packs", "tutorial"] category: ["tutorial"] --- @@ -362,6 +363,13 @@ Next, export the variables below, which you will use later to create the ECR rep - `VERSION` - the pack's version, which must match the version in the **pack.json** file. - `ACCOUNT_ID` - your AWS account ID, containing only numerical digits and no dashes. +:::warning + +Ensure that the variables `NAME` and `VERSION` match the pack name and version in the **pack.json** file. This is a +requirement for the pack to be correctly pushed to the registry. + +::: + ```bash export REGISTRY_NAME=spectro-oci-registry export NAME=hellouniverse @@ -471,9 +479,16 @@ Login Succeeded After you have created the repositories, authenticate to your ECR registry using the `aws ecr get-login-password` command. The ECR authorization token is then passed to the `oras login` command with **AWS** as username and the -registry Uniform Resource Identifier (URI). [Oras](https://oras.land/docs/) is a CLI tool to push and pull OCI artifacts +registry Uniform Resource Identifier (URI). [ORAS](https://oras.land/docs/) is a CLI tool to push and pull OCI artifacts to and from OCI registries. +:::warning + +If you are not using the tutorial container, ensure you have ORAS version `1.0.0` installed. This version is explicitly +required for pushing packs to OCI registries. + +::: + ```bash aws ecr get-login-password --region $AWS_DEFAULT_REGION | oras login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com ``` @@ -495,7 +510,15 @@ After creating the projects, proceed with the Harbor authentication. In the tuto export HARBOR_ADDRESS= ``` -Now, issue the command `oras login`. +Now, issue the command `oras login`. [ORAS](https://oras.land/docs/) is a CLI tool to push and pull OCI artifacts to and +from OCI registries. + +:::warning + +If you are not using the tutorial container, ensure you have ORAS version `1.0.0` installed. This version is explicitly +required for pushing packs to OCI registries. + +::: ```bash oras login $HARBOR_ADDRESS @@ -604,6 +627,13 @@ Harbor repository and push the pack. - `NAME` - the pack's name, which must match the name in the **pack.json** file. - `VERSION` - the pack's version, which must match the version in the **pack.json** file. +:::warning + +Ensure that the variables `NAME` and `VERSION` match the pack name and version in the **pack.json** file. This is a +requirement for the pack to be correctly pushed to the registry. + +::: + ```bash export HARBOR_PROJECT=spectro-oci-registry export NAME=hellouniverse diff --git a/static/assets/docs/images/tutorials/deploy-pack/registries-and-packs_deploy-pack_oci-registry-edit.webp b/static/assets/docs/images/tutorials/deploy-pack/registries-and-packs_deploy-pack_oci-registry-edit.webp index 9578a05f28..5d2d91570c 100644 Binary files a/static/assets/docs/images/tutorials/deploy-pack/registries-and-packs_deploy-pack_oci-registry-edit.webp and b/static/assets/docs/images/tutorials/deploy-pack/registries-and-packs_deploy-pack_oci-registry-edit.webp differ diff --git a/static/assets/docs/images/tutorials/deploy-pack/registries-and-packs_deploy-pack_oci-registry-sync.webp b/static/assets/docs/images/tutorials/deploy-pack/registries-and-packs_deploy-pack_oci-registry-sync.webp index ce083078bd..4dadebb034 100644 Binary files a/static/assets/docs/images/tutorials/deploy-pack/registries-and-packs_deploy-pack_oci-registry-sync.webp and b/static/assets/docs/images/tutorials/deploy-pack/registries-and-packs_deploy-pack_oci-registry-sync.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_byos-cluster-profile.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_byos-cluster-profile.webp new file mode 100644 index 0000000000..8ca013a12b Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_byos-cluster-profile.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-deployment-nodes.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-deployment-nodes.webp new file mode 100644 index 0000000000..269d5fbd87 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-deployment-nodes.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-deployment-profile.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-deployment-profile.webp new file mode 100644 index 0000000000..bb0f32494e Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-deployment-profile.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-events.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-events.webp new file mode 100644 index 0000000000..8a15ec9a15 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-events.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-overview.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-overview.webp new file mode 100644 index 0000000000..c09f6c5204 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-overview.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-hellouni.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-hellouni.webp new file mode 100644 index 0000000000..57d9a9645e Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-hellouni.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-k8s.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-k8s.webp new file mode 100644 index 0000000000..19db1e57df Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-k8s.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-metallb.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-metallb.webp new file mode 100644 index 0000000000..84516e673e Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_cluster-profile-metallb.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_delete-host.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_delete-host.webp new file mode 100644 index 0000000000..0baeedbf52 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_delete-host.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_diagram.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_diagram.webp new file mode 100644 index 0000000000..3eb7feae76 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_diagram.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_edge-host-palette.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_edge-host-palette.webp new file mode 100644 index 0000000000..42c4f9f7f5 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_edge-host-palette.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_edge-host.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_edge-host.webp new file mode 100644 index 0000000000..35f73e93ad Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_edge-host.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_hello-universe.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_hello-universe.webp new file mode 100644 index 0000000000..81423e9ba7 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_hello-universe.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-config.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-config.webp new file mode 100644 index 0000000000..5129614be2 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-config.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-network.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-network.webp new file mode 100644 index 0000000000..385f67e62f Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-network.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-reboot.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-reboot.webp new file mode 100644 index 0000000000..53d0803fa0 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-reboot.webp differ diff --git a/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-remove-iso.webp b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-remove-iso.webp new file mode 100644 index 0000000000..0cbf6ed513 Binary files /dev/null and b/static/assets/docs/images/tutorials/edge-vbox/tutorials_edge-vbox_deploy-cluster-virtualbox_vm-remove-iso.webp differ