docs: pack updates (#1689)

* docs: pack updates

* chore: updated packs

* docs: feedback

* chore: update gitleaks

.gitleaksignore

@@ -93,4 +93,5 @@ d916ea8726a0c226beb82fef8567877f5f5ef3f0:docs/docs-content/enterprise-version/re
 414bf547fcd11c8fb3a7da928c19a9ec763e5bbd:docs/docs-content/enterprise-version/reverse-proxy.md:private-key:153
 698d7cbdcc26f9af98f623effce32ae337898c25:docusaurus.config.js:generic-api-key:282
 eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version-bkup/reverse-proxy.md:private-key:145
-eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version/system-management/reverse-proxy.md:private-key:150
+eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version/system-management/reverse-proxy.md:private-key:150
+07088abdfe1d1bb713baf745b76f19f8842a2392:docs/docs-content/integrations/kubernetes.md:generic-api-key:634

Makefile

@@ -59,7 +59,7 @@ versions-ci: ## Create Docusarus content versions in a GitHub Actions CI environ
 
 api: ## Generate API docs
 	@echo "generating api docs"
-	npm run clear-api-docs
+	npm run clean-api-docs
 	npm run generate-api-docs
 
 ##@ Git Targets

docs/docs-content/integrations/calico.md

@@ -34,6 +34,18 @@ Azure supports VXLAN encapsulation type.
 
 <Tabs queryString="versions">
 
+
+<TabItem label="3.26.x" value="3.26.x">
+
+
+
+</TabItem>
+<TabItem label="3.25.x" value="3.25.x">
+
+
+
+</TabItem>
+
 <TabItem label="3.24.x" value="3.24.x">
 
 

docs/docs-content/integrations/cilium.md

@@ -27,9 +27,14 @@ The Cilium agent runs on all clusters and servers to provide networking, securit
 
 <Tabs>
 
-<TabItem label="1.10.x" value="1.10.x">
+<TabItem label="1.14.x" value="1.14.x">
+
+
+</TabItem>
+<TabItem label="Deprecated" value="Deprecated">
+
+All versions below version 1.14.x are deprecated. We recommend you to upgrade to the latest version.
 
-**1.10.9**
 
 </TabItem>
 

docs/docs-content/integrations/kubernetes-edge.md

@@ -43,8 +43,7 @@ We also offer Palette eXtended Kubernetes (PXK) for cloud and data center deploy
 
 
 <Tabs queryString="versions">
-
-<TabItem label="1.27.x" value="k8s_v1.27">
+<TabItem label="1.28.x" value="k8s_v1.28">
 
 ## Prerequisites
 
@@ -412,7 +411,7 @@ In this example, Palette is used as the IDP, and all users in the `dev-east-2` w
 
 </TabItem>
 
-<TabItem label="1.26.x" value="k8s_v1.26">
+<TabItem label="1.27.x" value="k8s_v1.27">
 
 ## Prerequisites
 
@@ -451,7 +450,6 @@ The Kubeadm configuration file is where you can do the following:
 
 The PXK-E Kubeadm configuration is updated to dynamically enable OIDC based on your IDP selection by adding the ``identityProvider`` parameter. 
 
-
 ```yaml
 pack: 
   palette:
@@ -708,7 +706,6 @@ pack:
         identityProvider: palette
 ```
 
-
 ### Configure OIDC Identity Provider
 
 The OIDC IDP feature offers the convenience of managing OIDC at the Kubernetes layer. The OIDC IDP feature is particularly useful for environments that do not have their own IDP configured. In this scenario, you can leverage Palette as an IDP without having to configure a third-party IDP. We also support the ability to take advantage of other OIDC providers by making it possible for you to configure OIDC at the tenant level. For additional flexibility, if you wish to use a different IDP than the one configured at the tenant level, you can select a different IDP by adding the OIDC configuration to your cluster profile.
@@ -722,13 +719,10 @@ You can create a role binding that maps individual users or groups assigned with
 
 - **None**: This setting does not require OIDC configuration for the cluster. It displays in the YAML file as `noauth`. 
 
-
 - **Custom**: This is the default setting and does not require OIDC configuration. However, if desired, it allows you to specify a third-party OIDC provider by configuring OIDC statements in the YAML file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
 
-
 - **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to log into the Kubernetes dashboard. This setting displays in the YAML file as `palette`.
 
-
 - **Inherit from Tenant**: This setting allows you to apply RBAC to multiple clusters and requires you to configure OpenID Connect (OIDC) in **Tenant Settings**. In Tenant Admin scope, navigate to **Tenant Settings** > **SSO**, choose **OIDC**, and provide your third-party IDP details. This setting displays in the YAML file as `tenant`. For more information, check out the [SSO Setup](../user-management/saml-sso/enable-saml.md) guide.
 
 :::info
@@ -742,7 +736,6 @@ If your IDP uses Security Assertion Markup Language (SAML) authentication, then
 
 Follow these steps to configure a third-party OIDC IDP.
 
-
 1. Add the following OIDC parameters to the `apiServer.extraArgs` section of your Kubernetes YAML file when creating a cluster profile.
 
 
@@ -786,9 +779,7 @@ In this example, Palette is used as the IDP, and all users in the `dev-east-2` w
 
 </TabItem>
 
-
-
-<TabItem label="1.25.x" value="k8s_v1.25">
+<TabItem label="1.26.x" value="k8s_v1.26">
 
 ## Prerequisites
 
@@ -807,7 +798,7 @@ In this example, Palette is used as the IDP, and all users in the `dev-east-2` w
 | `cluster.config.clusterConfiguration.networking.serviceSubnet` | The IP subnet range to assign to services. Default: 192.169.0.0/16 |
 | `cluster.config.clusterConfiguration.scheduler.extraArgs` | This parameter contains extra arguments for the Kubernetes scheduler, such as disabling profiling. |
 | `cluster.config.initConfiguration.nodeRegistration.kubeletExtraArgs` | This parameter contains extra arguments for kubelet during node registration, such as setting feature gates, protecting kernel defaults, and disabling the read-only port. |
-| ``pack.palette.config.oidc.identityProvider`` | Dynamically enabled OpenID Connect (OIDC) Identity Provider (IDP) setting based on your UI selection when you add the PXK-E pack to your profile. This parameter appears in the YAML file after you make a selection. Refer to [Configure OIDC Identity Provider](#configure-custom-oidc). |
+| `pack.palette.config.oidc.identityProvider` | Dynamically enabled OpenID Connect (OIDC) Identity Provider (IDP) setting based on your UI selection when you add the PXK-E pack to your profile. This parameter appears in the YAML file after you make a selection. Refer to [Configure OIDC Identity Provider](#configure-custom-oidc). |
 
 You can add cloud-init stages exposed by [Kairos](https://kairos.io/docs/architecture/cloud-init/), an open-source project. For more information, check out the [Cloud Init Stages](../clusters/edge/edge-configuration/cloud-init.md) reference.
 
@@ -818,7 +809,7 @@ You can also use pack settings described in the [Palette eXtended Kubernetes](ku
 
 The Kubeadm configuration file is where you can do the following:
 
-- Manually configure a third-party OIDC IDP. For more information, check out [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). 
+- Manually configure a third-party OIDC IDP. For more information, check out [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc).
 
 - Add a certificate for the Spectro Proxy pack if you want to use a reverse proxy with a Kubernetes cluster. For more information, refer to the [Spectro Proxy](frp.md) guide.
 
@@ -827,10 +818,12 @@ The Kubeadm configuration file is where you can do the following:
 
 The PXK-E Kubeadm configuration is updated to dynamically enable OIDC based on your IDP selection by adding the ``identityProvider`` parameter. 
 
+
 ```yaml
-palette:
+pack: 
+  palette:
    config:
-     oidc:
+    oidc:
        identityProvider: <your_idp_selection>
 ```
 
@@ -877,7 +870,7 @@ cluster:
           terminated-pod-gc-threshold: "25"
           use-service-account-credentials: "true"
       dns: {}
-      kubernetesVersion: v1.25.2
+      kubernetesVersion: v1.26.4
       etcd:
         local:
           dataDir: "/etc/kubernetes/etcd"
@@ -907,15 +900,14 @@ cluster:
           protect-kernel-defaults: "true"
           read-only-port: "0"
           tls-cipher-suites: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
-
 stages:
   initramfs:
     - sysctl:
         vm.overcommit_memory: 1
         kernel.panic: 10
         kernel.panic_on_oops: 1
       commands:
-        - "ln -s /etc/kubernetes/admin.conf /run/kubeconfig"
+        - ln -s /etc/kubernetes/admin.conf /run/kubeconfig
       files:
         - path: /etc/hosts
           permission: "0644"
@@ -1076,12 +1068,13 @@ stages:
               - level: Metadata
                 omitStages:
                   - "RequestReceived"
-                  pack:
+pack:
   palette:
     config:
       oidc:
         identityProvider: palette
-  ```
+```
+
 
 ### Configure OIDC Identity Provider
 
@@ -1094,10 +1087,10 @@ All the options require you to map a set of users or groups to a Kubernetes RBAC
 You can create a role binding that maps individual users or groups assigned within the OIDC provider's configuration to a role. To learn more, review [Use RBAC with OIDC](kubernetes-edge.md#use-rbac-with-oidc). You can also configure OIDC for virtual clusters. For guidance, refer to [Configure OIDC for a Virtual Cluster](../clusters/palette-virtual-clusters/configure-oidc-virtual-cluster.md).
 
 
-- **None**: This is the default setting and there is nothing to configure. This setting displays in the YAML file as `noauth`. 
+- **None**: This setting does not require OIDC configuration for the cluster. It displays in the YAML file as `noauth`. 
 
 
-- **Custom**: This setting allows you to specify a third-party OIDC provider by configuring OIDC statements in the Kubeadm configuration file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
+- **Custom**: This is the default setting and does not require OIDC configuration. However, if desired, it allows you to specify a third-party OIDC provider by configuring OIDC statements in the YAML file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
 
 
 - **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to log into the Kubernetes dashboard. This setting displays in the YAML file as `palette`.
@@ -1111,10 +1104,12 @@ If your IDP uses Security Assertion Markup Language (SAML) authentication, then
 
 :::
 
+
 ### Configure Custom OIDC
 
 Follow these steps to configure a third-party OIDC IDP.
 
+
 1. Add the following OIDC parameters to the `apiServer.extraArgs` section of your Kubernetes YAML file when creating a cluster profile.
 
 
@@ -1146,7 +1141,7 @@ kubeadmconfig:
 
 ### Use RBAC with OIDC
 
-You can create a role binding that uses individual users as the subject or specify a group name as the subject to map many users to a role. The group name is the group assigned in the OIDC provider's configuration. Below is an example. To learn more, review [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings).
+You can create a role binding that uses individual users as the subject or specify a group name as the subject to map many users to a role. The group name is the group assigned in the OIDC provider's configuration. Below is an example. To learn more, review [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings). 
 
 Assume you created a group named `dev-east-2` within an OIDC provider. If you configure the host cluster's Kubernetes pack with all the correct OIDC settings, you could then create a role binding for the `dev-east-2` group. 
 
@@ -1155,11 +1150,12 @@ In this example, Palette is used as the IDP, and all users in the `dev-east-2` w
 ![A subject of the type group is assigned as the subject in a RoleBinding](/clusters_cluster-management_cluster-rbac_cluster-subject-group.png)
 
 
+
 </TabItem>
 
 
 
-<TabItem label="1.24.x" value="k8s_v1.24">
+<TabItem label="1.25.x" value="k8s_v1.25">
 
 ## Prerequisites
 
@@ -1201,7 +1197,7 @@ The PXK-E Kubeadm configuration is updated to dynamically enable OIDC based on y
 ```yaml
 palette:
    config:
-     dashboard:
+     oidc:
        identityProvider: <your_idp_selection>
 ```
 
@@ -1248,7 +1244,7 @@ cluster:
           terminated-pod-gc-threshold: "25"
           use-service-account-credentials: "true"
       dns: {}
-      kubernetesVersion: v1.24.6
+      kubernetesVersion: v1.25.2
       etcd:
         local:
           dataDir: "/etc/kubernetes/etcd"
@@ -1447,9 +1443,13 @@ stages:
               - level: Metadata
                 omitStages:
                   - "RequestReceived"
+                  pack:
+  palette:
+    config:
+      oidc:
+        identityProvider: palette
   ```
 
-
 ### Configure OIDC Identity Provider
 
 The OIDC IDP feature offers the convenience of managing OIDC at the Kubernetes layer. The OIDC IDP feature is particularly useful for environments that do not have their own IDP configured. In this scenario, you can leverage Palette as an IDP without having to configure a third-party IDP. We also support the ability to take advantage of other OIDC providers by making it possible for you to configure OIDC at the tenant level. For additional flexibility, if you wish to use a different IDP than the one configured at the tenant level, you can select a different IDP by adding the OIDC configuration to your cluster profile.
@@ -1463,10 +1463,13 @@ You can create a role binding that maps individual users or groups assigned with
 
 - **None**: This is the default setting and there is nothing to configure. This setting displays in the YAML file as `noauth`. 
 
+
 - **Custom**: This setting allows you to specify a third-party OIDC provider by configuring OIDC statements in the Kubeadm configuration file as described in [Configure Custom OIDC](kubernetes-edge.md#configure-custom-oidc). This setting displays in the YAML file as `none`.
 
+
 - **Palette**: This setting makes Palette the IDP. Any user with a Palette account in the tenant and the proper permissions to view and access the project's resources is able to log into the Kubernetes dashboard. This setting displays in the YAML file as `palette`.
 
+
 - **Inherit from Tenant**: This setting allows you to apply RBAC to multiple clusters and requires you to configure OpenID Connect (OIDC) in **Tenant Settings**. In Tenant Admin scope, navigate to **Tenant Settings** > **SSO**, choose **OIDC**, and provide your third-party IDP details. This setting displays in the YAML file as `tenant`. For more information, check out the [SSO Setup](../user-management/saml-sso/enable-saml.md) guide.
 
 :::info
@@ -1475,7 +1478,6 @@ If your IDP uses Security Assertion Markup Language (SAML) authentication, then
 
 :::
 
-
 ### Configure Custom OIDC
 
 Follow these steps to configure a third-party OIDC IDP.
@@ -1509,7 +1511,6 @@ kubeadmconfig:
 
 3. Provide third-party OIDC IDP details.
 
-
 ### Use RBAC with OIDC
 
 You can create a role binding that uses individual users as the subject or specify a group name as the subject to map many users to a role. The group name is the group assigned in the OIDC provider's configuration. Below is an example. To learn more, review [Create Role Bindings](../clusters/cluster-management/cluster-rbac.md#create-role-bindings).
@@ -1521,15 +1522,14 @@ In this example, Palette is used as the IDP, and all users in the `dev-east-2` w
 ![A subject of the type group is assigned as the subject in a RoleBinding](/clusters_cluster-management_cluster-rbac_cluster-subject-group.png)
 
 
-</TabItem> 
-
+</TabItem>
 
 
 <TabItem label="Deprecated" value="deprecated">
 
 :::caution
 
-All versions less than v1.23.x are considered deprecated. Upgrade to a newer version to take advantage of new features.
+All versions less than v1.25.x are considered deprecated. Upgrade to a newer version to take advantage of new features.
 
 :::