From 226d38049eb4e529b1045b5338bd2a73b05751a6 Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Fri, 1 Dec 2023 13:45:25 -0800 Subject: [PATCH 01/13] docs: add draft for private registry and refactor the cluster update page --- .../cluster-management/cluster-updates.md | 92 +++++++++---------- .../deploy-private-registry.md | 87 ++++++++++++++++++ .../edge/site-deployment/model-profile.md | 2 +- 3 files changed, 132 insertions(+), 49 deletions(-) create mode 100644 docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md diff --git a/docs/docs-content/clusters/cluster-management/cluster-updates.md b/docs/docs-content/clusters/cluster-management/cluster-updates.md index ff65c9b123..f2cf28118b 100644 --- a/docs/docs-content/clusters/cluster-management/cluster-updates.md +++ b/docs/docs-content/clusters/cluster-management/cluster-updates.md @@ -1,80 +1,76 @@ --- -sidebar_label: "Cluster Updates" -title: "Cluster Updates" -description: "Events and Notifications on Cluster Updates" +sidebar_label: "Update a Cluster" +title: "Update a Cluster" +description: "Guide to updating a cluster in Palette." hide_table_of_contents: false sidebar_position: 20 tags: ["clusters", "cluster management"] --- -Palette supports various kinds of updates to running clusters, such as upgrade of Kubernetes version, upgrade of add-on versions, the addition of new add-ons, removing existing ones, etc. Based on the nature of the change, one of the following two mechanisms can be used to apply cluster updates to the cluster. +Palette allows you to update active clusters. You can update any layer of a cluster, including all infrastructure layers and add-on layers. Depending on the nature of the update, a cluster update could trigger different cluster repave operations. For more information, refer to [Repave Behaviors and Configurations](./node-pool.md#repave-behavior-and-configuration). -## Cluster Profile Updates +## Limitations -Fundamental changes to the cluster’s definition, such as upgrading Kubernetes versions, installing new packs, uninstalling previously installed packs, and updating default pack configuration, are initiated through the cluster profile. These changes result in update notifications on all the clusters that are instantiated from the cluster profile. Update notifications consist of detailed information about all the changes applied to the profile since the initial installation or the previous update. In addition, users can update the clusters individually at an appropriate time. +- You cannot update a cluster while its status is still **Provisioning**. -:::info +## Prerequisites -Cluster Profile Changes will not be displayed or allowed on clusters when the cluster is provisioning and all worker node additions are completed. This is done to prevent the Kubernetes clusters from becoming unstable and transitioning into an unrecoverable state due to the changes in core components. -::: +- An active Kubernetes cluster in Palette. + +## Enablement -![Cluster Notification - Update Available](/cluster_list_update_available.png) +### Update a Cluster to Use a Another Cluster Profile Version -Updates to pack configuration might result in a conflict if the configuration was previously overridden within the cluster. These conflicts are presented to the user and need to be resolved before changes can be applied to the cluster. +This is the recommended best practice for updating a cluster in Palette. +1. Log in to [Palette](https://console.spectrocloud.com). -![Cluster Update Details](/cluster_update_available_detail.png) +2. Navigate to the left **Main Menu** and select **Profiles**. +3. Create a new version of the profile you want to update. For more information, refer to [Version a Cluster Profile](../../profiles/cluster-profiles/modify-cluster-profiles/version-cluster-profile.md). +4. Navigate to the left **Main Menu** and select **Cluster**. -## Instructions +5. Select the cluster you want to update, and navigate to the **Profile** tab of the cluster. -* Navigate to the cluster profiles page and choose the profile to be updated. -* Make the desired changes. These include add/delete layers, change pack version, change pack values, etc. Save your changes. -* On the Clusters page, observe the ‘Updates Available’ tag on every previously launched cluster using the updated cluster profile. -* Click on one of the clusters to be updated to invoke the cluster details page. -* An update notification in the form of a button called ‘Updates Available’ can be seen on the right top of the screen. Click the button to open the update notifications dialog. -* A notification is created for each change made to the profile. Review all notifications. Depending on the nature of the change, additional action might be required for certain notifications. There are typical scenarios where the settings or attached manifests for a pack are directly updated on the cluster, resulting in a conflict with the new incoming changes from the profile. The updated profile settings and modified cluster settings are shown side by side for such cases, with the differences highlighted. Resolve all of the conflicts. When there has been no update to the pack settings or manifests, the incoming changes from the profile are automatically merged. A side-by-side comparison between the original and merged cluster settings is still displayed in such cases for review purposes. However, users may choose to customize settings from this dialog further. -* Once all the notifications are reviewed and conflicts, if any, are resolved, confirm updates to apply changes to the cluster. -* The system starts the update process in a few seconds. Depending upon the nature of the change, a rolling update nodes of the clusters may take place. The detailed status of the upgrade is made available at UI. -* Repeat this process for other clusters to be upgraded. +6. Next to the name of the profile, click on the version number and select the new version you just published. +7. Click **Save**. Depending on the changes you made to the profile, doing so might trigger a cluster repave warning. Click **Continue** to confirm updating the cluster. -### Examples - Update Notifications -|**Update Type** |**Description**|**Notification Example** | -|:---------------|:---------|:-----------------------| -Pack Version Upgrade |The existing pack version is upgraded to a different version in the cluster profile |Kubernetes version is updated 1.18.16 > 1.20.0| -|Pack Values Update |The existing pack values are updated in the cluster profile |Kubernetes 1.20.0 values are updated| -|Add Pack|Add a new pack to the cluster profile |New Kibana 7.2.4 layer is added| -|Delete Pack|Delete the existing pack from the cluster profile |Kibana 7.2.4 layer is deleted| -|Attach Pack Manifest|Delete the existing pack from the cluster profile |Manifest security is attached to the pack Kubernetes| -|Update Pack Manifest|The attached pack manifest content is updated in the cluster profile|manifest security is updated in the pack Kubernetes| -|Delete Pack Manifest |The attached pack manifest is deleted from the cluster profile|manifest security is deleted in the pack Kubernetes| +### Update a Cluster Profile without Publishing a New Version -:::info +You can make updates to a profile that is in-use by one or more active cluster, and doing so will trigger an update to all clusters that are using the cluster profile. For more information, refer to [Update a Cluster Profile](../../profiles/cluster-profiles/modify-cluster-profiles/update-cluster-profile.md). -Prior to applying the notifications resulting from a profile update, the notification is automatically cleared if the corresponding changes are reverted. - +:::caution +We do not recommend updating a currently deployed cluster profile version to push out changes. Instead, we recommend creating a new profile version, and then upgrade active clusters to the new version. ::: +### Override Cluster Profile Configurations + +You can modify the configuration of a deployed cluster without changing the cluster profile itself to update a cluster. + +:::caution +We do not recommend updating a currently deployed cluster's profile configurations without updating the profile itself. Instead, we recommend creating a new profile version, and then upgrade active clusters to the new version. +::: + +1. Log in to [Palette](https://console.spectrocloud.com). + +2. Navigate to the left **Main Menu** and select **Clusters**. + +3. Select the cluster you want to update, and navigate to the **Profile** tab of the cluster. + +4. In the profile tab, make changes to the different layers as appropriate. The changes you make here are specific to this cluster only and do not propagate to the cluster profile or other clusters using the same profile. -### Examples - Notification settings +5. Click **Save** to confirm your changes. Acknowledge the cluster repave warning if necessary. -As described above, notifications originate from changes to pack settings or manifest. They are accompanied by a settings dialog with a split pane showing differences in values. Following are a few examples of such scenarios: +## Validation -|Values Updated |Values overridden in Clusters |Settings displayed (LHS) |Settings displayed (RHS) |Auto Merged | Action | -|:---------------|:---------|:--------------------|:--------|:-------|:--------| -|Pack Values|No|Original pack settings| Updated pack settings| Yes| Review and/or modify if desired| -|Attached Manifests|No|Original Manifests| Updated Manifests| Yes| Review and/or modify if desired| -|Pack Values|Yes|Updated settings from Cluster Profile| Current settings from cluster| No| Resolve all conflicts| -|Attached Manifests|Yes|Updated settings from Cluster Profile| Current settings from cluster| No| Resolve all conflicts| -|Pack Version Changed|No|Original pack settings| Updated pack settings| Yes| Review and/or modify if desired| -|Pack Version Changed|Yes|Updated settings from Cluster Profile| Current settings from cluster| No| Resolve all conflicts| +1. Log in to [Palette](https://console.spectrocloud.com). -## Configuration overrides +2. Navigate to the left **Main Menu** and select **Clusters**. -Every pack installed via cluster profile provides a set of out-of-the-box default settings. These can be overridden at the time of launching a new cluster or any time afterward for a running cluster. Besides basic defaults, Palette also provides useful presets. Presets are preconfigured configuration blocks logically grouped. Can leverage these to turn a feature on/off quickly. For example, enabling ingress for a Prometheus/Grafana pack requires many settings to be added. However, the Ingres preset for the Prometheus pack makes it easy to make this change. +3. Select the cluster you updated, and navigate to the **Profile** tab of the cluster. -![Cluster Update Details](/cluster_config_override.png) \ No newline at end of file +4. Confirm that the cluster is now using an updated profile. \ No newline at end of file diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md new file mode 100644 index 0000000000..a1a485e3f5 --- /dev/null +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -0,0 +1,87 @@ +--- +sidebar_label: "Deploy Cluster with Private Registry" +title: "Deploy Cluster with Private Registry" +description: "Instructions for creating an Edge Native Cluster Profile" +hide_table_of_contents: false +sidebar_position: 0 +tags: ["edge"] +--- + +Palette Edge supports authentication with private image registries, which allows your cluster to pull images from a private registry during deployment. You can configure your cluster to pull images from a private registry both during cluster creation and cluster repave. To configure a cluster to pull images from a private image registry, provide the registry URL and the credentials needed to authenticate with the registry in the cluster profile. + + +## Limitations + +- A cluster cannot pull images from more than one private registry. + +- Once you have configured a cluster to use one certificate during authentication with the private registry, you will not be able to change that certificate. + +## Prerequisites + +- At least one Edge host with x86_64 or AMD64 processor architecture. + +- A private registry that stores the provider image you created in the EdgeForge process. For more information, refer to [Build Artifacts](../edgeforge-workflow/palette-canvos.md). + +## Enablement + +1. Log in to [Palette](https://console.spectrocloud.com). + +2. Navigate to the left **Main Menu** and select **Profiles**. + +3. If you already have a cluster profile you want to deploy the cluster with, select that profile and select **Create new version** to create a new version of the profile to save your changes. + + Otherwise, click **Add new profile** to create a new + +4. Select the OS layer of your cluster profile. If you are creating a new profile, you will get to configuring the OS layer after filling out **Basic Information** and **Cloud Type**. + +5. Update the `system.uri` parameter in the pack editor for your OS layer. Use the custom OS image you created in the EdgeForge process. Refer to the EdgeForge [Build Images](../edgeforge-workflow/palette-canvos.md) guide if you are missing a custom OS image. The following is an example configuration using a custom OS image. + + ```yaml + pack: + content: + images: + - image: '{{.spectro.pack.edge-native-byoi.options.system.uri}}' + # - image: example.io/my-other-images/example:v1.0.0 + # - image: example.io/my-super-other-images/example:v1.0.0 + + options: + system.uri: example.io/my-images/example-custom-os:v1.4.5 + ``` + +6. At the root level of YAML for your OS layer, add the `providerCredentials` field to provide the credentials you need to authenticate with your registry: + + ```yaml {7-16} + pack: + content: + images: + - image: '{{.spectro.pack.edge-native-byoi.options.system.uri}}' + # - image: example.io/my-other-images/example:v1.0.0 + # - image: example.io/my-super-other-images/example:v1.0.0 + providerCredentials: + registry: domain/project + user: user + password: ****** + certificates: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIRANtGPo/hFkZtYRNw0KaeW54wDQYJKoZIhvcNAQELBQAw + ---------------------------------------------------------------- + 7OicCaV35lje5FSl0owu74ghAlCgMyAdKsJf615g1kKO4V5E2BMErd9Ibw== + -----END CERTIFICATE----- + + options: + system.uri: example.io/my-images/example-custom-os:v1.4.5 + ``` + +7. If you are updating an existing profile, click **Confirm changes**, and then click **Save changes** to publish the new version of your cluster profile. If you are creating a new profile, click **Next layer** and finish configuring the remaining layers. + +8. If you already have an active cluster that is using the original version of the cluster profile, update the cluster so that it uses the new version of the cluster profile you just published. This will trigger a full cluster repave since it includes an update to the OS layer of the cluster. During the repave, the cluster will pull images from the private registry you specified in the new profile version. For more information about cluster repave behavior, refer to [Repave Behavior and Configuration](../../cluster-management/node-pool.md#repave-behavior-and-configuration). + + If you don't have an active cluster yet, deploy a new cluster with the profile you just created, and the cluster will pull images from the private registry you specified. + +## Validate + +1. Log in to [Palette](https://console.spectrocloud.com). + +2. Navigate to the left **Main Menu** and select **Clusters**. + +3. Select the new \ No newline at end of file diff --git a/docs/docs-content/clusters/edge/site-deployment/model-profile.md b/docs/docs-content/clusters/edge/site-deployment/model-profile.md index 5d170fc9dd..c1ea5af800 100644 --- a/docs/docs-content/clusters/edge/site-deployment/model-profile.md +++ b/docs/docs-content/clusters/edge/site-deployment/model-profile.md @@ -57,7 +57,7 @@ The following steps will guide you on how to create a cluster profile for Edge. 6. Select **Edge Native** as the **Cloud Type** and click on **Next**. -7. Select **Public Repo** in the **Registry field**. +7. Select either **Public Repo** or **Palette Registry (OCI)** in the **Registry field**. 8. Select **BYOS Edge OS** in the **Pack Name** field and the pack version. From c758b8b5fef5e39c031c7f6a3dc64d046d92275e Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Fri, 1 Dec 2023 14:54:55 -0800 Subject: [PATCH 02/13] docs: add limitations --- .../edge/site-deployment/deploy-private-registry.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index a1a485e3f5..014dafde3e 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -14,7 +14,9 @@ Palette Edge supports authentication with private image registries, which allows - A cluster cannot pull images from more than one private registry. -- Once you have configured a cluster to use one certificate during authentication with the private registry, you will not be able to change that certificate. +- If your private registry has TLS enabled, you can only configure a new cluster to use a TLS certificate with a private registry. You cannot configure an existing cluster with a TLS certificate to communicate with your existing registry. + +- Palette Edge supports basic username/password authentication. Token authentication schemes used by services such as AWS ECR and Google Container Registry are not supported. ## Prerequisites @@ -48,7 +50,7 @@ Palette Edge supports authentication with private image registries, which allows system.uri: example.io/my-images/example-custom-os:v1.4.5 ``` -6. At the root level of YAML for your OS layer, add the `providerCredentials` field to provide the credentials you need to authenticate with your registry: +6. At the root level of YAML for your OS layer, add the `providerCredentials` field to provide the credentials you need to authenticate with your registry. The `providerCredentials.password` field will be masked when you provide it in the YAML file: ```yaml {7-16} pack: @@ -84,4 +86,6 @@ Palette Edge supports authentication with private image registries, which allows 2. Navigate to the left **Main Menu** and select **Clusters**. -3. Select the new \ No newline at end of file +3. Select the cluster that is using the profile with the registry credentials. + +4. Navigate to the **Profile** tab of the cluster to confirm that the cluster is pulling images the private registry. \ No newline at end of file From 6259c7564ae6fafd9757709e3964adb908d561ea Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Fri, 1 Dec 2023 15:17:07 -0800 Subject: [PATCH 03/13] docs: minor grammer tweaking --- .../clusters/edge/site-deployment/deploy-private-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index 014dafde3e..1268cd515a 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -7,7 +7,7 @@ sidebar_position: 0 tags: ["edge"] --- -Palette Edge supports authentication with private image registries, which allows your cluster to pull images from a private registry during deployment. You can configure your cluster to pull images from a private registry both during cluster creation and cluster repave. To configure a cluster to pull images from a private image registry, provide the registry URL and the credentials needed to authenticate with the registry in the cluster profile. +Palette Edge supports authentication with private image registries, which allows your cluster to pull images from a private registry during deployment. You can configure your cluster to pull images from a private registry for both cluster creation and cluster repave. To configure a cluster to pull images from a private image registry, provide the registry URL and the credentials needed to authenticate with the registry in the cluster profile. ## Limitations From 985052415a32fce8865493b398fe69ef7a2c91ed Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Mon, 4 Dec 2023 10:16:54 -0800 Subject: [PATCH 04/13] docs: add the note on registry credentials --- .../edge/site-deployment/deploy-private-registry.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index 1268cd515a..b431a923b2 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -1,9 +1,9 @@ --- -sidebar_label: "Deploy Cluster with Private Registry" -title: "Deploy Cluster with Private Registry" +sidebar_label: "Deploy Cluster with a Private Registry" +title: "Deploy Cluster with a Private Registry" description: "Instructions for creating an Edge Native Cluster Profile" hide_table_of_contents: false -sidebar_position: 0 +sidebar_position: 60 tags: ["edge"] --- @@ -18,6 +18,8 @@ Palette Edge supports authentication with private image registries, which allows - Palette Edge supports basic username/password authentication. Token authentication schemes used by services such as AWS ECR and Google Container Registry are not supported. +- If you have specified registry credentials in the `registryCredentials` field in the user data file during the EdgeForge process, the credentials provided in the cluster profile will be ignored. For more information, refer to [EdgeForge - Build Artifacts](../edgeforge-workflow/palette-canvos.md). + ## Prerequisites - At least one Edge host with x86_64 or AMD64 processor architecture. From 8b92749115ef1edaea84982e387ad631d8c20178 Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Mon, 4 Dec 2023 10:43:52 -0800 Subject: [PATCH 05/13] docs: clarify steps and prereqs --- .../edge/edgeforge-workflow/palette-canvos.md | 4 ++++ .../edge/site-deployment/deploy-private-registry.md | 12 +++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos.md b/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos.md index 46a27ea18f..7424dd11e9 100644 --- a/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos.md +++ b/docs/docs-content/clusters/edge/edgeforge-workflow/palette-canvos.md @@ -634,6 +634,10 @@ Using the `-y` option with the `sudo zypper install` command is critical to succ EOF ``` + :::info + If you need to pull images from a private image registry, you can supply the credentials for the registry in the user data file in the `registryCredentials` field or in the cluster profile. Credentials specified in **user-data** overwrites the credentials provided in the cluster profile. To learn how to provide credentials in cluster profiles, refer to [Deploy Cluster with a Private Registry](../site-deployment/deploy-private-registry.md). + ::: + View the newly created user data file to ensure the token is set correctly. ```bash diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index b431a923b2..7a7a05367b 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -14,9 +14,9 @@ Palette Edge supports authentication with private image registries, which allows - A cluster cannot pull images from more than one private registry. -- If your private registry has TLS enabled, you can only configure a new cluster to use a TLS certificate with a private registry. You cannot configure an existing cluster with a TLS certificate to communicate with your existing registry. +- If your private registry has TLS enabled, you can only configure a new cluster to use a TLS certificate with a private registry. You cannot configure an existing cluster with a TLS certificate to communicate with your private registry. -- Palette Edge supports basic username/password authentication. Token authentication schemes used by services such as AWS ECR and Google Container Registry are not supported. +- Palette Edge supports basic username/password authentication. Token authentication schemes used by services such as AWS ECR and Google Artifact Registry are not supported. - If you have specified registry credentials in the `registryCredentials` field in the user data file during the EdgeForge process, the credentials provided in the cluster profile will be ignored. For more information, refer to [EdgeForge - Build Artifacts](../edgeforge-workflow/palette-canvos.md). @@ -24,7 +24,9 @@ Palette Edge supports authentication with private image registries, which allows - At least one Edge host with x86_64 or AMD64 processor architecture. -- A private registry that stores the provider image you created in the EdgeForge process. For more information, refer to [Build Artifacts](../edgeforge-workflow/palette-canvos.md). +- A private image registry. + +- A provider image you created in the EdgeForge process stored in your private image registry. For more information, refer to [Build Artifacts](../edgeforge-workflow/palette-canvos.md). ## Enablement @@ -34,7 +36,7 @@ Palette Edge supports authentication with private image registries, which allows 3. If you already have a cluster profile you want to deploy the cluster with, select that profile and select **Create new version** to create a new version of the profile to save your changes. - Otherwise, click **Add new profile** to create a new + Otherwise, click **Add new profile** to create a new cluster profile. 4. Select the OS layer of your cluster profile. If you are creating a new profile, you will get to configuring the OS layer after filling out **Basic Information** and **Cloud Type**. @@ -78,7 +80,7 @@ Palette Edge supports authentication with private image registries, which allows 7. If you are updating an existing profile, click **Confirm changes**, and then click **Save changes** to publish the new version of your cluster profile. If you are creating a new profile, click **Next layer** and finish configuring the remaining layers. -8. If you already have an active cluster that is using the original version of the cluster profile, update the cluster so that it uses the new version of the cluster profile you just published. This will trigger a full cluster repave since it includes an update to the OS layer of the cluster. During the repave, the cluster will pull images from the private registry you specified in the new profile version. For more information about cluster repave behavior, refer to [Repave Behavior and Configuration](../../cluster-management/node-pool.md#repave-behavior-and-configuration). +8. If you already have an active cluster that is using the original version of the cluster profile, update the cluster so that it uses the new version of the cluster profile you just published. This will trigger a full cluster repave since it includes an update to the OS layer of the cluster. For more information about cluster repave behavior, refer to [Repave Behavior and Configuration](../../cluster-management/node-pool.md#repave-behavior-and-configuration). If you don't have an active cluster yet, deploy a new cluster with the profile you just created, and the cluster will pull images from the private registry you specified. From 47b875c17ae22ffb2a72d24cf9e8fa007ce7c562 Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Mon, 4 Dec 2023 10:49:32 -0800 Subject: [PATCH 06/13] docs: add link to update cluster --- .../docs-content/clusters/cluster-management/cluster-updates.md | 2 +- .../clusters/edge/site-deployment/deploy-private-registry.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs-content/clusters/cluster-management/cluster-updates.md b/docs/docs-content/clusters/cluster-management/cluster-updates.md index f2cf28118b..7ea1f1f2cb 100644 --- a/docs/docs-content/clusters/cluster-management/cluster-updates.md +++ b/docs/docs-content/clusters/cluster-management/cluster-updates.md @@ -41,7 +41,7 @@ This is the recommended best practice for updating a cluster in Palette. ### Update a Cluster Profile without Publishing a New Version -You can make updates to a profile that is in-use by one or more active cluster, and doing so will trigger an update to all clusters that are using the cluster profile. For more information, refer to [Update a Cluster Profile](../../profiles/cluster-profiles/modify-cluster-profiles/update-cluster-profile.md). +You can make updates to a profile that is in-use by one or more active clusters, and doing so will trigger an update to all clusters that are using the cluster profile. For more information, refer to [Update a Cluster Profile](../../profiles/cluster-profiles/modify-cluster-profiles/update-cluster-profile.md). :::caution We do not recommend updating a currently deployed cluster profile version to push out changes. Instead, we recommend creating a new profile version, and then upgrade active clusters to the new version. diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index 7a7a05367b..6229d09724 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -80,7 +80,7 @@ Palette Edge supports authentication with private image registries, which allows 7. If you are updating an existing profile, click **Confirm changes**, and then click **Save changes** to publish the new version of your cluster profile. If you are creating a new profile, click **Next layer** and finish configuring the remaining layers. -8. If you already have an active cluster that is using the original version of the cluster profile, update the cluster so that it uses the new version of the cluster profile you just published. This will trigger a full cluster repave since it includes an update to the OS layer of the cluster. For more information about cluster repave behavior, refer to [Repave Behavior and Configuration](../../cluster-management/node-pool.md#repave-behavior-and-configuration). +8. If you already have an active cluster that is using the original version of the cluster profile, update the cluster so that it uses the new version of the cluster profile you just published. For more information about updating clusters, refer to [Update a Cluster](../../cluster-management/cluster-updates.md). This will trigger a full cluster repave since it includes an update to the OS layer of the cluster. To learn more about cluster repave behavior, refer to [Repave Behavior and Configuration](../../cluster-management/node-pool.md#repave-behavior-and-configuration). If you don't have an active cluster yet, deploy a new cluster with the profile you just created, and the cluster will pull images from the private registry you specified. From e8e5017c24108f552b90e7b30e23ba11c7640f3d Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Mon, 4 Dec 2023 13:03:04 -0800 Subject: [PATCH 07/13] docs: move note about registry credentials to warning --- .../edge/site-deployment/deploy-private-registry.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index 6229d09724..83941f2b30 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -9,6 +9,9 @@ tags: ["edge"] Palette Edge supports authentication with private image registries, which allows your cluster to pull images from a private registry during deployment. You can configure your cluster to pull images from a private registry for both cluster creation and cluster repave. To configure a cluster to pull images from a private image registry, provide the registry URL and the credentials needed to authenticate with the registry in the cluster profile. +:::caution +If you have specified registry credentials in the `registryCredentials` field in the user data file during the EdgeForge process, the credentials provided in the cluster profile will be ignored. For more information, refer to [EdgeForge - Build Artifacts](../edgeforge-workflow/palette-canvos.md). +::: ## Limitations @@ -18,11 +21,9 @@ Palette Edge supports authentication with private image registries, which allows - Palette Edge supports basic username/password authentication. Token authentication schemes used by services such as AWS ECR and Google Artifact Registry are not supported. -- If you have specified registry credentials in the `registryCredentials` field in the user data file during the EdgeForge process, the credentials provided in the cluster profile will be ignored. For more information, refer to [EdgeForge - Build Artifacts](../edgeforge-workflow/palette-canvos.md). - ## Prerequisites -- At least one Edge host with x86_64 or AMD64 processor architecture. +- At least one Edge host with an x86_64 or AMD64 processor architecture. - A private image registry. From bfb83c39cfbf4552473f45f44f94bf450e74aca5 Mon Sep 17 00:00:00 2001 From: Lenny Chen <55669665+lennessyy@users.noreply.github.com> Date: Mon, 4 Dec 2023 15:04:18 -0800 Subject: [PATCH 08/13] Apply suggestions from code review Co-authored-by: Karl Cardenas --- .../clusters/edge/site-deployment/deploy-private-registry.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index 83941f2b30..69bb547e01 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -7,7 +7,7 @@ sidebar_position: 60 tags: ["edge"] --- -Palette Edge supports authentication with private image registries, which allows your cluster to pull images from a private registry during deployment. You can configure your cluster to pull images from a private registry for both cluster creation and cluster repave. To configure a cluster to pull images from a private image registry, provide the registry URL and the credentials needed to authenticate with the registry in the cluster profile. +Palette Edge supports authentication with private image registries, which allows your cluster to pull images from a private registry during deployment. You can configure your cluster to pull images from a private registry for both cluster creation and cluster updates. To configure a cluster to pull images from a private image registry, provide the registry URL and the credentials needed to authenticate with the registry in the cluster profile. :::caution If you have specified registry credentials in the `registryCredentials` field in the user data file during the EdgeForge process, the credentials provided in the cluster profile will be ignored. For more information, refer to [EdgeForge - Build Artifacts](../edgeforge-workflow/palette-canvos.md). @@ -41,7 +41,7 @@ If you have specified registry credentials in the `registryCredentials` field in 4. Select the OS layer of your cluster profile. If you are creating a new profile, you will get to configuring the OS layer after filling out **Basic Information** and **Cloud Type**. -5. Update the `system.uri` parameter in the pack editor for your OS layer. Use the custom OS image you created in the EdgeForge process. Refer to the EdgeForge [Build Images](../edgeforge-workflow/palette-canvos.md) guide if you are missing a custom OS image. The following is an example configuration using a custom OS image. +5. Update the `system.uri` parameter in the pack editor for your OS layer. Use the custom OS image you created in the EdgeForge process. Refer to the EdgeForge [Build Images](../edgeforge-workflow/palette-canvos.md) guide if you are missing a custom OS image. The following is an example configuration using the Bring Your Own Operating System (BYOOS) pack with a custom OS image. ```yaml pack: From 5891ee9858082fa7ab3b40020487773d6e09cc15 Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Mon, 4 Dec 2023 16:43:13 -0800 Subject: [PATCH 09/13] docs: address feedback --- .../cluster-management/cluster-updates.md | 50 +++++++++++++++++-- .../deploy-private-registry.md | 8 +-- 2 files changed, 51 insertions(+), 7 deletions(-) diff --git a/docs/docs-content/clusters/cluster-management/cluster-updates.md b/docs/docs-content/clusters/cluster-management/cluster-updates.md index 7ea1f1f2cb..16c9402531 100644 --- a/docs/docs-content/clusters/cluster-management/cluster-updates.md +++ b/docs/docs-content/clusters/cluster-management/cluster-updates.md @@ -20,7 +20,8 @@ Palette allows you to update active clusters. You can update any layer of a clus ## Enablement -### Update a Cluster to Use a Another Cluster Profile Version + + This is the recommended best practice for updating a cluster in Palette. @@ -38,8 +39,9 @@ This is the recommended best practice for updating a cluster in Palette. 7. Click **Save**. Depending on the changes you made to the profile, doing so might trigger a cluster repave warning. Click **Continue** to confirm updating the cluster. + -### Update a Cluster Profile without Publishing a New Version + You can make updates to a profile that is in-use by one or more active clusters, and doing so will trigger an update to all clusters that are using the cluster profile. For more information, refer to [Update a Cluster Profile](../../profiles/cluster-profiles/modify-cluster-profiles/update-cluster-profile.md). @@ -47,7 +49,10 @@ You can make updates to a profile that is in-use by one or more active clusters, We do not recommend updating a currently deployed cluster profile version to push out changes. Instead, we recommend creating a new profile version, and then upgrade active clusters to the new version. ::: -### Override Cluster Profile Configurations + + + + You can modify the configuration of a deployed cluster without changing the cluster profile itself to update a cluster. @@ -65,12 +70,49 @@ We do not recommend updating a currently deployed cluster's profile configuratio 5. Click **Save** to confirm your changes. Acknowledge the cluster repave warning if necessary. + + + ## Validation + + + +1. Log in to [Palette](https://console.spectrocloud.com). + +2. Navigate to the left **Main Menu** and select **Clusters**. + +3. Select the cluster you updated, and navigate to the **Profile** tab of the cluster. + +4. Confirm that the cluster is now using an updated profile. + + + + + 1. Log in to [Palette](https://console.spectrocloud.com). 2. Navigate to the left **Main Menu** and select **Clusters**. 3. Select the cluster you updated, and navigate to the **Profile** tab of the cluster. -4. Confirm that the cluster is now using an updated profile. \ No newline at end of file +4. Confirm that the cluster is now using an updated profile. + + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + +2. Navigate to the left **Main Menu** and select **Clusters**. + +3. Select the cluster you updated, and navigate to the **Profile** tab of the cluster. + +4. Confirm that the cluster is now using an updated profile. + + + + + + + diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index 69bb547e01..3beffe42ad 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -10,7 +10,7 @@ tags: ["edge"] Palette Edge supports authentication with private image registries, which allows your cluster to pull images from a private registry during deployment. You can configure your cluster to pull images from a private registry for both cluster creation and cluster updates. To configure a cluster to pull images from a private image registry, provide the registry URL and the credentials needed to authenticate with the registry in the cluster profile. :::caution -If you have specified registry credentials in the `registryCredentials` field in the user data file during the EdgeForge process, the credentials provided in the cluster profile will be ignored. For more information, refer to [EdgeForge - Build Artifacts](../edgeforge-workflow/palette-canvos.md). +If you have specified registry credentials in the `registryCredentials` field in the user data file during the EdgeForge process, the credentials provided in the cluster profile will be ignored. For more information, refer to [EdgeForge - Build Artifacts](../edgeforge-workflow/palette-canvos.md) and [Installer Configuration](../edge-configuration/installer-reference.md#external-registry). ::: ## Limitations @@ -55,7 +55,7 @@ If you have specified registry credentials in the `registryCredentials` field in system.uri: example.io/my-images/example-custom-os:v1.4.5 ``` -6. At the root level of YAML for your OS layer, add the `providerCredentials` field to provide the credentials you need to authenticate with your registry. The `providerCredentials.password` field will be masked when you provide it in the YAML file: +6. At the root level of YAML for your OS layer, add the `providerCredentials` field to provide the credentials you need to authenticate with your registry. The `providerCredentials.password` field will be masked when you provide it in the YAML file. You can also use a macro to store your credentials instead of providing it directly in the YAML file. For more information, refer to [Macros Support](../../cluster-management/macros.md): ```yaml {7-16} pack: @@ -93,4 +93,6 @@ If you have specified registry credentials in the `registryCredentials` field in 3. Select the cluster that is using the profile with the registry credentials. -4. Navigate to the **Profile** tab of the cluster to confirm that the cluster is pulling images the private registry. \ No newline at end of file +4. Navigate to the **Events** tab of the cluster to see if the cluster is instructed pull images from the private registry. + +5. If the cluster is successfully provisioned and enters the **Running** state, then you have successfully configured the cluster to authenticate with and pull images from the private registry. If the cluster does not enter the **Running** state, navigate to the **Events** table and observe if the cluster is emitting errors related to image pulls. \ No newline at end of file From 9a8d795b3eece238b10bf818411f1ddb560e8cbf Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Wed, 6 Dec 2023 12:28:03 -0800 Subject: [PATCH 10/13] docs: add parameters to byoos pack page --- docs/docs-content/integrations/byoos.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/docs-content/integrations/byoos.md b/docs/docs-content/integrations/byoos.md index 412d42e435..b98f17ca15 100644 --- a/docs/docs-content/integrations/byoos.md +++ b/docs/docs-content/integrations/byoos.md @@ -21,12 +21,13 @@ Using your custom OS provides several benefits, including the ability to control ## Versions Supported -**1.0.x** -
- + + + + ## Prerequisites @@ -51,8 +52,10 @@ The BYOS Edge OS pack supports the following parameters. | `pack.content.images` | Specifies a list of OS images to use with the pack. | list | | `pack.content.images.image` | An OS image to use with the pack. | string| | `system.uri` | The system URI specifies the location of BYOOS image. | string| - - +| `providerCredentials.registry` | Specifies the private registry for the cluster to pull images from | string | +| `providerCredentials.username` | Specifies the username used for authentication with a private registry. | string | +| `providerCredentials.password` | Specifies the password used for authentication with a private registry. | string | +| `providerCredentials.certificate` | Specifies the certificate used for authentication and encryption with a private registry | string | ```yaml pack: @@ -83,6 +86,9 @@ Select the BYOOS pack and fill out the required parameters during the cluster pr + + + ## Prerequisites To use the non-Edge BYOOS pack, you must have the following: From 1fd03f148ed1e2f251daa9de59d04e916c237cdc Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Thu, 7 Dec 2023 10:21:37 -0800 Subject: [PATCH 11/13] docs: address review comments --- .../edge/site-deployment/deploy-private-registry.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md index 3beffe42ad..7fefbcf6bf 100644 --- a/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md +++ b/docs/docs-content/clusters/edge/site-deployment/deploy-private-registry.md @@ -17,7 +17,7 @@ If you have specified registry credentials in the `registryCredentials` field in - A cluster cannot pull images from more than one private registry. -- If your private registry has TLS enabled, you can only configure a new cluster to use a TLS certificate with a private registry. You cannot configure an existing cluster with a TLS certificate to communicate with your private registry. +- If your private registry has TLS enabled, you can only configure a _new_ cluster to use a TLS certificate with a private registry. You cannot configure an existing cluster with a TLS certificate to communicate with your private registry. - Palette Edge supports basic username/password authentication. Token authentication schemes used by services such as AWS ECR and Google Artifact Registry are not supported. @@ -35,13 +35,13 @@ If you have specified registry credentials in the `registryCredentials` field in 2. Navigate to the left **Main Menu** and select **Profiles**. -3. If you already have a cluster profile you want to deploy the cluster with, select that profile and select **Create new version** to create a new version of the profile to save your changes. +3. If you already have an Edge cluster profile you want to deploy the cluster with, select that profile and select **Create new version** to create a new version of the profile to save your changes. Otherwise, click **Add new profile** to create a new cluster profile. -4. Select the OS layer of your cluster profile. If you are creating a new profile, you will get to configuring the OS layer after filling out **Basic Information** and **Cloud Type**. +4. Select the OS layer of your cluster profile. If you are creating a new profile, you will get to configuring the OS layer after filling out **Basic Information** and **Cloud Type**. You should choose the Bring Your Own OS (BYOOS) pack for your OS layer. -5. Update the `system.uri` parameter in the pack editor for your OS layer. Use the custom OS image you created in the EdgeForge process. Refer to the EdgeForge [Build Images](../edgeforge-workflow/palette-canvos.md) guide if you are missing a custom OS image. The following is an example configuration using the Bring Your Own Operating System (BYOOS) pack with a custom OS image. +5. Update the `system.uri` parameter in the pack editor for your OS layer. Use the custom OS image you created in the EdgeForge process. Refer to the EdgeForge [Build Images](../edgeforge-workflow/palette-canvos.md) guide if you are missing a custom OS image. The following is an example configuration using the BYOOS pack with a custom OS image. ```yaml pack: @@ -55,7 +55,7 @@ If you have specified registry credentials in the `registryCredentials` field in system.uri: example.io/my-images/example-custom-os:v1.4.5 ``` -6. At the root level of YAML for your OS layer, add the `providerCredentials` field to provide the credentials you need to authenticate with your registry. The `providerCredentials.password` field will be masked when you provide it in the YAML file. You can also use a macro to store your credentials instead of providing it directly in the YAML file. For more information, refer to [Macros Support](../../cluster-management/macros.md): +6. At the root level of YAML for your OS layer, add the `providerCredentials` field to provide the credentials you need to authenticate with your registry. For more information about the `providerCredentials` field, refer to [Bring Your Own OS (BYOOS)](../../../integrations/byoos.md) pack page. The `providerCredentials.password` field will be masked when you provide it in the YAML file. You can also use a macro to store your credentials instead of providing it directly in the YAML file. For more information, refer to [Macros Support](../../cluster-management/macros.md): ```yaml {7-16} pack: @@ -93,6 +93,6 @@ If you have specified registry credentials in the `registryCredentials` field in 3. Select the cluster that is using the profile with the registry credentials. -4. Navigate to the **Events** tab of the cluster to see if the cluster is instructed pull images from the private registry. +4. Navigate to the **Events** tab of the cluster to confirm if the cluster is instructed pull images from the private registry. 5. If the cluster is successfully provisioned and enters the **Running** state, then you have successfully configured the cluster to authenticate with and pull images from the private registry. If the cluster does not enter the **Running** state, navigate to the **Events** table and observe if the cluster is emitting errors related to image pulls. \ No newline at end of file From f8883e88aefa4f160ac429c417899c4e73928dc0 Mon Sep 17 00:00:00 2001 From: Lenny Chen Date: Thu, 7 Dec 2023 10:58:36 -0800 Subject: [PATCH 12/13] docs: add provider credentials to example --- docs/docs-content/integrations/byoos.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/docs-content/integrations/byoos.md b/docs/docs-content/integrations/byoos.md index b98f17ca15..a93a5874fa 100644 --- a/docs/docs-content/integrations/byoos.md +++ b/docs/docs-content/integrations/byoos.md @@ -64,6 +64,17 @@ The BYOS Edge OS pack supports the following parameters. - image: '{{.spectro.pack.edge-native-byoi.options.system.uri}}' # - image: example.io/my-other-images/example:v1.0.0 # - image: example.io/my-super-other-images/example:v1.0.0 + providerCredentials: + registry: domain/project + user: user + password: ****** + certificates: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIRANtGPo/hFkZtYRNw0KaeW54wDQYJKoZIhvcNAQELBQAw + ---------------------------------------------------------------- + 7OicCaV35lje5FSl0owu74ghAlCgMyAdKsJf615g1kKO4V5E2BMErd9Ibw== + -----END CERTIFICATE----- + options: system.uri: example.io/my-images/example-custom-os:v1.4.5 From 5b6df1aec9d7d856e722ffc322dc65a296b9ae82 Mon Sep 17 00:00:00 2001 From: Lenny Chen <55669665+lennessyy@users.noreply.github.com> Date: Thu, 7 Dec 2023 12:56:19 -0800 Subject: [PATCH 13/13] Update docs/docs-content/integrations/byoos.md Co-authored-by: Karl Cardenas --- docs/docs-content/integrations/byoos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs-content/integrations/byoos.md b/docs/docs-content/integrations/byoos.md index a93a5874fa..598e90e93e 100644 --- a/docs/docs-content/integrations/byoos.md +++ b/docs/docs-content/integrations/byoos.md @@ -55,7 +55,7 @@ The BYOS Edge OS pack supports the following parameters. | `providerCredentials.registry` | Specifies the private registry for the cluster to pull images from | string | | `providerCredentials.username` | Specifies the username used for authentication with a private registry. | string | | `providerCredentials.password` | Specifies the password used for authentication with a private registry. | string | -| `providerCredentials.certificate` | Specifies the certificate used for authentication and encryption with a private registry | string | +| `providerCredentials.certificate` | Specifies the X509 certificate used for authentication and encryption with a private registry | string | ```yaml pack: