Merge branch 'main' into dx/sc-118600/add-replicated-values-schema

Author: paigecalvert

.github/workflows/algolia-crawl.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check out code 🛎d
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       # when scraping the site, inject secrets as environment variables
       # then pass their values into the Docker container using "-e" syntax
       # and inject config.json contents as another variable

.github/workflows/app-manager-release-notes.yml

@@ -11,7 +11,7 @@ jobs:
   generate-release-notes-pr:
     runs-on: ubuntu-20.04
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Generate Release Notes
       id: release-notes
@@ -38,7 +38,7 @@ jobs:
         rm -rf /tmp/release-notes.txt
 
     - name: Create Pull Request # creates a PR if there are differences
-      uses: peter-evans/create-pull-request@v3
+      uses: peter-evans/create-pull-request@v7
       id: cpr
       with:
         token: ${{ secrets.REPLICATED_GH_PAT }}
@@ -55,7 +55,7 @@ jobs:
         echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
 
     - name: Slack Notification
-      uses: slackapi/slack-github-action@v1.16.0
+      uses: slackapi/slack-github-action@v2.0.0
       with: 
         payload: |
           {

.github/workflows/auto-label.yml

@@ -8,7 +8,7 @@ jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.DOCS_GH_PAT }}
           script: |

.github/workflows/kubernetes-installer-release-notes.yml

@@ -11,7 +11,7 @@ jobs:
   generate-release-notes-pr:
     runs-on: ubuntu-20.04
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Generate Release Notes
       id: release-notes
@@ -38,7 +38,7 @@ jobs:
         rm -rf /tmp/release-notes.txt
 
     - name: Create Pull Request # creates a PR if there are differences
-      uses: peter-evans/create-pull-request@v3
+      uses: peter-evans/create-pull-request@v7
       id: cpr
       with:
         token: ${{ secrets.REPLICATED_GH_PAT }}
@@ -55,7 +55,7 @@ jobs:
         echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
 
     - name: Slack Notification
-      uses: slackapi/slack-github-action@v1.16.0
+      uses: slackapi/slack-github-action@v2.0.0
       with: 
         payload: |
           {

.github/workflows/replicated-sdk-release-notes.yml

@@ -14,7 +14,7 @@ jobs:
   generate-release-notes-pr:
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Generate Release Notes
       id: release-notes
@@ -42,7 +42,7 @@ jobs:
         rm -rf /tmp/release-notes.txt
 
     - name: Create Pull Request # creates a PR if there are differences
-      uses: peter-evans/create-pull-request@v3
+      uses: peter-evans/create-pull-request@v7
       id: cpr
       with:
         token: ${{ secrets.REPLICATED_GH_PAT }}
@@ -59,7 +59,7 @@ jobs:
         echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
 
     - name: Slack Notification
-      uses: slackapi/slack-github-action@v1.16.0
+      uses: slackapi/slack-github-action@v2.0.0
       with: 
         payload: |
           {

.github/workflows/vendor-portal-release-notes.yml

@@ -13,7 +13,7 @@ jobs:
     outputs:
       releaseNotes: ${{ steps.release-notes.outputs.release-notes }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Generate Release Notes
         id: release-notes
@@ -32,7 +32,7 @@ jobs:
     needs: generate-release-notes
     if: ${{ needs.generate-release-notes.outputs.releaseNotes != '' || needs.generate-release-notes.outputs.releaseNotes != null }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Update Release Notes
         env:
           PATTERN: ".+RELEASE_NOTES_PLACEHOLDER.+"
@@ -45,7 +45,7 @@ jobs:
           rm -rf /tmp/release-notes.txt
 
       - name: Create Pull Request # creates a PR if there are differences
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@v7
         id: cpr
         with:
           token: ${{ secrets.REPLICATED_GH_PAT }}
@@ -62,7 +62,7 @@ jobs:
           echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
 
       - name: Slack Notification
-        uses: slackapi/slack-github-action@v1.16.0
+        uses: slackapi/slack-github-action@v2.0.0
         with:
           payload: |
             {

docs/enterprise/embedded-manage-nodes.mdx

@@ -10,6 +10,8 @@ Multi-node clusters with Embedded Cluster have the following limitations:
 
 * High availability for Embedded Cluster in an Alpha feature. This feature is subject to change, including breaking changes. To get access to this feature, reach out to Alex Parker at [[email protected]](mailto:[email protected]).
 
+* The same Embedded Cluster data directory used at installation is used for all nodes joined to the cluster. This is either the default `/var/lib/embedded-cluster` directory or the directory set with the [`--data-dir`](/reference/embedded-cluster-install#flags) flag. You cannot choose a different data directory for Embedded Cluster when joining nodes.
+
 ## Add Nodes to a Cluster (Beta) {#add-nodes}
 
 You can add nodes to create a multi-node cluster in online (internet-connected) and air-gapped (limited or no outbound internet access) environments. The Admin Console provides the join command that you use to join nodes to the cluster.

docs/enterprise/embedded-tls-certs.mdx

@@ -0,0 +1,47 @@
+# Updating Custom TLS Certificates in Embedded Cluster Installations
+
+This topic describes how to update custom TLS certificates in Replicated Embedded Cluster installations.
+
+## Update Custom TLS Certificates
+
+Users can provide custom TLS certificates with Embedded Cluster installations and can update TLS certificates through the Admin Console.
+
+:::important
+Adding the `acceptAnonymousUploads` annotation temporarily creates a vulnerability for an attacker to maliciously upload TLS certificates. After TLS certificates have been uploaded, the vulnerability is closed again.
+
+Replicated recommends that you complete this upload process quickly to minimize the vulnerability risk.
+:::
+
+To upload a new custom TLS certificate in Embedded Cluster installations:
+
+1. SSH onto a controller node where Embedded Cluster is installed. Then, run the following command to start a shell so that you can access the cluster with kubectl:
+
+   ```bash
+   sudo ./APP_SLUG shell
+   ```
+   Where `APP_SLUG` is the unique slug of the installed application.
+
+1. In the shell, run the following command to restore the ability to upload new TLS certificates by adding the `acceptAnonymousUploads` annotation:
+
+   ```bash
+   kubectl -n kotsadm annotate secret kotsadm-tls acceptAnonymousUploads=1 --overwrite
+   ```
+
+1. Run the following command to get the name of the kurl-proxy server:
+
+   ```bash
+   kubectl get pods -A | grep kurl-proxy | awk '{print $2}'
+   ```
+   :::note
+   This server is named `kurl-proxy`, but is used in both Embedded Cluster and kURL installations.
+   :::
+
+1. Run the following command to delete the kurl-proxy pod. The pod automatically restarts after the command runs.
+
+   ```bash
+   kubectl delete pods PROXY_SERVER
+   ```
+
+   Replace `PROXY_SERVER` with the name of the kurl-proxy server that you got in the previous step.
+
+1. After the pod has restarted, go to `http://<ip>:30000/tls` in your browser and complete the process in the Admin Console to upload a new certificate.

docs/enterprise/monitoring-access-dashboards.mdx

@@ -0,0 +1,70 @@
+# Accessing Dashboards Using Port Forwarding
+
+This topic includes information about how to access Prometheus, Grafana, and Alertmanager in Replicated KOTS existing cluster and Replicated kURL installations.
+
+For information about how to configure Prometheus monitoring in existing cluster installations, see [Configuring Prometheus Monitoring in Existing Cluster KOTS Installations](monitoring-applications).
+
+## Overview
+
+The Prometheus [expression browser](https://prometheus.io/docs/visualization/browser/), Grafana, and some preconfigured dashboards are included with Kube-Prometheus for advanced visualization. Prometheus Altertmanager is also included for alerting. You can access Prometheus, Grafana, and Alertmanager dashboards using `kubectl port-forward`.
+
+:::note
+You can also expose these pods on NodePorts or behind an ingress controller. This is an advanced use case. For information about exposing the pods on NodePorts, see [NodePorts](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/node-ports.md) in the kube-prometheus GitHub repository. For information about exposing the pods behind an ingress controller, see [Expose via Ingress](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md) in the kube-prometheus GitHub repository.
+:::
+
+## Prerequisite
+
+For existing cluster KOTS installations, first install Prometheus in the cluster and configure monitoring. See [Configuring Prometheus Monitoring in Existing Cluster KOTS Installations](monitoring-applications)
+
+## Access Prometheus
+
+To access the Prometheus dashboard:
+
+1. Run the following command to port forward the Prometheus service:
+
+   ```bash
+   kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090
+   ```
+
+1. Access the dashboard at http://localhost:9090.
+
+## Access Grafana
+
+Users can access the Grafana dashboard by logging in using a default username and password. For information about configuring Grafana, see the [Grafana documentation](https://grafana.com/docs/). For information about constructing Prometheus queries, see [Querying Prometheus](https://prometheus.io/docs/prometheus/latest/querying/basics/) in the Prometheus documentation.
+
+To access the Grafana dashboard:
+
+1. Run the following command to port forward the Grafana service:
+
+   ```bash
+   kubectl --namespace monitoring port-forward deployment/grafana 3000
+   ```
+1. Access the dashboard at http://localhost:3000.
+1. Log in to Grafana:
+   * **Existing cluster**: Use the default Grafana username and password: `admin:admin`.
+   * **kURL  cluster**: The Grafana password is randomly generated by kURL and is displayed on the command line after kURL provisions the cluster. To log in, use this password generated by kURL and the username `admin`.
+
+      To retrieve the password, run the following kubectl command:
+
+      ```
+      kubectl get secret -n monitoring grafana-admin -o jsonpath="{.data.admin-password}" | base64 -d
+      ```
+
+## Access Alertmanager
+
+Alerting with Prometheus has two phases:
+
+* Phase 1: Alerting rules in Prometheus servers send alerts to an Alertmanager.
+* Phase 2: The Alertmanager then manages those alerts, including silencing, inhibition, aggregation, and sending out notifications through methods such as email, on-call notification systems, and chat platforms.
+
+For more information about configuring Alertmanager, see [Configuration](https://prometheus.io/docs/alerting/configuration/) in the Prometheus documentation.
+
+To access the Alertmanager dashboard:
+
+1. Run the following command to port forward the Alertmanager service:
+
+   ```
+   kubectl --namespace monitoring port-forward svc/prometheus-alertmanager 9093
+   ```
+
+1. Access the dashboard at http://localhost:9093.

docs/enterprise/monitoring-applications.mdx

@@ -1,26 +1,22 @@
 import OverviewProm from "../partials/monitoring/_overview-prom.mdx"
-import LimitationEc from "../partials/monitoring/_limitation-ec.mdx"
 
-# Monitoring Applications with Prometheus
+# Configuring Prometheus Monitoring in Existing Cluster KOTS Installations
 
-This topic describes monitoring applications and clusters with Prometheus. It includes information about how to configure Prometheus monitoring for existing clusters and how to access the dashboard using a port forward.
+This topic describes how to monitor applications and clusters with Prometheus in existing cluster installations with Replicated KOTS.
 
-## Overview
-
-<OverviewProm/>
+For information about how to access Prometheus, Grafana, and Alertmanager, see [Accessing Dashboards Using Port Forwarding](/enterprise/monitoring-access-dashboards).
 
-## Limitation
+For information about consuming Prometheus metrics externally in kURL installations, see [Consuming Prometheus Metrics Externally](monitoring-external-prometheus).
 
-<LimitationEc/>
+## Overview
 
-## Configure Monitoring in Existing Clusters {#configure-existing}
+<OverviewProm/>
 
-To configure Prometheus monitoring for applications installed in an existing cluster, connect the Admin Console to the endpoint of an installed instance of Prometheus on the cluster. See the following sections:
+## Configure Prometheus Monitoring
 
-* [Install Prometheus](#install-prometheus)
-* [Connect to a Prometheus Endpoint](#connect-to-a-prometheus-endpoint)
+For existing cluster installations with KOTS, users can install Prometheus in the cluster and then connect the Admin Console to the Prometheus endpoint to enable monitoring.
 
-### Install Prometheus
+### Step 1: Install Prometheus in the Cluster {#configure-existing}
 
 Replicated recommends that you use CoreOS's Kube-Prometheus distribution for installing and configuring highly available Prometheus on an existing cluster. For more information, see the [kube-prometheus](https://github.com/coreos/kube-prometheus) GitHub repository.
 
@@ -43,9 +39,9 @@ To install Prometheus using the recommended Kube-Prometheus distribution:
 
    For more information about advanced Kube-Prometheus configuration options, see [Customizing Kube-Prometheus](https://github.com/coreos/kube-prometheus#customizing-kube-prometheus) in the kube-prometheus GitHub repository.
 
-### Connect to a Prometheus Endpoint
+### Step 2: Connect to a Prometheus Endpoint
 
-To view graphs on the Admin Console dashboard, you must provide the address of the Prometheus instance that you installed on the cluster.
+To view graphs on the Admin Console dashboard, provide the address of a Prometheus instance installed in the cluster.
 
 To connect the Admin Console to a Prometheus endpoint:
 
@@ -54,76 +50,4 @@ To connect the Admin Console to a Prometheus endpoint:
 
    ![Configuring Prometheus](/images/kotsadm-dashboard-configureprometheus.png)
 
-   Graphs appear on the dashboard shortly after saving the address.
-
-## Access the Dashboards with kubectl Port Forward
-
-You can use the commands below to access Prometheus, Grafana, and Alertmanager dashboards using `kubectl port-forward` after you install the manifests.
-
-You can also expose these pods on NodePorts or behind an ingress controller. This is an advanced use case. For information about exposing the pods on NodePorts, see [NodePorts](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/node-ports.md) in the kube-prometheus GitHub repository. For information about exposing the pods behind an ingress controller, see [Expose via Ingress](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md) in the kube-prometheus GitHub repository.
-
-For Replicated kURL clusters, you can consume Prometheus metrics from an external monitoring solution by connecting to the Prometheus NodePort service running in the cluster. For more information, see [Consuming Prometheus Metrics Externally](monitoring-external-prometheus). 
-
-### Access Prometheus
-
-To access the Prometheus dashboard with a port forward:
-
-1. Run the following command to create the port forward:
-
-   ```bash
-   kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090
-   ```
-
-1. Access the dashboard at http://localhost:9090.
-
-### Access Grafana
-
-To access the Grafana dashboard with a port forward:
-
-1. Run the following command to create the port forward:
-
-   ```bash
-   kubectl --namespace monitoring port-forward deployment/grafana 3000
-   ```
-1. Access the dashboard at http://localhost:3000.
-1. Log in to Grafana:
-   * **Existing cluster**: Use the default Grafana username and password: `admin:admin`.
-   * **kURL  cluster**: The Grafana password is randomly generated by kURL and is displayed on the command line after kURL provisions the cluster. To log in, use this password generated by kURL and the username `admin`.
-
-      To retrieve the password, run the following kubectl command:
-
-      ```
-      kubectl get secret -n monitoring grafana-admin -o jsonpath="{.data.admin-password}" | base64 -d
-      ```
-
-### Access Alertmanager
-
-To access the Alertmanager dashboard with a port forward:
-
-1. Run the following command to create the port forward:
-
-   ```
-   kubectl --namespace monitoring port-forward svc/prometheus-alertmanager 9093
-   ```
-
-1. Access the dashboard at http://localhost:9093.
-
-## About Visualizing Metrics with Grafana
-
-In addition to the Prometheus Expression Browser, Grafana and some preconfigured dashboards are included with Kube-Prometheus for advanced visualization.
-
-For information about configuring Grafana, see the [Grafana documentation](https://grafana.com/docs/).
-
-For information about constructing Prometheus queries, see the [Querying Prometheus](https://prometheus.io/docs/prometheus/latest/querying/basics/) in the Prometheus documentation.
-
-For information about the Prometheus Expression Browser, see [Expression Browser](https://prometheus.io/docs/visualization/browser/) in the Prometheus documentation.
-
-
-## About Alerting with Prometheus
-
-Alerting with Prometheus has two phases:
-
-1. Alerting rules in Prometheus servers send alerts to an Alertmanager.
-1. The Alertmanager then manages those alerts, including silencing, inhibition, aggregation, and sending out notifications through methods such as email, on-call notification systems, and chat platforms.
-
-For more information about configuring Alertmanager, see [Configuration](https://prometheus.io/docs/alerting/configuration/) in the Prometheus documentation.
+   Graphs appear on the dashboard shortly after saving the address.