Merge branch 'main' into automation/vendor-portal-release-notes-v2024.09.12-3

Author: paigecalvert

docs/enterprise/installing-embedded.mdx

@@ -125,10 +125,10 @@ The following flags can be used with the Embedded Cluster `install` command to i
        <p>For single-node installations, pass the IP address of the node where you are installing. For multi-node installations, when deploying the first node, pass the list of IP addresses for all nodes in the cluster (typically in CIDR notation).</p>
        <p>The following are never proxied:</p>
        <ul>
-         <li>Internal cluster communication (`localhost`, `127.0.0.1`, `.default`, `.local`, `.svc`, `kubernetes`)</li>
-         <li>Communiation to the KOTS database (`kotsadm-rqlite`)</li>
+         <li>Internal cluster communication (`localhost`, `127.0.0.1`, `.cluster.local`, `.svc`)</li>
          <li>The CIDRs used for assigning IPs to Kubernetes Pods and Services. By default, the Pod CIDR is `10.244.0.0/16` and the Service CIDR `10.96.0.0/12`. For information about how to change these defaults, see [Set IP Address Ranges for Pods and Services](#set-ip-address-ranges-for-pods-and-services).</li>
        </ul>
+       <p>To ensure your app's internal cluster communication is not proxied, use fully qualified domain names like `my-service.my-namespace.svc` or `my-service.my-namespace.svc.cluster.local`.</p>
      </td>
   </tr>
 </table>

docs/reference/template-functions-static-context.md

@@ -330,6 +330,23 @@ ParseUint returns the unsigned integer value represented by the string with opti
 '{{repl ConfigOption "str_value" | ParseUint }}'
 ```
 
+
+## PrivateCACert
+
+> Introduced in KOTS v1.117.0
+
+```go
+func PrivateCACert() string
+```
+
+PrivateCACert returns the name of a ConfigMap that contains private CA certificates provided by the end user. For Embedded Cluster installations, these certificates are provided with the `--private-ca` flag for the `install` command. For KOTS installations, the user provides the ConfigMap using the `--private-ca-configmap` flag for the `install` command.
+
+You can use this template function to mount the specified ConfigMap so your containers can access the internet through enterprise proxies that issue their own TLS certificates in order to inspect traffic.
+
+:::note
+This function will return the name of the ConfigMap even if the ConfigMap has no entries. If no ConfigMap exists, this function returns the empty string.
+:::
+
 ## TLSCert
 
 **Deprecation Notice**: This function has been superseded in Replicated KOTS v1.26.0 by the sprig crypto functions. For more information, see [Using Variables to Generate TLS Certificates in JSON](template-functions-examples#using-variables-to-generate-tls-certificates-in-json). For more information about the sprig crypto function, see [Cryptographic and Security Functions](http://masterminds.github.io/sprig/crypto.html) in the sprig documentation.

docs/release-notes/rn-app-manager.md

@@ -16,6 +16,19 @@ The following table lists the versions of Kubernetes that are compatible with ea
 
 <!--RELEASE_NOTES_PLACEHOLDER-->
 
+## 1.117.0
+
+Released on September 13, 2024
+
+Support for Kubernetes: 1.28, 1.29, and 1.30
+
+### New Features {#new-features-1-117-0}
+* Adds the `--private-ca-configmap` flag to the `install` and `generate-manifests` commands. The contents of the provided ConfigMap are used as additional trusted certificate authorities.
+* Adds the [`PrivateCACert` template function](/reference/template-functions-static-context#privatecacert) to return the name of a ConfigMap containing additional trusted CA certificates provided by the end user.
+
+### Bug Fixes {#bug-fixes-1-117-0}
+* Fixes an issue where `dropdown` Config items did not respect the `when` property.
+
 ## 1.116.1
 
 Released on September 12, 2024
@@ -41,7 +54,7 @@ Released on September 5, 2024
 Support for Kubernetes: 1.28, 1.29, and 1.30
 
 ### Improvements {#improvements-1-115-2}
-* Available updates are shown on the **Dashboard** page of the Admin Console for Embedded Cluster. This was removed in a previous version.
+* Available updates and the check for updates button are shown on the **Dashboard** page of the Admin Console for Embedded Cluster. These were removed in a previous version.
 * When nodes need to be added to the cluster during an Embedded Cluster restore operation, the `join` command is more clearly shown in the Admin Console.
 * Improves messaging when the requested channel slug is not allowed by the provided license.
 
@@ -65,7 +78,7 @@ Released on August 20, 2024
 Support for Kubernetes: 1.28, 1.29, and 1.30
 
 ### Improvements {#improvements-1-115-0}
-* Displays guidance on the **Nodes** page and easier access to the node join command during initial install of Embedded Cluster.
+* The **Nodes** page displays guidance and easier access to the node join command during initial install of Embedded Cluster.
 * Adds back the check for updates button on the **Version history** page in Embedded Cluster, so you can check for updates without refreshing the page.
 
 ## 1.114.0

docs/release-notes/rn-embedded-cluster.md

@@ -6,6 +6,40 @@ pagination_prev: null
 
 # Embedded Cluster Release Notes
 
+## 1.12.0
+
+Released on September 11, 2024
+
+<table>
+  <tr>
+    <th>Version</th>
+    <td id="center">1.12.0+k8s-1.29</td>
+    <td id="center">1.12.0+k8s-1.28</td>
+  </tr>
+  <tr>
+    <th>Kubernetes Version</th>
+    <td id="center">1.29.8</td>
+    <td id="center">1.28.11</td>
+  </tr>
+  <tr>
+    <th>KOTS Version</th>
+    <td id="center" colspan="2">1.116.0</td>
+  </tr>
+</table>
+
+
+### Improvements {#improvements-1-12-0}
+
+* Available updates and the check for updates button are shown on the **Dashboard** page of the Admin Console. The check for updates button is now also shown on the **Version history** page. These were removed in a previous version.
+* The **Nodes** page displays guidance and easier access to the node join command during initial install.
+* When nodes need to be added to the cluster during a restore operation, the `join` command is more clearly shown in the Admin Console.
+* Hides a banner on the **View Files** page that told users to use `kubectl kots` commands that are not intended for Embedded Cluster.
+* KOTS now uses the fully qualified `.svc.cluster.local` address when making requests to the `kotsadm-rqlite` and `kotsadm-minio` services for simplified HTTP proxy configuration using `NO_PROXY=.cluster.local`.
+
+### Bug Fixes {#bug-fixes-1-12-0}
+
+* Fixes an issue where the values provided to the `--http-proxy`, `--https-proxy`, and `--no-proxy` flags for the kots install command were not propagated to the Replicated SDK.
+
 ## 1.11.1
 
 Released on August 30, 2024

docs/release-notes/rn-vendor-platform.md

@@ -8,13 +8,21 @@ pagination_prev: null
 
 <!--RELEASE_NOTES_PLACEHOLDER-->
 
+
 ## v2024.09.12-3
 
 Released on September 12, 2024
 
 ### New Features {#new-features-v2024-09-12-3}
 * Compatibility Matrix: Adds new instance shapes for OKE (Oracle) distribution.
 
+## v2024.09.13-1
+
+Released on September 13, 2024
+
+### New Features {#new-features-v2024-09-13-1}
+* Compatibility Matrix: Adds Alpha support for Embedded Cluster multinode.
+
 ## v2024.09.11-2
 
 Released on September 11, 2024

docs/vendor/testing-supported-clusters.md

@@ -229,11 +229,11 @@ Compatibility Matrix supports creating clusters with Replicated Embedded Cluster
   </tr>
   <tr>
     <th>Node Groups</th>
-    <td>No</td>
+    <td>Yes</td>
   </tr>
   <tr>
     <th>Nodes</th>
-    <td>Supports a single node.</td>
+    <td>Supports multiple nodes (alpha).</td>
   </tr>
   <tr>
     <th>IP Family</th>