Merge branch 'main' into automation/vendor-portal-release-notes-v2024.10.16-0

Author: alicenstar

docs/partials/replicated-sdk/_dependency-yaml.mdx

@@ -3,7 +3,7 @@
 dependencies:
 - name: replicated
   repository: oci://registry.replicated.com/library
-  version: 1.0.0-beta.29
+  version: 1.0.0-beta.31
 ```
 
 For the latest version information for the Replicated SDK, see the [replicated-sdk repository](https://github.com/replicatedhq/replicated-sdk/tags) in GitHub.

docs/reference/embedded-config.mdx

@@ -71,7 +71,7 @@ For a full list of versions, see the Embedded Cluster [releases page](https://gi
 
 ## roles
 
-You can define node roles in the Embedded Cluster Config. Roles are particularly useful for multi-node clusters. One or more roles can be selected and assigned to a node when it is joined to the cluster. Node roles can be used to determine which nodes run the Kubernetes control plane, and to assign application workloads to particular nodes.
+You can define node roles in the Embedded Cluster Config. In multi-node clusters, roles are used to determine which nodes run the Kubernetes control plane, and to assign application workloads to particular nodes. One or more roles can be selected and assigned to a node when it is joined to the cluster. 
 
 :::note
 Roles are not updated or changed after a node is added. If you need to change a node’s role, reset the node and add it again.

docs/release-notes/rn-replicated-sdk.md

@@ -8,6 +8,23 @@ pagination_prev: null
 
 This topic contains release notes for the [Replicated SDK](/vendor/replicated-sdk-overview). The release notes list new features, improvements, bug fixes, known issues, and breaking changes. 
 
+## 1.0.0-beta.31
+
+Released on October 17, 2024
+
+### New Features {#new-features-1-0-0-beta-31}
+* Adds support for specifying ClusterRole using the [clusterRole](/vendor/replicated-sdk-customizing#custom-clusterrole) key.
+
+## 1.0.0-beta.30
+
+Released on October 16, 2024
+
+### New Features {#new-features-1-0-0-beta-30}
+* Adds support for custom Certificate Authorities using the [privateCASecret](/vendor/replicated-sdk-customizing#custom-certificate-authority) key.
+
+### Improvements {#improvements-1-0-0-beta-30}
+* This release addresses CVE-2024-41110. 
+
 ## 1.0.0-beta.29
 
 Released on October 9, 2024

docs/release-notes/rn-vendor-platform.md

@@ -17,6 +17,13 @@ Released on October 16, 2024
 ### New Features {#new-features-v2024-10-16-0}
 * Capitalize "Embedded Cluster" in the support workflow.
 
+## v2024.10.10-5
+
+Released on October 10, 2024
+
+### Bug Fixes {#bug-fixes-v2024-10-10-5}
+* Adds the "Copy URL" button for the Download Portal link back into the Download Portal section of the **Customer Reporting** page.
+
 ## v2024.10.01-0
 
 Released on October 1, 2024

docs/vendor/embedded-overview.mdx

@@ -219,7 +219,7 @@ To access the cluster and use other included binaries:
      The appropriate kubeconfig is exported, and the location of useful binaries like kubectl and Replicated’s preflight and support-bundle plugins is added to PATH.
 
      :::note
-     The shell command cannot be run on non-controller nodes.
+     You cannot run the `shell` command on worker nodes.
      :::
 
 1. Use the available binaries as needed.

docs/vendor/policies-support-lifecycle.md

@@ -7,9 +7,17 @@ Replicated will provide support for products per our terms and services until th
     <th width="30%">Product Phase</th>
     <th width="70%">Definition</th>
   </tr>
+  <tr>
+    <td>Alpha</td>
+    <td>A product or feature that is exploratory or experimental. Typically, access to alpha features and their documentation is limited to customers providing early feedback. While most alpha features progress to beta and general availability (GA), some are deprecated based on assessment learnings.</td>
+  </tr>
+  <tr>
+    <td>Beta</td>
+    <td><p>A product or feature that is typically production-ready, but has not met Replicated’s definition of GA for one or more of the following reasons:</p><ul><li>Remaining gaps in intended functionality</li><li>Outstanding needs around testing</li><li>Gaps in documentation or sales enablement</li><li>In-progress customer value validation efforts</li></ul><p>Documentation for beta products and features is published on the Replicated Documentation site with a "(Beta)" label. Beta products or features follow the same build and test processes required for GA.</p><p>Please contact your Replicated account representative if you have questions about why a product or feature is beta.</p></td>
+  </tr>
   <tr>
     <td>“GA” - General Availability</td>
-    <td>A product starts the General Availability phase when it is available for purchase from Replicated.</td>
+    <td>A product or feature that has been validated as both production-ready and value-additive by a percentage of Replicated customers. Products in the GA phase are typically those that are available for purchase from Replicated.</td>
   </tr>
   <tr>
     <td>“LA” - Limited Availability</td>
@@ -121,4 +129,4 @@ Replicated support for end-customer installations is limited to those installs u
 
 The information contained herein is believed to be accurate as of the date of publication, but updates and revisions may be posted periodically and without notice.
 
-Last modified September 18, 2024.
+Last modified October 17, 2024.

docs/vendor/releases-share-download-portal.md

@@ -21,9 +21,11 @@ The following is an example of the Download Portal for an air gap customer insta
 
 [View a larger version of this image](/images/download-portal-existing-cluster.png)
 
-## Limitation
+## Limitations
 
-Installation assets for [Replicated Embedded Cluster](/vendor/embedded-overview) are not available for download in the Download Portal.
+* Installation assets for [Replicated Embedded Cluster](/vendor/embedded-overview) are not available for download in the Download Portal.
+
+* Sessions in the Download Portal are valid for 72 hours. After the session expires, your customer must log in again. The Download Portal session length is not configurable.
 
 ## Download Assets from the Download Portal
 
@@ -80,4 +82,4 @@ and preview your customer's experience.
 
 1. Click the download button to download each asset.   
 
-1. To share installation files with a customer, send the customer their unique link and password for the Download Portal.
+1. To share installation files with a customer, send the customer their unique link and password for the Download Portal.

docs/vendor/replicated-sdk-customizing.md

@@ -65,6 +65,8 @@ The SDK requires the following minimum RBAC permissions:
   The Replicated Vendor Portal uses status informers to provide application status data. For more information, see [Helm Installations](/vendor/insights-app-status#helm-installations) in _Enabling and Understanding Application Status_.
 ### Install the SDK with Custom RBAC
 
+#### Custom ServiceAccount
+
 To use the SDK with custom RBAC permissions, provide the name for a custom ServiceAccount object during installation. When a service account is provided, the SDK uses the RBAC permissions granted to the service account and does not create the default Role, RoleBinding, or ServiceAccount objects.
 
 To install the SDK with custom RBAC:
@@ -80,6 +82,23 @@ To install the SDK with custom RBAC:
 
  For more information about installing with Helm, see [Installing with Helm](/vendor/install-with-helm).  
 
+#### Custom ClusterRole
+
+To use the SDK with an existing ClusterRole, provide the name for a custom ClusterRole object during installation. When a cluster role is provided, the SDK uses the RBAC permissions granted to the cluster role and does not create the default RoleBinding. Instead, the SDK creates a ClusterRoleBinding as well as a ServiceAccount object.
+
+To install the SDK with a custom ClusterRole:
+
+1. Create a custom ClusterRole object. The ClusterRole must meet at least the minimum requirements described in [Minimum RBAC Requirements](#minimum-rbac-requirements) above. However, it can also provide additional permissions that can be used by the SDK, such as listing cluster Nodes.
+1. During installation, provide the name of the cluster role that you created by including `--set replicated.clusterRole=CUSTOM_CLUSTERROLE_NAME`.
+
+  **Example**:
+
+  ```
+  helm install wordpress oci://registry.replicated.com/my-app/beta/wordpress --set replicated.clusterRole=mycustomclusterrole
+  ```
+
+ For more information about installing with Helm, see [Installing with Helm](/vendor/install-with-helm).
+
 ## Set Environment Variables {#env-var}
 
 The Replicated SDK provides a `replicated.extraEnv` value that allows users to set additional environment variables for the deployment that are not exposed as Helm values.
@@ -116,13 +135,15 @@ replicated:
 
 ## Custom Certificate Authority
 
-When installing the Replicated SDK behind a proxy server that terminates TLS and injects a custom certificate, you must provide the CA to the SDK. This can be done by storing the CA in a ConfigMap prior to installation and setting `privateCAConfigmap` key to the name of the ConfigMap.
+When installing the Replicated SDK behind a proxy server that terminates TLS and injects a custom certificate, you must provide the CA to the SDK. This can be done by storing the CA in a ConfigMap or a Secret prior to installation and providing appropriate values during installation.
+
+### Using a ConfigMap
 
-To store the CA in a ConfigMap:
+To use a CA stored in a ConfigMap:
 
-1. Create a ConfigMap with the name of `private-ca` and the CA as the data value:
+1. Create a ConfigMap and the CA as the data value. Note that name of the ConfigMap and data key can be anything.
    ```bash
-   kubectl create configmap -n <NAMESPACE> private-ca --from-file=ca.crt=./ca.crt
+   kubectl -n <NAMESPACE> create configmap private-ca --from-file=ca.crt=./ca.crt
    ```
 1. Add the name of the config map to the values file:
    ```yaml
@@ -134,6 +155,22 @@ To store the CA in a ConfigMap:
 If the `--private-ca-configmap` flag is used with the [kots install](/enterprise/installing-existing-cluster-automation) command, this value will be populated in the Replicated SDK automatically.
 :::
 
+### Using a Secret
+
+To use a CA stored in a Secret:
+
+1. Create a Secret and the CA as a data value. Note that the name of the Secret and the key can be anything.
+   ```bash
+   kubectl -n <NAMESPACE> create secret generic private-ca --from-file=ca.crt=./ca.crt
+   ```
+1. Add the name of the secret and the key to the values file:
+   ```yaml
+   replicated:
+     privateCASecret:
+       name: private-ca
+       key: ca.crt
+   ```
+
 ## Add Tolerations
 
 The Replicated SDK provides a `replicated.tolerations` value that allows users to add custom tolerations to the deployment. For more information about tolerations, see [Taints and Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/).

docs/vendor/replicated-sdk-installing.mdx

@@ -83,7 +83,7 @@ To add the SDK Helm chart to a release for a standard manifest-based application
     ```
     Where `SDK_VERSION` is the version of the SDK to install. For a list of available SDK versions, see the [replicated-sdk repository](https://github.com/replicatedhq/replicated-sdk/tags) in GitHub.
 
-    The output of this command is a `.tgz` file with the naming convention `CHART_NAME-CHART_VERSION.tgz`. For example, `replicated-1.0.0-beta.13.tgz`.
+    The output of this command is a `.tgz` file with the naming convention `CHART_NAME-CHART_VERSION.tgz`. For example, `replicated-1.0.0-beta.31.tgz`.
 
     For more information and additional options, see [Helm Pull](https://helm.sh/docs/helm/helm_pull/) in the Helm documentation.
 
@@ -111,7 +111,7 @@ To add the SDK Helm chart to a release for a standard manifest-based application
         name: replicated
         # for chartversion, enter the version of the
         # SDK Helm chart in the release
-        chartVersion: 1.0.0-beta.13
+        chartVersion: 1.0.0-beta.31
     ```
 
      As shown in the example above, the HelmChart custom resource requires the name and version of the SDK Helm chart that you added to the release: