Merge branch 'main' into automation/vendor-portal-release-notes-v2024.10.25-8

Author: paigecalvert

docs/partials/embedded-cluster/_port-reqs.mdx

@@ -21,4 +21,4 @@ Embedded Cluster requires that the following ports are open and available:
 
 ** Required for air gap installations only.
 
-*** By default, the Admin Console and Local Artifact Mirror (LAM) run on ports 30000 and 50000, respectively. If these ports are occupied, you can select different ports during installation. For more information, see [Change the Admin Console and LAM Ports](/enterprise/installing-embedded#adm-lam-ports).
+*** By default, the Admin Console and Local Artifact Mirror (LAM) run on ports 30000 and 50000, respectively. If these ports are occupied, you can select different ports during installation. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install).

docs/partials/embedded-cluster/_requirements.mdx

@@ -9,7 +9,7 @@
 * The filesystem at `/var/lib/embedded-cluster` has 40Gi or more of total space and must be less than 80% full
 
    :::note
-   The directory used for data storage can be changed by passing the `--data-dir` flag with the Embedded Cluster install command. For more information, see [Change the Default Data Directory](/enterprise/installing-embedded#data-dir) in _Installing with Embedded Cluster_.
+   The directory used for data storage can be changed by passing the `--data-dir` flag with the Embedded Cluster install command. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install).
    :::
 
    Note that in addition to the primary `/var/lib/embedded-cluster` directory, Embedded Cluster creates directories and files in the following locations:

docs/reference/embedded-cluster-install.mdx

@@ -21,6 +21,12 @@ sudo ./APP_SLUG install --license LICENSE_FILE [flags]
     <th width="35%">Flag</th>
     <th width="65%">Description</th>
   </tr>
+  <tr>
+     <td>`--admin-console-password`</td>
+     <td>
+        <p>Set the password for the Admin Console. The password must be at least six characters in length. If not set, the user is prompted to provide an Admin Console password.</p>
+      </td>
+  </tr>
   <tr>
      <td>`--admin-console-port`</td>
      <td>
@@ -32,6 +38,12 @@ sudo ./APP_SLUG install --license LICENSE_FILE [flags]
      <td>`--airgap-bundle`</td>
      <td>The Embedded Cluster air gap bundle used for installations in air-gapped environments with no outbound internet access. For information about how to install in an air-gapped environment, see [Air Gap Installation with Embedded Cluster](/enterprise/installing-embedded-air-gap).</td>
   </tr>
+  <tr>
+     <td>`--cidr`</td>
+     <td>
+        <p>The range of IP addresses that can be assigned to Pods and Services, in CIDR notation. **Default:** By default, the CIDR block is `10.244.0.0/16`.</p>
+     </td>
+  </tr>
   <tr>
      <td>`--data-dir`</td>
      <td>
@@ -66,6 +78,12 @@ sudo ./APP_SLUG install --license LICENSE_FILE [flags]
         <p>Port on which to run the Local Artifact Mirror (LAM). **Default**: By default, the LAM runs on port 50000.</p>
      </td>
   </tr>
+  <tr>
+     <td>`--network-interface`</td>
+     <td>
+        <p>The name of the network interface to bind to for the Kubernetes API. A common use case of `--network-interface` is for multi-node clusters where node communication should happen on a particular network. **Default**: If a network interface is not provided, the first valid, non-local network interface is used.</p>
+     </td>
+  </tr>
   <tr>
      <td>`--no-proxy`</td>
      <td>
@@ -82,9 +100,10 @@ sudo ./APP_SLUG install --license LICENSE_FILE [flags]
      </td>
   </tr>
   <tr>
-     <td>`--cidr`</td>
+     <td>`--private-ca`</td>
      <td>
-        <p>The range of IP addresses that can be assigned to Pods and Services, in CIDR notation. **Default:** By default, the CIDR block is `10.244.0.0/16`.</p>
+        <p>The path to trusted certificate authority (CA) certificates. Using the `--private-ca` flag ensures that the CA is trusted by the installation. KOTS writes the CA certificates provided with the `--private-ca` flag to a ConfigMap in the cluster.</p>
+        <p>The KOTS [PrivateCACert](/reference/template-functions-static-context#privatecacert) template function returns the ConfigMap containing the private CA certificates supplied with the `--private-ca` flag. You can use this template function to mount the ConfigMap so your containers trust the CA too.</p>
      </td>
   </tr>
 </table>
@@ -100,7 +119,7 @@ sudo ./myapp install --license license.yaml --airgap-bundle myapp.airgap
 ### Change the Admin Console and LAM Ports
 
 ```bash
-sudo ./myapp install --admin-console-port=20000 --local-artifact-mirror-port=40000
+sudo ./myapp install --license license.yaml --admin-console-port=20000 --local-artifact-mirror-port=40000
 ```
 
 ### Change the Data Directory
@@ -112,7 +131,7 @@ sudo ./my-app install --license license.yaml --data-dir /data/embedded-cluster
 ### Install Behind a Proxy
 
 ```bash
-sudo ./APP_SLUG install --license LICENSE_FILE \
+sudo ./APP_SLUG install --license license.yaml \
   --http-proxy=HOST:PORT \
   --https-proxy=HOST:PORT \
   --no-proxy=LIST_OF_HOSTS
@@ -122,8 +141,29 @@ Where:
 * `HOST:PORT` is the host and port of the proxy server
 * `LIST_OF_HOSTS` is the list of hosts to not proxy. For example, the IP address of the node where you are installing. Or, for multi-node clusters, the list of IP addresses for all nodes in the cluster, typically in CIDR notation.
 
+### Install Behind an MITM Proxy
+
+```bash
+sudo ./APP_SLUG install --license license.yaml --private-ca /path/to/private-ca-bundle \
+  --http-proxy=http://10.128.0.0:3300 \
+  --https-proxy=http://10.128.0.0:3300 \
+  --no-proxy=123.89.46.4,10.96.0.0/16,*.example.com
+```
+
+### Set Admin Console Password
+
+```bash
+sudo ./my-app install --license license.yaml --admin-console-password password
+```
+
 ### Set IP Address Range for Pods and Services
 
 ```bash
 sudo ./my-app install --license license.yaml --cidr 172.16.136.0/16
 ```
+
+### Use a Specific Network Interface
+
+```bash
+sudo ./my-app install --license license.yaml --network-interface eno167777
+```

docs/reference/replicated-cli-cluster-shell.mdx

@@ -0,0 +1,46 @@
+import Help from "../partials/replicated-cli/_help.mdx"
+
+# cluster shell
+
+Opens a new shell session with the kubeconfig configured for the specified cluster. This allows you to have immediate kubectl access to the cluster within the shell environment.
+
+You can either specify the cluster ID directly or provide the cluster name to resolve the corresponding cluster ID. The shell will inherit your existing environment and add the necessary kubeconfig context for interacting with the Kubernetes cluster.
+
+Once inside the shell, you can use 'kubectl' to interact with the cluster. To exit the shell, press Ctrl-D or type 'exit'. When the shell closes, the kubeconfig will be reset back to your default configuration.
+
+## Usage
+
+```bash
+replicated cluster shell [ID] [flags]
+```
+
+<table>
+  <tr>
+    <th width="30%">Flag</th>
+    <th width="20%">Type (if applicable)</th>
+    <th width="50%">Description</th>
+  </tr>
+  <Help/>
+  <tr>
+    <td>--id</td>
+    <td>string</td>
+    <td>ID of the cluster to have kubectl access to (when name is not provided)</td>
+  </tr>
+  <tr>
+    <td>--name</td>
+    <td>string</td>
+    <td>Name of the cluster to have kubectl access to.</td>
+  </tr>
+</table>
+
+## Examples
+
+```bash
+# Open a shell for a cluster by ID
+replicated cluster shell 89be02de
+```
+
+```bash
+# Open a shell for a cluster by name
+replicated cluster shell --name "My Cluster"
+```

docs/release-notes/rn-app-manager.md

@@ -18,6 +18,15 @@ The following table lists the versions of Kubernetes that are compatible with ea
 
 <!--RELEASE_NOTES_PLACEHOLDER-->
 
+## 1.120.0
+
+Released on October 30, 2024
+
+Support for Kubernetes: 1.29, 1.30, and 1.31
+
+### New Features {#new-features-1-120-0}
+* Various new features to support Replicated Embedded Cluster.
+
 ## 1.119.1
 
 Released on October 22, 2024

docs/release-notes/rn-embedded-cluster.md

@@ -48,6 +48,7 @@ Released on October 23, 2024
 
 ### Improvements {#improvements-1-16-0}
 * For new installations, the `k0s` and `openebs-local` directories are now subdirectories of `/var/lib/embedded-cluster`. With this change, Embedded Cluster now only documents and includes preflight checks for `/var/lib/embedded-cluster`.
+* Adds the `support-bundle` command to make it easier to generate support bundles.
 * Improves the reliability of waiting for the Kubernetes server to start.
 * Collects more information about the cluster in support bundles, including the Local Artifact Mirror and Kubernetes API Server logs.
 * Requires that the Admin Console password is at least six characters.
@@ -59,9 +60,11 @@ Released on October 23, 2024
 * Fixes an issue where upgrading a cluster with a worker node that used a version of Embedded Cluster earlier than 1.15 would fail.
 * Fixes an issue that prevented you from upgrading to an application version that didn't have Config and preflights.
 * Fixes an issue where the Admin Console could reach out the internet when generating a support bundle in air gap environments.
+* Fixes an issue that prevented you from installing Embedded Cluster using a multi-channel license and a channel other than the license's default.
 * Fixes an issue that could cause the registry to fail to upgrade in air gap installations.
 * Fixes an issue where the Replicated SDK failed to deploy if a private CA was provided to the installation but the SDK was installed into a different namespace than KOTS.
 * If an application includes the Replicated SDK, the SDK will be deployed with the same ClusterRole as the Admin Console.
+* Fixes an issue where node joins failed because of a version mismatch, even though the versions were the same.
 
 ## 1.15.0 - Removed
 
@@ -99,7 +102,9 @@ Released on October 10, 2024
 * The Admin Console password must be at least six characters.
 
 ### Bug Fixes {#bug-fixes-1-15-0}
+* Fixes an issue that prevented you from installing Embedded Cluster using a multi-channel license and a channel other than the license's default.
 * Fixes an issue that could cause the registry to fail to upgrade in air gap installations.
+* Fixes an issue where node joins failed because of a version mismatch, even though the versions were the same.
 
 ## 1.14.2
 

docs/release-notes/rn-vendor-platform.md

@@ -10,18 +10,33 @@ This topic contains release notes for the Replicated Vendor Platform, which incl
 
 <!--RELEASE_NOTES_PLACEHOLDER-->
 
+
+## v2024.10.28-3
+
+Released on October 28, 2024
+
+### Bug Fixes {#bug-fixes-v2024-10-28-3}
+* Fixes a bug that could cause the **Customer Email** field to be required.
+
 ## v2024.10.25-8
 
 Released on October 25, 2024
 
 ### Bug Fixes {#bug-fixes-v2024-10-25-8}
 * Fixes a bug where users could not create a new customer when there are required license fields.
 
+## v2024.10.25-3
+
+Released on October 25, 2024
+
+### Improvements {#improvements-v2024-10-25-3}
+* Add GitHub issue URL to feature request confirmation modal.
+
 ## v2024.10.24-2
 
 Released on October 24, 2024
 
-### New Features {#new-features-v2024-10-24-2}
+### Improvements {#improvements-v2024-10-24-2}
 * Renames "Embedded cluster" to "Embedded Kubernetes" and "Bring my own cluster" to "Bring my own Kubernetes" in the Download Portal side bar.
 
 ## v2024.10.23-6

docs/vendor/embedded-disaster-recovery.mdx

@@ -38,7 +38,7 @@ Embedded Cluster disaster recovery has the following limitations and known issue
 
 * Velero is only installed during the installation process. Enabling the disaster recovery license field for customers after they have already installed will not do anything.
 
-* If the `--admin-console-port` flag was used during install to change the port for the Admin Console, note that during a restore the Admin Console port will be used from the backup and cannot be changed. For more information, see [Change the Admin Console and LAM Ports](/enterprise/installing-embedded#adm-lam-ports).
+* If the `--admin-console-port` flag was used during install to change the port for the Admin Console, note that during a restore the Admin Console port will be used from the backup and cannot be changed. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install).
 
 ## Configure Disaster Recovery for Your Application 
 
@@ -140,11 +140,11 @@ To restore from a backup:
 
      Note the following requirements and guidance for the `restore` command:
 
-       * If the installation is behind a proxy, the same proxy settings provided during install must be provided to the restore command using `--http-proxy`, `--https-proxy`, and `--no-proxy`. For more information, see [Install Behind a Proxy](/enterprise/installing-embedded#proxy).
+       * If the installation is behind a proxy, the same proxy settings provided during install must be provided to the restore command using `--http-proxy`, `--https-proxy`, and `--no-proxy`. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install).
 
-       * If the `--cidr` flag was used during install to the set IP address ranges for Pods and Services, this flag must be provided with the same CIDR during the restore. If this flag is not provided or is provided with a different CIDR, the restore will fail with an error message telling you to rerun with the appropriate value. However, it will take some time before that error occurs. For more information, see [Set IP Address Ranges for Pods and Services](/enterprise/installing-embedded#set-ip-address-ranges-for-pods-and-services).
+       * If the `--cidr` flag was used during install to the set IP address ranges for Pods and Services, this flag must be provided with the same CIDR during the restore. If this flag is not provided or is provided with a different CIDR, the restore will fail with an error message telling you to rerun with the appropriate value. However, it will take some time before that error occurs. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install).
 
-       * If the `--local-artifact-mirror-port` flag was used during install to change the port for the Local Artifact Mirror (LAM), you can optionally use the `--local-artifact-mirror-port` flag to choose a different LAM port during restore. For example, `restore --local-artifact-mirror-port=50000`. If no LAM port is provided during restore, the LAM port that was supplied during installation will be used. For more information, see [Change Admin Console and LAM Ports](/enterprise/installing-embedded#adm-lam-ports).
+       * If the `--local-artifact-mirror-port` flag was used during install to change the port for the Local Artifact Mirror (LAM), you can optionally use the `--local-artifact-mirror-port` flag to choose a different LAM port during restore. For example, `restore --local-artifact-mirror-port=50000`. If no LAM port is provided during restore, the LAM port that was supplied during installation will be used. For more information, see [Embedded Cluster Install Command Options](/reference/embedded-cluster-install).
 
      You will be guided through the process of restoring from a backup.
 

docs/vendor/embedded-overview.mdx

@@ -50,7 +50,7 @@ Embedded Cluster has the following limitations:
 
 * **Disaster recovery is in alpha**: Disaster Recovery for Embedded Cluster installations is in alpha. For more information, see [Disaster Recovery for Embedded Cluster (Alpha)](/vendor/embedded-disaster-recovery).
 
-* **Rollbacks not supported**: The [`allowRollback`](/reference/custom-resource-application#allowrollback) field in the KOTS Application custom resource is not supported for Embedded Cluster installations. In Embedded Cluster installations, the application and the cluster are installed and updated together as a single appliance. Because of this, users cannot roll back (downgrade) the application to an earlier version.
+* **Partial rollback support**: Rollbacks for Embedded Cluster installations are supported only when rolling back to a version where there is no change to the [Embedded Cluster Config](https://docs.replicated.com/reference/embedded-config) compared to the currently-installed version. For example, users can roll back to release version 1.0.0 after upgrading to 1.1.0 only if both 1.0.0 and 1.1.0 use the same Embedded Cluster Config.
 
 * **Changing node hostnames is not supported**: After a host is added to a Kubernetes cluster, Kubernetes assumes that the hostname and IP address of the host will not change. If you need to change the hostname or IP address of a node, you must first remove the node from the cluster. For more information about the requirements for naming nodes, see [Node name uniqueness](https://kubernetes.io/docs/concepts/architecture/nodes/#node-name-uniqueness) in the Kubernetes documentation.
 

docs/vendor/helm-install-airgap.mdx

@@ -72,7 +72,7 @@ To install with Helm in an air gap environment:
     Replicated recommends that vendors provide detailed documentation that describes the values that customers need to configure. 
     :::
 
-1. Finally, use the commands provided and the edited `values.yaml` to run preflight checks and install the release with Helm.
+1. Use the commands provided and the edited `values.yaml` to run preflight checks and install the release with Helm.
 
 ## Perform Updates
 
@@ -101,3 +101,7 @@ After logging into the registry, the customer exports their current version and
 With the list of images the provided `bash` script will automate the process of pulling updated images from the repository, tagging them with a name for an internal registry, and then pushing the newly tagged images to their internal registry. 
 
 Unless the customer has set up the `values` to preserve the updated tag (for example, by using the `latest` tag), they need to edit the `values.yaml` to reference the new image tags. After doing so, they can log in to the OCI registry and perform the commands to install the updated chart.
+
+## Use a Harbor or Artifactory Registry Proxy
+
+You can integrate the Replicated proxy registry with an existing Harbor or jFrog Artifactory instance to proxy and cache images on demand. For more information, see [Using a Registry Proxy for Helm Air Gap Installations (Alpha)](using-third-party-registry-proxy).