Releases: cloud-pi-native/socle
Releases · cloud-pi-native/socle
v2.9.0
v2.8.0
2.8.0 (2024-09-13)
Features
- ✨ Add alert rules + fix some alert names (cf43e63)
- ✨ Add alerting rule (e4b819f)
- ✨ Add alerts for critical events and PVCs (e0653fb)
- ✨ Add alerts for sealed Vault + refactor (11c005e)
- ✨ Add and adapt alerting rules (083c9eb)
- ✨ Add Cert-manager alerting rule (ee335a2)
- ✨ Add CNPG Operator alerting rule (aafc4fd)
- ✨ Add controller alerting rules + fix redis metrics (0bdf461)
- ✨ Add database containes alerting rule (bb99b3e)
- ✨ add dsc.global.profile: cis (e1f6622)
- ✨ Add DSO Console alerting (8992444)
- ✨ Add GitLab Operator alerting rules (37521a8)
- ✨ Add Harbor alerting rules (8bc687b)
- ✨ Add Kyverno alerting rules + new crd parameter (5634d9f)
- ✨ add pluginDownloadUrl for Keycloak (79c92f9)
- ✨ Add summary to alert rule (2c7e366)
- ✨ Adding Nexus alerting rules (740dac8)
- ✨ Adding SonarQube alerting rules (c1a4558)
- ✨ Change value format on PVC alerting message (8f7a2e1)
- ✨ enable argocd applicationset ingress (ba50e45)
- ✨ Finalizing auto upgrade feature (593454e)
- ✨ GitLab webservice alerting rules (ba294b2)
- ✨ handle cnpg replication and add exposure option (ddae834)
- ✨ handle cnpg restore mode (aa60d15)
- ✨ handle global image pull secret (6d71f5e)
- ✨ handle vault backups (31cc428)
- ✨ Introducing Manage Sonarqube upgrade when needed (fa79512)
- ✨ Keycloak DB PVC alerting + alerts renaming (8b05f90)
- ✨ Set alerting default config + enable Keycloak prometheusRule (5174005)
- ✨ Vault alerting rules. (968324c)
- 🔧 Add overwrite limit for gitlab runner (d210f0a)
- 🔧 enable approle authentication on vault (69ae8bb)
- ⚡ use cnpg cluster for gitlab (e5fdd12)
- ✨ add helm repo url (#279) (bd15c97)
- upgrade sonarqube to v10.6.1 (1f31f98)
Bug Fixes
- 🚑 Fix use_image_pull_secret fact definition (7137beb)
- 🎨 Change alert severity level (96509fe)
- 🎨 Fix alerting message (b33b501)
- 🎨 Fix Argo CD dashboard to prevent deprecation (5210ad9)
- 🎨 Fix Gitaly dashboard to prevent deprecation (1d64fbb)
- 🎨 Fix GitLab CI Pipelines dashboard to prevent deprecation (e94d142)
- 🎨 Fix Keycloak dashboard to prevent deprecation (f5d12c9)
- 🎨 Fix Nexus dashboard to prevent deprecation (d6b1620)
- 🎨 Fix Vault dashboard to prevent deprecation (bf19a80)
- 🎨 Remove Vault dashboard unnecessary panel (8eff4cf)
- 🎨 Set alert time (234888a)
- 🎨 Update condition for alert deployment (369244f)
- 🐛 Adapt Argo crb task for haproxy SA (742ea3a)
- 🐛 Adapt PVCs alerting rules (9850f6a)
- 🐛 Add missing requirement (jmespath) (e7d03cd)
- 🐛 Adjust time before alerts triggering (e2d5a6c)
- 🐛 dispatch ingress requests to vault active node (b3e43e6)
- 🐛 Fix "Vault Pod not healthy" alert rule. (715030d)
- 🐛 Fix Argo CD dashboard (6fe788d)
- 🐛 Fix Argo CD dashboard refs (4219f01)
- 🐛 Fix Argo CD Helm repo URL (ed50f06)
- 🐛 Fix Argo CD naming + uninstall (12d821b)
- 🐛 Fix default CNPG config (27df125)
- 🐛 Fix get-versions admin playbook (afd3dd0)
- 🐛 Fix get-versions for cert-manager, CNPG Operator and Grafana Operator (f580b2e)
- 🐛 Fix grafana template blocs order (26caac2)
- 🐛 Fix Harbor prometheusrule (name + time) (4d97dfd)
- 🐛 Fix missing cnpg default configs (c05c1a0)
- 🐛 Fix some alerts duration (42c07b5)
- 🐛 Fix some Keycloak alerting rules (bfe0c61)
- 🐛 Fix typo + missing type in CRD (2201d51)
- 🐛 Fix Vault backup utils deployment tasks ([3969433](https://github.com/cloud-pi-native/...
v2.7.0
2.7.0 (2024-07-09)
Features
- ✨ add dsc.global.offline (87e6bd6)
- ✨ add dsc.global.platform: rke2 (48403de)
- ✨ add proxy cache for Harbor (77d3207)
- ✨ Introducing get-versions playbook (6c0893e)
Bug Fixes
- 🚑 add vault jwt auth config (39d226c)
- 🎨 Indentation (0b02c4d)
- 🐛 Add always tag to cert-manager role (71e1b3f)
- 🐛 Fix placeholder file check (c71d1e0)
- 🐛 Fix ServiceMonitor and standalone config (2b19515)
- 🐛 Fix variable name (0b351f2)
- 🐛 Fix Vault post-install (ab06d38)
- 🐛 gitlab ci catalog sync (3421aa9)
- 🐛 Set default repo URL + sync.yaml filename (6c3abde)
- 🐛 Vault admin group (5ff2b52)
- ✏️ Fix typos (b15e9d2)
- 🔧 block logic for first console deployment (068376d)
- 🔧 populate VAULT_TOKEN in dso-config (e9dad90)
- 🔧 remove force true (9a2eda6)
- 🐛 Fix first install for dso-console (8ffe6a5)
v2.6.0
2.6.0 (2024-06-14)
Features
- ✨ add dsc.global.platform (Vanilla) (682512f)
- ✨ Add gitlab-ci-pipelines-exporter (9c47614)
- ✨ Add keycloak binding, dashboards + refactor (f447b31)
- ✨ Add Keycloak CNPG PodMonitor (f582691)
- ✨ Add PodMonitor for remaining CNPG clusters (d8ba40f)
- ✨ Declare CNPG Dashboard (76350c2)
- ✨ enable keycloak dsfr theme (445b819)
- ✨ Reset Keycloak admin when keycloak secret disapeared (42bd6cc)
- ✨ Set OTP encryption algorithm (da9c416)
- ✨ use cnpg clusters for all services (400f429)
- ✨ use console chart instead of embed helm in console repo (64620a2)
- 🧑💻 enable oidc connection for admins (df339a9)
- ⚡ Improve Grafana stack install and uninstall (406c202)
- ⚡ We might need allowCrossNamespaceImport (ece35a0)
Bug Fixes
- 🚑 Add trailing slash to URLs (6f6beaf)
- 🚑 Fix dso-config secret (c6ce806)
- 🚑 Fix GitLab CI Pipelines Exporter role (token retrieval) (7949c3e)
- 🚑 Removing YAML anchors generating Ansible errors (5b6d23c)
- 🎨 Fix Argo CD Dashboard (fcba600)
- 🎨 Fix Keycloak and SonarQube dashboards (588f986)
- 🎨 Fix Nexus dashboard (6126c2b)
- 🎨 Fix Vault dashboard (ea42530)
- 🎨 Manage datasource UID (47c8451)
- 🎨 use native console cnpg cluster (2f74868)
- 🐛 Adapt join command for Vault node 3 (41aa2c1)
- 🐛 Add conditions to prevent some tasks from failing (ca79f57)
- 🐛 Add missing postgres delete command (78bce70)
- 🐛 add wait endpoints tasks (8f371ab)
- 🐛 cnpg backups management (5bece28)
- 🐛 console deployment related tasks and templates (742f2ab)
- 🐛 Fix Argo CD job name (4a4f6bf)
- 🐛 Fix CNPG Dashboard namespace selector (3261b76)
- 🐛 Fix conf kind + decoding values (8504b71)
- 🐛 Fix GitLab Runner and Gitaly dashboards (960e98f)
- 🐛 Fix HA enablement + OIDC + get credentials (76a8aa1)
- 🐛 Fix Harbor dashboard (95e317f)
- 🐛 Fix missing admin-creds secret update (5724454)
- 🐛 Fix Nexus admin password setting tasks (b5707f3)
- 🐛 Fix some tasks (9d5bcf8)
- 🐛 Fix Vault metric call (76ded42)
- 🐛 get-credentials playbook (7d91efd)
- 🐛 gitlab catalog shell script (e598083)
- 🐛 handle cnpg backups deactivation (5563dd9)
- 🐛 missing pg secret on first console deployment (dd101d8)
- 🐛 Refactor check tasks and fix root_token (8bcc42a)
- 🐛 Remove unneeded time range (a0a2a17)
- 🐛 Upgrade Argo CD to fix servicemonitor deployment (2d2f417)
- 🐛 vault oidc group mapping need full group path (292d6eb)
- 📝 Corrections de typos et reformulations (477b6ad)
- ⚡ Update retries count (85602eb)
Performance Improvements
- ⚡ enable vault ha (d90ee55)
Reverts
Databases
Harbor and Console databases have been migrated to CNPG clusters, to perform the migration, follow the steps bellow :
- Scale down deployments
- Backup database
- Deploy CNPG cluster
- Restore database
- Scale up deployments
To change Harbor database permission from the old user registry to the new one harbor, connect to the primary instance of the fresh CNPG cluster and run the following command :
for tbl in `psql -U postgres -qAt -c "select tablename from pg_tables where schemaname = 'public';" registry`; do
psql -U postgres -c "alter table \"$tbl\" owner to harbor" registry
done
for tbl in `psql -U postgres -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" registry`; do
psql -U postgres -c "alter sequence \"$tbl\" owner to harbor" registry
done
for tbl in `psql -U postgres -qAt -c "select table_name from information_schema.views where table_schema = 'public';" registry`; do
psql -U postgres -c "alter view \"$tbl\" owner to harbor" registry
doneFor more informations, see. https://stackoverflow.com/questions/1348126/postgresql-modify-owner-on-all-tables-simultaneously-in-postgresql
Vault
The vault server is now running in HA, which involves migrating to the raft storage backend by following the steps below :
-
Retrieve the credentials for our standalone Vault instance, e.g. :
ansible-playbook admin-tools/get-credentials.yaml -t vault
-
Connect to Vault and create a test secret if necessary, or check the secrets already present.
-
Launch Vault HA installation via Vault's Ansible role :
ansible-playbook install.yaml -t vault
The installation will create two new pods which will act as standby instances, but it will fail to add them to the raft cluster. This is normal, as the active instance does not yet have raft storage.
-
Open a shell in the vault container on the active Vault pod (vault-0), example in the context of a Vault configured v...
v2.5.0
v2.4.0
v2.3.0
2.3.0 (2024-04-12)
Features
- ✨ add velero pre hook db backups (04773cf)
- ✨ enable daily trivy scan on harbor (cd77551)
- ✨ introduce prometheus crd management (fc225de)
Bug Fixes
- 🐛 fix the ability to customize argo values + security context for AppSet (4a4e175)
- 🐛 in development mode allow 127.0.0.1 (9476919)
- add missing ServiceMonitor CRD (828ae4a)
- regexp without tmp file (861046e)
- remove prometheus CRD task (f589940)
- Upgrade Harbor to 2.10.1 version and Console to 8.0.2 version (6ee3be4)