Docs updates for Server 4.8

jekyll/_cci2/migrate-from-launch-agent-to-machine-runner-3-on-windows.adoc

@@ -22,7 +22,7 @@ Migrating from launch agent to machine runner 3.0 is a straightforward process.
 == 1. Uninstall launch agent
 The first step is to uninstall launch agent.
 
-. Download the https://github.com/CircleCI-Public/runner-installation-files/tree/main/windows-install[`Uninstall-CircleCIRunner.ps1` script] from GitHub to an easily accessible location.
+. Download the https://github.com/CircleCI-Public/runner-installation-files/tree/main/windows-install[`Uninstall-CircleCIRunner.ps1` script] from GitHub to an accessible location.
 . Open PowerShell as an administrator and navigate to the directory where you placed the script file.
 
 . Run the following in your PowerShell:
@@ -46,7 +46,7 @@ copy "$env:ProgramFiles\CircleCI\runner-agent-config.yaml" "$desktopDir/runner-a
 [#install-machine-runner]
 == 3. Install machine runner 3.0
 
-. Download the https://github.com/CircleCI-Public/runner-installation-files/tree/main/windows-install/circleci-runner[`Install-CircleCIRunner.ps1` script] from GitHub to an easily accessible location.
+. Download the https://github.com/CircleCI-Public/runner-installation-files/tree/main/windows-install/circleci-runner[`Install-CircleCIRunner.ps1` script] from GitHub to an accessible location.
 
 . Open PowerShell as an administrator and navigate to the directory where you placed the script file.
 

jekyll/_cci2/server/latest/air-gapped-installation/additional-considerations.adoc

@@ -1,13 +1,13 @@
 ---
 contentTags:
   platform:
-  - Server v4.7
+  - Server v4.8
   - Server Admin
 ---
 = Additional considerations
 :page-layout: classic-docs
 :page-liquid:
-:page-description: This page presents some items that should be considered when starting an air-gapped installation of CircleCI server v4.7.
+:page-description: This page presents some items that should be considered when starting an air-gapped installation of CircleCI server v4.8.
 :icons: font
 :toc: macro
 :toc-title:

jekyll/_cci2/server/latest/air-gapped-installation/example-values.adoc

@@ -1,13 +1,13 @@
 ---
 contentTags:
   platform:
-  - Server v4.7
+  - Server v4.8
   - Server Admin
 ---
 = Example `values.yaml`
 :page-layout: classic-docs
 :page-liquid:
-:page-description: This page presents an example values.yaml file to help with setting up an air-gapped installation of CircleCI server v4.7.
+:page-description: This page presents an example values.yaml file to help with setting up an air-gapped installation of CircleCI server v4.8.
 :icons: font
 :toc: macro
 :toc-title:
@@ -73,7 +73,6 @@ object_storage:
 # Distributor using CircleCI Agent in Minio
 distributor:
   agent_base_url: http://minio.internal.example.com:9000/circleci-data
-  launch_agent_base_url: http://minio.internal.example.com:9000/circleci-data
 
 # Nomad
 nomad:

jekyll/_cci2/server/latest/air-gapped-installation/phase-1-prerequisites.adoc

@@ -1,14 +1,14 @@
 ---
 contentTags:
   platform:
-    - Server v4.7
+    - Server v4.8
     - Server Admin
 ---
 = Phase 1 - Prerequisites
 :page-layout: classic-docs
 :page-liquid:
 :experimental:
-:page-description: A guide to installing CircleCI server v4.7 in an air-gapped environment. Requirements, images and Helm charts.
+:page-description: A guide to installing CircleCI server v4.8 in an air-gapped environment. Requirements, images and Helm charts.
 :icons: font
 :toc: macro
 :toc-title:
@@ -61,87 +61,75 @@ Download all images required for the release of CircleCI server to your local ma
 
 [,bash]
 ----
-SERVER_4_7_IMAGE_LIST=`cat <<EOF
-cciserver.azurecr.io/api-gateway:0.1.49191-1d80931
-cciserver.azurecr.io/api-service:0.1.19809-2c27b769
-cciserver.azurecr.io/approval-job-provider-migrator:1.0.22210-1e8ba07
-cciserver.azurecr.io/audit-log-service:0.1.1767-a014907
-cciserver.azurecr.io/authentication-svc:0.1.31069-c3ff89c
+SERVER_4_8_IMAGE_LIST=`cat <<EOF
+cciserver.azurecr.io/api-gateway:0.1.61921-e4a01bc
+cciserver.azurecr.io/api-service:0.1.21904-86fef64a
+cciserver.azurecr.io/approval-job-provider-migrator:1.0.23431-d070abe
+cciserver.azurecr.io/audit-log-service:0.1.2153-c94eb0f
+cciserver.azurecr.io/authentication-svc:0.1.45454-e22f36f
 cciserver.azurecr.io/authentication-svc-migrator:0.1.17533-7681416
-cciserver.azurecr.io/branch-service:0.1.5146-5123808
-cciserver.azurecr.io/branch-service-migrator:0.1.5145-5123808
-cciserver.azurecr.io/builds-service:1.0.7343-84779b5
-cciserver.azurecr.io/builds-service-migrator:1.0.7343-84779b5
-cciserver.azurecr.io/ciam:0.1.32056-480583e
-cciserver.azurecr.io/ciam-gateway:0.1.7603-883d322
-cciserver.azurecr.io/contexts-service:0.1.23652-7e97303
-cciserver.azurecr.io/contexts-service-migrator:0.1.23651-7e97303
-cciserver.azurecr.io/cron-service:0.1.5169-cbc93dd
-cciserver.azurecr.io/cron-service-migrator:0.1.5170-cbc93dd
-cciserver.azurecr.io/distributor:0.1.137585-444fb120
-cciserver.azurecr.io/distributor-migrator:0.1.137584-444fb120
-cciserver.azurecr.io/docker-provisioner:0.1.27473-7465c1c
-cciserver.azurecr.io/domain-service:0.1.18086-464027e
-cciserver.azurecr.io/domain-service-migrator:0.1.18085-464027e
-cciserver.azurecr.io/execution-gateway:0.1.22605-9cd2443
-cciserver.azurecr.io/feature-flags:0.1.7871-2143698
-cciserver.azurecr.io/frontend:0.2.37400-0682aca-snapshot
-cciserver.azurecr.io/init-known-hosts:1.0.15-4c88cf7
-cciserver.azurecr.io/insights-service:0.1.89109-a6fd61a5
-cciserver.azurecr.io/insights-service-migrator:0.1.89110-a6fd61a5
-cciserver.azurecr.io/machine-provisioner:0.1.84130-76afc75
-cciserver.azurecr.io/machine-provisioner-migrator:0.1.84123-76afc75
-cciserver.azurecr.io/nomad:1.4.568-bfc9a6ec4-125-a748c37
-cciserver.azurecr.io/orb-service:0.1.89027-f8ec8ae
-cciserver.azurecr.io/orb-service-analytics-migrator:0.1.89028-f8ec8ae
-cciserver.azurecr.io/orb-service-migrator:0.1.89025-f8ec8ae
-cciserver.azurecr.io/output:0.1.28505-222a47e
-cciserver.azurecr.io/permissions-service:0.1.32058-480583e
-cciserver.azurecr.io/permissions-service-migrator:0.1.32057-480583e
-cciserver.azurecr.io/policy-service:0.1.6789-4e9d8f6
-cciserver.azurecr.io/runner-admin:0.1.22266-f606ca5
-cciserver.azurecr.io/runner-admin-migrator:0.1.22253-f606ca5
-cciserver.azurecr.io/server-license:1.0.14-9cb1f65
-cciserver.azurecr.io/server-postgres:12.16.135-34b4cfa
+cciserver.azurecr.io/branch-service:0.1.8001-c4fda8e
+cciserver.azurecr.io/branch-service-migrator:0.1.8000-c4fda8e
+cciserver.azurecr.io/builds-service:1.0.7795-fb357b9
+cciserver.azurecr.io/builds-service-migrator:1.0.7795-fb357b9
+cciserver.azurecr.io/ciam:0.1.42389-d9b9756
+cciserver.azurecr.io/ciam-gateway:0.1.11398-bfc865d
+cciserver.azurecr.io/circle-www-api:0.1.711488-642e2d1832
+cciserver.azurecr.io/contexts-service:0.1.24798-a6b197a
+cciserver.azurecr.io/contexts-service-migrator:0.1.24797-a6b197a
+cciserver.azurecr.io/cron-service:0.1.5830-6ec2408
+cciserver.azurecr.io/cron-service-migrator:0.1.5831-6ec2408
+cciserver.azurecr.io/distributor:0.1.141342-97f6a50c
+cciserver.azurecr.io/distributor-migrator:0.1.141343-97f6a50c
+cciserver.azurecr.io/docker-provisioner:0.1.42238-2278cdc
+cciserver.azurecr.io/domain-service:0.1.18952-cb0f939
+cciserver.azurecr.io/domain-service-migrator:0.1.18951-cb0f939
+cciserver.azurecr.io/execution-gateway:0.1.25576-5a1b55e
+cciserver.azurecr.io/feature-flags:0.1.8767-2d3e16b
+cciserver.azurecr.io/init-known-hosts:1.0.72-cca8263
+cciserver.azurecr.io/insights-service:0.1.92656-9aba6041
+cciserver.azurecr.io/insights-service-migrator:0.1.92655-9aba6041
+cciserver.azurecr.io/machine-provisioner:0.1.92089-38be0c2
+cciserver.azurecr.io/machine-provisioner-migrator:0.1.92084-38be0c2
+cciserver.azurecr.io/orb-service:0.1.102697-5efbd597
+cciserver.azurecr.io/orb-service-analytics-migrator:0.1.102699-5efbd597
+cciserver.azurecr.io/orb-service-migrator:0.1.102697-5efbd597
+cciserver.azurecr.io/output:0.1.30932-9b859a8
+cciserver.azurecr.io/permissions-service:0.1.42391-d9b9756
+cciserver.azurecr.io/permissions-service-migrator:0.1.42390-d9b9756
+cciserver.azurecr.io/policy-service:0.1.9419-5d7da65
+cciserver.azurecr.io/public-api-service:0.1.38704-762b942
+cciserver.azurecr.io/runner-admin:0.1.27514-fb12e67
+cciserver.azurecr.io/runner-admin-migrator:0.1.27508-fb12e67
+cciserver.azurecr.io/server-license:1.0.90-16b88b3
 cciserver.azurecr.io/server-postgres:12.16.37-7629bfd
-cciserver.azurecr.io/step:0.1.8536-cb55342
+cciserver.azurecr.io/server-postgres:12.22.445-4d84973
+cciserver.azurecr.io/server-rabbitmq:3.12.423-3363c50
+cciserver.azurecr.io/step:0.1.9950-a5e4a61
 cciserver.azurecr.io/vault-cci:0.4.196-1af3417
-cciserver.azurecr.io/webhook-service:0.1.10044-e27a44a
-cciserver.azurecr.io/webhook-service-migrator:0.1.10042-e27a44a
-cciserver.azurecr.io/web-ui:0.1.65498-227ac7d06f
-cciserver.azurecr.io/web-ui-authentication:0.1.64589-37b6c819c1
-cciserver.azurecr.io/web-ui-insights:0.1.63994-b0c0ae8ea1
-cciserver.azurecr.io/web-ui-onboarding:0.1.65876-d922ac933b
-cciserver.azurecr.io/web-ui-org-settings:0.1.65496-227ac7d06f
-cciserver.azurecr.io/web-ui-project-settings:0.1.62023-b851e0d9bd
-cciserver.azurecr.io/web-ui-runners:0.1.64064-db6d5c6481
-cciserver.azurecr.io/web-ui-server-admin:0.1.3937-5250c09
-cciserver.azurecr.io/web-ui-user-settings:0.1.63989-b0c0ae8ea1
-cciserver.azurecr.io/workflows-conductor:1.0.22210-1e8ba07
-cciserver.azurecr.io/workflows-conductor-migrator:1.0.22210-1e8ba07
-circleci/picard:1.0.254724-7e8e2f9b
+cciserver.azurecr.io/webhook-service:0.1.12058-da092c4
+cciserver.azurecr.io/webhook-service-migrator:0.1.12059-da092c4
+cciserver.azurecr.io/web-ui:0.1.133999-ac8148f608
+cciserver.azurecr.io/web-ui-authentication:0.1.119922-bd2b764ed5
+cciserver.azurecr.io/web-ui-server-admin:0.1.127516-c8690d5814
+cciserver.azurecr.io/workflows-conductor:1.0.23431-d070abe
+cciserver.azurecr.io/workflows-conductor-migrator:1.0.23431-d070abe
+circleci/picard:1.0.275302-e49eabce
 docker.io/bitnami/mongodb:3.6.22-debian-9-r38
-docker.io/bitnami/rabbitmq:3.11.16-debian-11-r0
 docker.io/bitnami/redis:6.2.1-debian-10-r13
-hashicorp/nomad-autoscaler:0.3.7
-jimmidyson/configmap-reload:v0.5.0
-k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.3.0
-kong:3.3.1
-mongo:3.6
-nginxinc/nginx-unprivileged:1.27.0
-prom/pushgateway:v1.4.2
-quay.io/prometheus/alertmanager:v0.23.0
-quay.io/prometheus/node-exporter:v1.3.0
-quay.io/prometheus/prometheus:v2.31.1
+docker.io/library/telegraf:1.34-alpine
+hashicorp/nomad:1.10.0
+hashicorp/nomad-autoscaler:0.4.6
+kong:3.4.2
+nginxinc/nginx-unprivileged:1.28.0
 quay.io/soketi/soketi:1.6-16-distroless
-telegraf:1.24-alpine
 EOF
 `
 ----
 
 [source, bash]
 ----
-echo $SERVER_4_7_IMAGE_LIST | while read -r image; do docker pull $image; done
+echo $SERVER_4_8_IMAGE_LIST | while read -r image; do docker pull $image; done
 ----
 
 [#copy-all-images]

jekyll/_cci2/server/latest/air-gapped-installation/phase-2-configure-object-storage.adoc

@@ -1,13 +1,13 @@
 ---
 contentTags:
   platform:
-  - Server v4.7
+  - Server v4.8
   - Server Admin
 ---
 = Phase 2 - Configure object storage
 :page-layout: classic-docs
 :page-liquid:
-:page-description: How to configure object storage through MinIO to run CircleCI server v4.7 in an air-gapped environment.
+:page-description: How to configure object storage through MinIO to run CircleCI server v4.8 in an air-gapped environment.
 :icons: font
 :experimental:
 :toc: macro
@@ -201,18 +201,6 @@ curl -O https://circleci-binary-releases.s3.amazonaws.com/circleci-agent/canary.
 
 Copy this `canary.txt` file to the root directory of the `circleci-data` bucket.
 
-[#copy-candidate-txt-file]
-=== b. Copy candidate.txt file
-Download the `candidate.txt` file required by `runner_admin`.
-
-[,bash]
-----
-# Download candidate.txt
-curl -O https://circleci-binary-releases.s3.amazonaws.com/circleci-launch-agent/candidate.txt
-----
-
-Copy this `candidate.txt` file to the root directory of the `circleci-data` bucket.
-
 [#next-steps]
 == Next steps
 

jekyll/_cci2/server/latest/air-gapped-installation/phase-3-install-circleci-server.adoc

@@ -1,13 +1,13 @@
 ---
 contentTags:
   platform:
-  - Server v4.7
+  - Server v4.8
   - Server Admin
 ---
 = Phase 3 - install CircleCI server
 :page-layout: classic-docs
 :page-liquid:
-:page-description: How to install the CircleCI server v4.7 Helm deployment to an air-gapped environment.
+:page-description: How to install the CircleCI server v4.8 Helm deployment to an air-gapped environment.
 :icons: font
 :toc: macro
 :toc-title:
@@ -83,22 +83,12 @@ NOTE: Update the endpoint protocol to `http` or `https` depending on your MinIO
 
 
 === d. Configure MinIO build agent
-In the distributor section of the `values.yaml` file, point `agent_base_url` and `launch_agent_base_url` to the `circleci-data` bucket you created in your MinIO installation.
+In the distributor section of the `values.yaml` file, point `agent_base_url` to the `circleci-data` bucket you created in your MinIO installation.
 
 [source, yaml]
 ----
 distributor:
   agent_base_url: http://<minio-internal-hostname>:9000/circleci-data/
-  launch_agent_base_url: http://<minio-internal-hostname>:9000/circleci-data/
-----
-
-Update the `runner_admin` section of the `values.yaml` file to point `external.launch_agent_base_url` to the `circleci-data` bucket.
-
-[source, yaml]
-----
-runner_admin:
-  external:
-    launch_agent_base_url: http://<minio-internal-hostname>:9000/circleci-data/
 ----
 
 NOTE: Port 9000 is referenced here as that is a default for MinIO. If your MinIO instance is configured differently, this port will need to be updated.
@@ -175,7 +165,7 @@ We recommend first creating a namespace (`circleci-server`) and deploying the ch
 
 [source,bash,subs=attributes+]
 ----
-helm install circleci-server ./circleci-server/ -n <kubernetes-namespace> --version {serverversion47} -f <path-to-values.yaml>
+helm install circleci-server ./circleci-server/ -n <kubernetes-namespace> --version {serverversion48} -f <path-to-values.yaml>
 ----
 
 [#post-install-circleci-server-helm-airgap]

jekyll/_cci2/server/latest/air-gapped-installation/phase-4-configure-nomad-clients.adoc

@@ -1,13 +1,13 @@
 ---
 contentTags:
   platform:
-  - Server v4.7
+  - Server v4.8
   - Server Admin
 ---
 = Phase 4 - Configure Nomad clients
 :page-layout: classic-docs
 :page-liquid:
-:page-description: How to configure Nomad clients to run with CircleCI server v4.7 in an air-gapped environment.
+:page-description: How to configure Nomad clients to run with CircleCI server v4.8 in an air-gapped environment.
 :icons: font
 :toc: macro
 :toc-title:

jekyll/_cci2/server/latest/air-gapped-installation/phase-5-test-your-installation.adoc

@@ -1,13 +1,13 @@
 ---
 contentTags:
   platform:
-  - Server v4.7
+  - Server v4.8
   - Server Admin
 ---
 = Phase 5 - Test your installation
 :page-layout: classic-docs
 :page-liquid:
-:page-description: How to test your CircleCI server v4.7 installation in an air-gapped environment.
+:page-description: How to test your CircleCI server v4.8 installation in an air-gapped environment.
 :icons: font
 :toc: macro
 :toc-title:

jekyll/_cci2/server/latest/installation/hardening-your-cluster.adoc

@@ -1,13 +1,13 @@
 ---
 contentTags:
   platform:
-  - Server v4.7
+  - Server v4.8
   - Server Admin
 ---
 = Hardening your cluster
 :page-layout: classic-docs
 :page-liquid:
-:page-description: This section provides supplemental information on hardening your Kubernetes cluster for CircleCI server v4.7.
+:page-description: This section provides supplemental information on hardening your Kubernetes cluster for CircleCI server v4.8.
 :icons: font
 :toc: macro
 :toc-title:
@@ -26,6 +26,8 @@ NOTE: An nginx reverse proxy is placed in front of link:https://github.com/Kong/
 
 CAUTION: When using Amazon Certificate Manager (ACM), the name of the nginx service will be `circleci-proxy-acm` instead of `circleci-proxy`. If you have switched from some other method of handling your TLS certificates to using ACM, this change will recreate the load balancer and you will have to reroute your associated DNS records for your `<domain>` and `app.<domain>`.
 
+CAUTION: When using Nomad, clients and servers should be configured to use MTLS for secure communication. 
+
 [#network-traffic]
 == Network traffic
 This section explains the minimum requirements for a server installation to work. Depending on your workloads, you might need to add additional rules to egress for Nomad clients and VMs. As nomenclature between cloud providers differs, you will probably need to implement these rules using firewall rules and/or security groups.
@@ -282,5 +284,5 @@ When hardening an installation where the machine provisioner uses public IP addr
 
 ifndef::pdf[]
 ## Next steps
-* xref:../operator/operator-overview#[Server v4.7 Operator Overview]
+* xref:../operator/operator-overview#[server v4.8 Operator Overview]
 endif::[]