Frinx Machine 1.10 RELEASE NOTE:

Frinx Machine

Improved vulnerability scanning in module repositories
New optional service Unistore
Improved RBAC scripts and documentation

Certs

Uniconfig-controller run without TLS enabled
Traefik TLS certificates are autogenerated during installation
- The secured connection between swarm nodes
- frinx_uniconfig_tls_cert.pem, frinx_uniconfig_tls_key.pem
- Unique certs in each deployment
KrakenD TLS certificates can be selected by a user or autogenerated
Certs are monitored in Grafana dashboard SSL Monitoring (x509_cert)
Default CN is * and valid is 365 days, self-signed
Stored in docker secrets

Docker secrets:

All sensitive configurations are stored in docker secrets
Default values can be found in config/secrets
RBAC configuration, worker config
Azure AD configuration via azure_ad.sh
Grafana default user changed

Uniconfig zone networking

Each Uniconfig zone has its own network (network name based on zone name)
Communication to uniconfig-controller only via dedicated Traefik load balancer
Network Isolation of uniconfig-controllers and Postgres databases

Updated Services

Uniconfig

Version 5.0.11

Unistore

Optional service
L3VPN automation

Postgresql

Version 12.10

Frinx Frontend

NodeJS server instead of Nginx
Configuration via environment variables
L3VPN automation
Workflow-builder improvements

Conductor

upstream version 3.5.2
back compatibility (bulk/terminate)
external storage use same postgres datasource as conductor
separate metrics from console logs

Workflow-proxy

uniconfig swagger for multi-zone
bulk/terminate operation via POST method
hierarchical view performance improvement

Device inventory

transaction management, history view and revert

Uniresource

new resource cleaning strategies
pagination for resource queries

Schellar

increase workflow name size

KrakenD

bump to version 2.0.4
Security improvements in plugin
Improved security in configuration files

Traefik

bump version to v2.7

Monitoring

Cert monitoring dashboard
Improved device monitoring dashboard
Conductor metrics stored in InfluxDB
Uniconfig metrics stored in InfluxDB

REST API changes

New workflow-proxy endpoints

PUT - /api/unistore/data/*...
GET - /api/unistore/data/*...
PATCH - /api/unistore/data/*...
DELETE - /api/unistore/data/*...
POST - /api/unistore/data/*...
POST - /api/unistore/operations/*...
GET - /*...

Removed workflow-proxy endpoints

POST - /api/uniflow/schedule
GET - /
GET - /bundle.js
GET - /-/config.js
GET - /favicon.ico