Releases: QubelyLabs/origamy-cli
Release list
v0.1.16
Origamy CLI v0.1.16
The Ingress exposure path now sets an ingress class.
Previously origamy deploy created an Ingress with no ingressClassName. On a cluster with no default ingress class, no controller claims it and requests fall through to the controller's default-backend 404 (even with a correct host + backend). The deploy now prompts for the ingress class (default nginx) and sets ingestGateway.ingress.className.
Verify your download:
shasum -a 256 -c SHA256SUMS
v0.1.15
Origamy CLI v0.1.15
origamy deploy now requests an internet-facing LoadBalancer.
The AWS Load Balancer Controller (common on EKS) defaults new load balancers to internal — landing the ingestion gateway on private VPC IPs that browsers/SDKs can't reach. Choosing LoadBalancer now sets service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing, so the event endpoint is publicly reachable out of the box. In-tree AWS / GKE / AKS (internet-facing by default) are unaffected.
(Public subnets still need the kubernetes.io/role/elb=1 tag — see the dashboard's BYOD Kubernetes guide.)
Verify your download:
shasum -a 256 -c SHA256SUMS
v0.1.14
Origamy CLI v0.1.14
origamy deploy now sets up your event endpoint and tells you where to send events.
On Kubernetes it prompts how to expose the ingestion gateway:
- LoadBalancer — a cloud load balancer on :8081 (EKS/GKE/AKS)
- Ingress — HTTPS on your own domain
- Internal — ClusterIP only (expose later)
After install it resolves the URL and prints Send events https://…/v1/identify, then nudges you to paste it into your source's Setup tab in the dashboard. Uses data-plane Helm chart 0.1.12 (gateway Ingress + LoadBalancer support).
Verify your download:
shasum -a 256 -c SHA256SUMS
v0.1.13
Origamy CLI v0.1.13
Adds the origamy uninstall command — the teardown counterpart to origamy deploy, and the command the dashboard's workspace-deactivate flow points BYOD customers at.
origamy uninstall <data-plane-id>
Auto-detects your environment:
- Kubernetes →
helm uninstall odp+ deletes theorigamy-dpnamespace - Docker →
docker compose down -vin./origamy-dp-<id>/, then removes the directory
Asks for an explicit confirmation (skip with --yes). Run it before deactivating your workspace so the data plane stops trying to reconnect.
Verify your download:
shasum -a 256 -c SHA256SUMS
v0.1.12
Origamy CLI v0.1.12 — BYOD security release
Security hardening for Bring-Your-Own-Data-Plane enrollment and the install supply chain:
- mTLS enrollment (BYOD Phase 2 client): the CLI now generates an EC P-256 keypair + CSR locally, registers with the control plane in a single round-trip, and stores the issued identity (
tls.crt/tls.key/ca.crt) as a Kubernetes Secret or0600Docker files. The data plane's private key never leaves the machine. - Enrollment credential safety (HIGH): v2 enrollment handles are redeemed over HTTPS instead of decoding the permanent
dpt_token out of the enrollment string. v1 tokens still work for backward compatibility. - Supply-chain integrity: releases now publish
SHA256SUMSand a detached Ed25519 signature (SHA256SUMS.sig).install.shverifies both against an embedded public key (fail-closed) before running the downloaded binary. - ClickHouse password is sourced from a Kubernetes Secret instead of
helm --set(which leaks to Helm history).
Verify your download:
shasum -a 256 -c SHA256SUMS
v0.1.11
v0.1.10
v0.1.9
Helm chart 0.1.9 — complete, self-contained data plane.
Bundles all infrastructure as first-class StatefulSets (matching prod docker-compose exactly):
- NATS (single-node JetStream, 7 streams auto-created), Redis, ClickHouse (24.8, schema auto-loaded), Postgres
- Adds always-on services: segment-evaluator, config-sync, workflow-engine
- ClickHouse/Redis use no-password (cluster-internal, locked down by NetworkPolicy) matching prod
- Per-datastore non-root security contexts (ClickHouse 101, Postgres 70, Redis 999, NATS 1000)
- imagePullPolicy: Always (correct for the mutable :main tag — avoids stale node caches)
- Postgres password + onboarding key auto-generated into Secrets (never in helm history)
v0.1.5
Fix ClickHouse authentication and NATS stream bootstrap
Fixes in chart 0.1.5:
- ClickHouse DSN now embeds credentials in URL (services only read CLICKHOUSE_DSN, not separate env vars)
- New NATS bootstrap Job creates all required JetStream streams (RawEvents, Process, Ingest, Enriched, DLQ) on install/upgrade
- These two fixes unblock: bulker-worker, identity-resolver, portal-agent, transformer-engine