Skip to content

Releases: QubelyLabs/origamy-cli

v0.1.16

Choose a tag to compare

@africhild africhild released this 01 Jul 16:50
d624d69

Origamy CLI v0.1.16

The Ingress exposure path now sets an ingress class.

Previously origamy deploy created an Ingress with no ingressClassName. On a cluster with no default ingress class, no controller claims it and requests fall through to the controller's default-backend 404 (even with a correct host + backend). The deploy now prompts for the ingress class (default nginx) and sets ingestGateway.ingress.className.

Verify your download:

shasum -a 256 -c SHA256SUMS

v0.1.15

Choose a tag to compare

@africhild africhild released this 01 Jul 09:22
156bb0a

Origamy CLI v0.1.15

origamy deploy now requests an internet-facing LoadBalancer.

The AWS Load Balancer Controller (common on EKS) defaults new load balancers to internal — landing the ingestion gateway on private VPC IPs that browsers/SDKs can't reach. Choosing LoadBalancer now sets service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing, so the event endpoint is publicly reachable out of the box. In-tree AWS / GKE / AKS (internet-facing by default) are unaffected.

(Public subnets still need the kubernetes.io/role/elb=1 tag — see the dashboard's BYOD Kubernetes guide.)

Verify your download:

shasum -a 256 -c SHA256SUMS

v0.1.14

Choose a tag to compare

@africhild africhild released this 01 Jul 07:58
50360b7

Origamy CLI v0.1.14

origamy deploy now sets up your event endpoint and tells you where to send events.

On Kubernetes it prompts how to expose the ingestion gateway:

  • LoadBalancer — a cloud load balancer on :8081 (EKS/GKE/AKS)
  • Ingress — HTTPS on your own domain
  • Internal — ClusterIP only (expose later)

After install it resolves the URL and prints Send events https://…/v1/identify, then nudges you to paste it into your source's Setup tab in the dashboard. Uses data-plane Helm chart 0.1.12 (gateway Ingress + LoadBalancer support).

Verify your download:

shasum -a 256 -c SHA256SUMS

v0.1.13

Choose a tag to compare

@africhild africhild released this 30 Jun 21:27
523edc5

Origamy CLI v0.1.13

Adds the origamy uninstall command — the teardown counterpart to origamy deploy, and the command the dashboard's workspace-deactivate flow points BYOD customers at.

origamy uninstall <data-plane-id>

Auto-detects your environment:

  • Kuberneteshelm uninstall odp + deletes the origamy-dp namespace
  • Dockerdocker compose down -v in ./origamy-dp-<id>/, then removes the directory

Asks for an explicit confirmation (skip with --yes). Run it before deactivating your workspace so the data plane stops trying to reconnect.

Verify your download:

shasum -a 256 -c SHA256SUMS

v0.1.12

Choose a tag to compare

@africhild africhild released this 30 Jun 18:19
9216093

Origamy CLI v0.1.12 — BYOD security release

Security hardening for Bring-Your-Own-Data-Plane enrollment and the install supply chain:

  • mTLS enrollment (BYOD Phase 2 client): the CLI now generates an EC P-256 keypair + CSR locally, registers with the control plane in a single round-trip, and stores the issued identity (tls.crt/tls.key/ca.crt) as a Kubernetes Secret or 0600 Docker files. The data plane's private key never leaves the machine.
  • Enrollment credential safety (HIGH): v2 enrollment handles are redeemed over HTTPS instead of decoding the permanent dpt_ token out of the enrollment string. v1 tokens still work for backward compatibility.
  • Supply-chain integrity: releases now publish SHA256SUMS and a detached Ed25519 signature (SHA256SUMS.sig). install.sh verifies both against an embedded public key (fail-closed) before running the downloaded binary.
  • ClickHouse password is sourced from a Kubernetes Secret instead of helm --set (which leaks to Helm history).

Verify your download:

shasum -a 256 -c SHA256SUMS

v0.1.11

Choose a tag to compare

@africhild africhild released this 28 Jun 08:36
5c5a959

Origamy CLI v0.1.11

v0.1.10

Choose a tag to compare

@africhild africhild released this 28 Jun 07:48
7de943a

Origamy CLI v0.1.10

v0.1.9

Choose a tag to compare

@africhild africhild released this 27 Jun 22:17

Helm chart 0.1.9 — complete, self-contained data plane.

Bundles all infrastructure as first-class StatefulSets (matching prod docker-compose exactly):

  • NATS (single-node JetStream, 7 streams auto-created), Redis, ClickHouse (24.8, schema auto-loaded), Postgres
  • Adds always-on services: segment-evaluator, config-sync, workflow-engine
  • ClickHouse/Redis use no-password (cluster-internal, locked down by NetworkPolicy) matching prod
  • Per-datastore non-root security contexts (ClickHouse 101, Postgres 70, Redis 999, NATS 1000)
  • imagePullPolicy: Always (correct for the mutable :main tag — avoids stale node caches)
  • Postgres password + onboarding key auto-generated into Secrets (never in helm history)

v0.1.5

Choose a tag to compare

@africhild africhild released this 27 Jun 21:03

Fix ClickHouse authentication and NATS stream bootstrap

Fixes in chart 0.1.5:

  • ClickHouse DSN now embeds credentials in URL (services only read CLICKHOUSE_DSN, not separate env vars)
  • New NATS bootstrap Job creates all required JetStream streams (RawEvents, Process, Ingest, Enriched, DLQ) on install/upgrade
  • These two fixes unblock: bulker-worker, identity-resolver, portal-agent, transformer-engine

v0.1.4

Choose a tag to compare

@africhild africhild released this 27 Jun 20:39

Fix all startup issues: portal-agent binary permissions, identity-resolver ClickHouse DSN missing, gateway write-keys secret missing, ClickHouse readiness probe.