Merge branch 'master' into ci-improvements

docs/docs-content/architecture/networking-ports.md

@@ -4,6 +4,8 @@ title: "Network Communication and Ports"
 description: "Port-Direction-Purpose Management Platform and Workload Clusters"
 icon: ""
 hide_table_of_contents: false
+# toc_min_heading_level: 2
+toc_max_heading_level: 2
 sidebar_position: 20
 ---
 
@@ -12,38 +14,67 @@ Depending on what version of Palette you are using, the internal architecture an
 
 
 
-<Tabs queryString="networking-ports">
-<TabItem label="gRPC" value="gRPC" que>
-
 ## SaaS Network Communications and Ports
 
+<Tabs groupId="architecture">
+<TabItem label="gRPC" value="gRPC">
 
 
 
 The following ports must be reachable from a network perspective for Palette SaaS to function correctly.
 
-![SaaS Network Diagram with ports](/architecture_networking-ports_saas-network-diagram.png "title=SaaS Network Diagram with ports")
+![SaaS Network Diagram with ports](/architecture_networking-ports_saas-network-diagram-grpc.png "title=SaaS Network Diagram with ports")
 
 
+</TabItem>
 
-#### SaaS Managed
+<TabItem label="NATS" value="nats">
 
+The following ports must be reachable from a network perspective for Palette SaaS to function correctly.
 
-![SaaS network diagram displaying the network paths for edge](/architecture_networking-ports_saas-network-diagram-edge.png)
+![SaaS Network Diagram with ports](/architecture_networking-ports_saas-network-diagram-nats.png "title=SaaS Network Diagram with ports")
 
 
+</TabItem>
 
+</Tabs>
 
-:::caution
 
-NATS is deprecated and will be removed in a future release. Starting with Palette 4.0.0, gRPC is used for all communication between the management platform and the workload cluster.
+### SaaS Managed With Edge
+
+<Tabs groupId="architecture">
+<TabItem label="gRPC" value="gRPC">
+
+
+
+![SaaS network diagram displaying the network paths for edge](/architecture_networking-ports_saas-network-diagram-edge-grpc.png)
+
+
+
+
+
+</TabItem>
+
+<TabItem label="NATS" value="nats">
+
+
+
+![SaaS network diagram displaying the network paths for edge](/architecture_networking-ports_saas-network-diagram-edge-nats.png)
+
+</TabItem>
+</Tabs>
+
 
-:::
 
+## Network Ports
 
 The following ports must be reachable from a network perspective for Palette to operate properly.
 
-## Management Platform
+<Tabs groupId="architecture">
+<TabItem label="gRPC" value="gRPC">
+
+
+### Management Platform
 
 |Port            |Direction|Purpose                   |    
 |:---------------|:---------|:-----------------------|
@@ -52,7 +83,7 @@ The following ports must be reachable from a network perspective for Palette to
 |NATS (tcp/4222) |INBOUND        |Agent running inside connecting to management platform [Deprecated]|
 
 
-## Workload Cluster
+### Workload Cluster
 
 
 |Port            |Direction | Purpose|
@@ -61,47 +92,34 @@ The following ports must be reachable from a network perspective for Palette to
 |HTTPS (tcp/443) |OUTBOUND | gRPC, Registry (packs, integrations), Pack containers, Application Updates|
 |NATS (tcp/4222) |OUTBOUND |Registry (packs, integrations), Pack containers, Application Updates [Deprecated]|
 
-:::info
-
-You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.
-
-:::
-
-
-## Self-Hosted Network Communications and Ports
-
-The following ports must be reachable from a network perspective for Palette self-hosted to function correctly.
-
-
-![On-prem network diagram](/architecture_networking-ports_network-diagram.png "#title="network diagram")
 
 
 
+</TabItem>
 
-:::caution
+<TabItem label="NATS" value="nats">
 
-NATS is deprecated and will be removed in a future release. Starting with Palette 4.0.0, gRPC is used for all communication between the management platform and the workload cluster.
 
-:::
+### Management Platform
 
-## Management Platform
-
-|Port            |Direction|Purpose                   |    
+|**Port**            |**Direction**|**Purpose**                   |    
 |:---------------|:---------|:-----------------------|
-|HTTPS (tcp/443) |INBOUND        |Browser/API access to management platform, gRPC|
-|NATS (tcp/4222) |INBOUND        |Message Bus for workload clusters [Deprecated]|
-|HTTPS (tcp/443) |OUTBOUND       |vSphere vCenter API,  Registry (packs, integrations), Pack containers, app updates, gRPC|
-|HTTPS (tcp/6443)|OUTBOUND       |Workload K8s cluster API Server|
+|HTTPS (tcp/443) |INBOUND        |Browser/API access to management platform|
+|NATS (tcp/4222) |INBOUND        |Agent running inside connecting to management platform|
 
 
-## Workload Cluster
+### Workload Cluster
 
 
-|Port |Direction | Purpose|
+|**Port**            |**Direction** | **Purpose**|
 |:---------------|:---------|:--------------|
 |HTTPS (tcp/443) |OUTBOUND | API access to management platform|
-|NATS (tcp/4222) |OUTBOUND       |Agent communication via message bus. [Deprecated] |
-|HTTPS (tcp/443) |OUTBOUND       |vSphere vCenter API, gRPC, Registry (packs, integrations), Pack containers, Application updates|
+|NATS (tcp/4222) |OUTBOUND       |Registry (packs, integrations), Pack containers, Application Updates|
+|NATS (tcp/4222) |OUTBOUND       |Registry (packs, integrations), Pack containers, Application Updates|
+
+
+</TabItem>
+</Tabs>
 
 :::info
 
@@ -110,84 +128,94 @@ You can expose inbound port 22 for SSH if you would like to access your cluster
 :::
 
 
+## Self-Hosted Network Communications and Ports
 
-</TabItem>
 
-<TabItem label="NATS" value="nats">
+<Tabs groupId="architecture">
+<TabItem label="gRPC" value="gRPC">
 
-## SaaS Network Communications and Ports
 
-The following ports must be reachable from a network perspective for Palette SaaS to function correctly.
+![On-prem network diagram](/architecture_networking-ports_on_prem_network-diagram-grpc.png "#title="network diagram")
 
+</TabItem>
 
-![SaaS Network Diagram with ports](/architecture_networking-ports_network-diagram_nats.png "title=SaaS Network Diagram with ports")
+<TabItem label="NATS" value="nats">
 
+![On-prem network diagram](/architecture_networking-ports_on_prem_network-diagram-nats.png "#title="network diagram")
 
 
-#### SaaS Managed
+</TabItem>
+</Tabs>
 
+The following ports must be reachable from a network perspective for Palette self-hosted to function correctly.
 
-![SaaS network diagram displaying the network paths for edge](/architecture_networking-ports_saas-network-diagram-edge_nats.png)
 
+<Tabs groupId="architecture">
+<TabItem label="gRPC" value="gRPC">
 
-The following ports must be reachable from a network perspective for Palette to operate properly.
 
-## Management Platform
+### Management Platform
 
-|Port            |Direction|Purpose                   |    
+|**Port**            |**Direction**|**Purpose**                   |    
 |:---------------|:---------|:-----------------------|
-|HTTPS (tcp/443) |INBOUND        |Browser/API access to management platform|
-|NATS (tcp/4222) |INBOUND        |Agent running inside connecting to management platform|
+|HTTPS (tcp/443) |INBOUND        |Browser/API access to management platform, gRPC|
+|NATS (tcp/4222) |INBOUND        |Message Bus for workload clusters [Deprecated]|
+|HTTPS (tcp/443) |OUTBOUND       |vSphere vCenter API,  Registry (packs, integrations), Pack containers, app updates, gRPC|
+|HTTPS (tcp/6443)|OUTBOUND       |Workload K8s cluster API Server|
 
 
-## Workload Cluster
+### Workload Cluster
 
 
-|Port            |Direction | Purpose|
+|**Port** |**Direction** | **Purpose**|
 |:---------------|:---------|:--------------|
 |HTTPS (tcp/443) |OUTBOUND | API access to management platform|
-|NATS (tcp/4222) |OUTBOUND       |Registry (packs, integrations), Pack containers, Application Updates|
-|NATS (tcp/4222) |OUTBOUND       |Registry (packs, integrations), Pack containers, Application Updates|
-
-:::info
-
-You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.
+|NATS (tcp/4222) |OUTBOUND       |Agent communication via message bus [Deprecated] |
+|HTTPS (tcp/443) |OUTBOUND       |vSphere vCenter API, gRPC, Registry (packs, integrations), Pack containers, Application updates|
 
-:::
 
 
-## Self-Hosted Network Communications and Ports
+</TabItem>
 
-The following ports must be reachable from a network perspective for Palette self-hosted to function correctly.
+<TabItem label="NATS" value="nats">
 
 
-![On-prem network diagram](/architecture_networking-ports_on_prem_network-diagram.png "#title="network diagram")
 
-## Management Platform
+### Management Platform
 
-|Port            |Direction|Purpose                   |    
+|**Port**            |**Direction**|**Purpose**                   |    
 |:---------------|:---------|:-----------------------|
 |HTTPS (tcp/443) |INBOUND        |Browser/API access to management platform|
 |NATS (tcp/4222) |INBOUND        |Message Bus for workload clusters|
 |HTTPS (tcp/443) |OUTBOUND       |vSphere vCenter API,  Registry (packs, integrations), Pack containers, app updates.|
 |HTTPS (tcp/6443)|OUTBOUND       |Workload K8s cluster API Server|
 
 
-## Workload Cluster
+### Workload Cluster
 
 
-|Port |Direction | Purpose|
+|**Port** |**Direction** | **Purpose**|
 |:---------------|:---------|:--------------|
 |HTTPS (tcp/443) |OUTBOUND | API access to management platform|
 |NATS (tcp/4222) |OUTBOUND       |Agent communication via message bus |
-|HTTPS (tcp/443) |OUTBOUND       |vSphere vCenter API, Registry (packs, integrations), Pack containers, Application updates.
+|HTTPS (tcp/443) |OUTBOUND       |vSphere vCenter API, Registry (packs, integrations), Pack containers, Application updates
+
+
+</TabItem>
+</Tabs>
+
 
 :::info
 
 You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.
 
 :::
 
-</TabItem>
-</Tabs>
+
+
+
+
+
+
+
 

docs/docs-content/clusters/edge/edge-configuration/cloud-init.md

@@ -138,6 +138,57 @@ stages:
                   insecure_skip_verify: true
 ```
 
+
+#### Configure Network With Netplan
+
+You can use the `initramfs` stage and [Netplan](https://netplan.io) to configure network settings before the network initialization. Netplan is a tool that enables you to specify network configurations on Linux systems. Note that this approach is available for Linux systems with Netplan installed. Refer to the [Netplan Documentation](https://netplan.readthedocs.io/en/stable/)  for installation guidance and the [Netplan How-to Guides](https://netplan.readthedocs.io/en/stable/examples/) for more information.
+
+
+```yaml
+stages:
+  initramfs:
+  - users:
+      kairos:
+        groups:
+        - sudo
+        passwd: kairos
+  - commands:
+    - netplan apply
+    files:
+    - content: |
+        network:
+          version: 2
+          renderer: networkd
+          ethernets:
+            ens160:
+              dhcp4: false
+              addresses:
+                - 10.10.190.11/18
+              gateway4: 10.10.128.1
+              nameservers:
+                addresses:
+                  - 8.8.8.8
+                  - 1.1.1.1
+      encoding: ""
+      group: 0
+      owner: 0
+      ownerstring: ""
+      path: /etc/netplan/99_config.yaml
+      permissions: 420
+    name: Config network with Netplan
+```
+
+:::tip
+
+When using the EdgeForge workflow with CanvOS, ensure you add Netplan to the Dockerfile. In the example below, Netplan is installed in an Ubuntu image.
+
+```shell
+apt-get update && apt-get install netplan.io -y
+```
+
+:::
+
+
 ####  Erase Partitions
 
 You can use the `before-install` stage to remove partitions if needed.
@@ -167,6 +218,7 @@ stages:
         - snap install amazon-ssm-agent --classic
 ```
 
+
 #### Pass a Sensitive Information
 
 If you need to transmit sensitive information, such as credentials, during the site installation phase, you can make the Edge installer skip copying specific stages to the edge hosts. The Edge installer will skip copying the stages that follow the `skip-copy-[string]` naming convention. Refer to the [Sensitive Information in the User Data Stages](skip-copying-stages.md) guide to learn more. 

docs/docs-content/release-notes.md

@@ -13,7 +13,7 @@ tags: ["release-notes"]
 
 ## October 22, 2023 - Release 4.1.0
 
-Palette 4.1.0 introduces several new features and enhancements to the platform. New features, such as the automatic SSL control plane certificate renewal and node repavement warnings, are designed to continue to help you manage Kubernetes clusters with confidence. The new built-in notification system for our SaaS platform is another addition designed to help you stay up-to-date with announcements and changes by bringing the news directly to you. 
+Palette 4.1.0 introduces several new features and enhancements to the platform. New features, such as static IP address for Edge hosts and node repavement warnings, are designed to continue to help you manage Kubernetes clusters with confidence. The new built-in notification system for our SaaS platform is another addition designed to help you stay up-to-date with announcements and changes by bringing the news directly to you. 
 
 Check out the following sections to learn about all the new features and improvements introduced in this release.