Version 6.0.0-alpha.16

Packages

We have made new alpha release 16:

Agent image:

public.ecr.aws/q8a6e1s5/public-agent:v6.0.0-alpha.1-8-g22f83c3e4

lenses/public-agent:v6.0.0-alpha.1-8-g22f83c3e4

HQ image:

public.ecr.aws/q8a6e1s5/public-hq:v6.0.0-alpha.16

```
lenses/public-hq:v6.0.0-alpha.16
```

New Helm version 16 for agent and for the HQ:

HQ Changelog

Introducing License

With the new version of HQ, we are introducing licence. Every customer will receive licence separately.

Additional field acceptEULA has been introduced as well and has to be accepted otherwise HQ will fail on startup.

values.yaml

license:
  # -- (string) Enables usage of secret for licence.
  # **Required: false**
  referenceFromSecret: false
  # -- (string) Secret name where licence is stored.
  # **Required: false**
  secretName: ""
  # -- (string) Secret key where within a secret where licence is sotred.
  # **Required: false**
  secretKeyName: ""
  # Marks the end-user license agreement (EULA) as accepted.
  acceptEULA: true

values.yaml

license:
  stringData: ""
  acceptEULA: true

New authentication method (Password based)

In the new release, password-based authentication has been introduced as an optional method alongside SAML / SSO.

lensesHq_
  auth:
    # -- Adds uses for password based auth
    # **Required: false**
    users:
      - username: admin
        # bcrypt("changeme").
        password: $2a$12$dTSwP3jgCQPoBNDYXNoLy.6l7fMcHYgonl0u8GYCOrkfGM4a.8jze

Existing property samlnow has new field saml.enabled which either enabled or disables SAML / SSO

values.yaml

lensesHq:
  auth:
    saml:
      # -- Enables SAML / SSO authentication
      # **Required: true**
      enabled: false

values.yaml

lensesHq:
  auth:
    administrators:
      - admin@example.com
      - admin
    users:
      - username: admin
        # bcrypt("admin").
        password: $2a$10$DPQYpxj4Y2iTWeuF1n.ItewXnbYXh5/E9lQwDJ/cI/.gBboW2Hodm
    sessionDuration: "23h"
    saml:
      enabled: true
      baseURL: "https://your.hq.url"
      entityID: "https://your.hq.url"
      # -- Example: <?xml version="1.0" ... (big blob of xml) </md:EntityDescriptor>
      metadata:
        referenceFromSecret: true
        secretName: hq-saml-metadata
        secretKeyName: metadata.xml

SAML / SSO is now optional

In previous versions, SAML / SSO was a mandatory requirement for authentication. However, with the new release, it becomes optional, allowing you to choose between password-based authentication and SAML / SSO according to your needs.

Existing alpha users will have to introduce lensesHq.saml.enabled property into their values.yaml files

values.yaml

lensesHq:
  auth:
    saml:
      # -- Enables SAML / SSO authentication
      # **Required: true**
      enabled: false

Ingress structure changes + new agent ingress

In this release, the ingress configuration has been enhanced to provide more flexibility.

Previously, the HQ chart supported a single ingress setting, but now you can define separate ingress configurations for HTTP and the agent.

This addition allows you to tailor ingress rules more specifically to your deployment needs, with dedicated rules for handling HTTP traffic and TCP-based agent connections.

The http ingress is intended only for HTTP/S traffic, while the agents ingress is designed specifically for TCP protocol. Ensure appropriate ingress configuration for your use case.

values.yaml

ingress:
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.middlewares: common-traefik-basic-auth@kubernetescrd
  enabled: true
  host: example.com

In the following example you will notice how ingress configuration has been broken into:

http - which covers main ingress for HQ and where users will be accessing HQ portal
agent - new and additional ingress which allows you to add new ingress with your custom implementation, whether it is Traefik or any other based.

By default both http and agent ingresses are disabled.

values.yaml

ingress:
  http:
    enabled: true
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
    host: example.com

  agent:
    enabled: true
    agentIngressConfig:
      apiVersion: traefik.containo.us/v1alpha1
      kind: IngressRouteTCP
      metadata:
        name: agents
      spec:
        entryPoints:
          - agents
        routes:
          - match: HostSNI(`example.com`)  # HostSNI to match TLS for TCP
            services:
              - name: lenses-hq            # Replace with your service name
                port: 10000                # Agent default TCP port  
        tls: {}

Agent

Due to new changes in provisioning structure, the database to which agent is connected must be recreated.

Changes in provisioning connection to HQ

In the provisioning, there has been slight adjustment in connection naming with HQ.

Changes:

grpcServer has been renamed to lensesHq
apiKey has been renamed to agentKey

values.yaml

lenses:
  provision:
    enabled: true
    version: "2"
    path: /mnt/provision-secrets
    connections:
      grpcServer:     # Property that has changed
        - name: lenses-hq
          version: 1
          tags: ['hq']
          configuration:
            server:
              value: [HQ_URL]
            port:
              value: 10000
            apiKey:     # Property that has changed
              value: ${LENSESHQ_AGENT_KEY}

values.yaml

lenses:
  provision:
    enabled: true
    version: "2"
    path: /mnt/provision-secrets
    connections:
      lensesHq:    # Renamed property
        - name: lenses-hq
          version: 1
          tags: ['hq']
          configuration:
            server:
              value: [HQ_URL]
            port:
              value: 10000
            agentKey:    # Renamed property
              value: ${LENSESHQ_AGENT_KEY}

Known issues

With the new version of Agent, HQ connection in provisioning has changed which requires complete recreation of database. Following log message will indicate it:

 liquibase.exception.ValidationFailedException: Validation Failed:                                                                                                           │
│      1 change sets check sum                                                                                                                                                │
│           io/lenses/store/jdbc/migration/6.0.0/02_new_template_data.xml::2::lenses was: 8:357e3bd4e93a5cc938420eb2521c4b7c but is now: 8:03dad3472f5facacdd10a985e5e02da3   │

PreviousHelm NextVersion 6.0.0-alpha.14

Last updated 6 months ago

Was this helpful?