Version 6.0.0-alpha.16
Packages
We have made new alpha release 16:
Agent image:
public.ecr.aws/q8a6e1s5/public-agent:v6.0.0-alpha.1-8-g22f83c3e4lenses/public-agent:v6.0.0-alpha.1-8-g22f83c3e4
HQ image:
public.ecr.aws/q8a6e1s5/public-hq:v6.0.0-alpha.16lenses/public-hq:v6.0.0-alpha.16
New Helm version 16 for agent and for the HQ: https://lenses.jfrog.io/ui/native/helm-charts-preview/
HQ Changelog
Introducing License
With the new version of HQ, we are introducing licence. Every customer will receive licence separately.
Additional field acceptEULA has been introduced as well and has to be accepted otherwise HQ will fail on startup.
license:
# -- (string) Enables usage of secret for licence.
# **Required: false**
referenceFromSecret: false
# -- (string) Secret name where licence is stored.
# **Required: false**
secretName: ""
# -- (string) Secret key where within a secret where licence is sotred.
# **Required: false**
secretKeyName: ""
# Marks the end-user license agreement (EULA) as accepted.
acceptEULA: truelicense:
stringData: ""
acceptEULA: trueNew authentication method (Password based)
In the new release, password-based authentication has been introduced as an optional method alongside SAML / SSO.
lensesHq_
auth:
# -- Adds uses for password based auth
# **Required: false**
users:
- username: admin
# bcrypt("changeme").
password: $2a$12$dTSwP3jgCQPoBNDYXNoLy.6l7fMcHYgonl0u8GYCOrkfGM4a.8jzeExisting property samlnow has new field saml.enabled which either enabled or disables SAML / SSO
lensesHq:
auth:
saml:
# -- Enables SAML / SSO authentication
# **Required: true**
enabled: falselensesHq:
auth:
administrators:
- [email protected]
- admin
users:
- username: admin
# bcrypt("admin").
password: $2a$10$DPQYpxj4Y2iTWeuF1n.ItewXnbYXh5/E9lQwDJ/cI/.gBboW2Hodm
sessionDuration: "23h"
saml:
enabled: true
baseURL: "https://your.hq.url"
entityID: "https://your.hq.url"
# -- Example: <?xml version="1.0" ... (big blob of xml) </md:EntityDescriptor>
metadata:
referenceFromSecret: true
secretName: hq-saml-metadata
secretKeyName: metadata.xml
SAML / SSO is now optional
In previous versions, SAML / SSO was a mandatory requirement for authentication. However, with the new release, it becomes optional, allowing you to choose between password-based authentication and SAML / SSO according to your needs.
Existing alpha users will have to introduce lensesHq.saml.enabled property into their values.yaml files
lensesHq:
auth:
saml:
# -- Enables SAML / SSO authentication
# **Required: true**
enabled: falseIngress structure changes + new agent ingress
In this release, the ingress configuration has been enhanced to provide more flexibility.
Previously, the HQ chart supported a single ingress setting, but now you can define separate ingress configurations for HTTP and the agent.
This addition allows you to tailor ingress rules more specifically to your deployment needs, with dedicated rules for handling HTTP traffic and TCP-based agent connections.
The http ingress is intended only for HTTP/S traffic, while the agents ingress is designed specifically for TCP protocol. Ensure appropriate ingress configuration for your use case.
ingress:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.middlewares: common-traefik-basic-auth@kubernetescrd
enabled: true
host: example.comIn the following example you will notice how ingress configuration has been broken into:
http - which covers main ingress for HQ and where users will be accessing HQ portal
agent - new and additional ingress which allows you to add new ingress with your custom implementation, whether it is Traefik or any other based.
By default both http and agent ingresses are disabled.
ingress:
http:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
host: example.com
agent:
enabled: true
agentIngressConfig:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: agents
spec:
entryPoints:
- agents
routes:
- match: HostSNI(`example.com`) # HostSNI to match TLS for TCP
services:
- name: lenses-hq # Replace with your service name
port: 10000 # Agent default TCP port
tls: {}Agent
Due to new changes in provisioning structure, the database to which agent is connected must be recreated.
Changes in provisioning connection to HQ
In the provisioning, there has been slight adjustment in connection naming with HQ.
Changes:
grpcServer has been renamed to lensesHq
apiKey has been renamed to agentKey
Known issues
With the new version of Agent, HQ connection in provisioning has changed which requires complete recreation of database. Following log message will indicate it:
Last updated
Was this helpful?