# Version 6.0.0-alpha.16
## Packages
* We have made new alpha release 16:
* **Agent image:**
* public.ecr.aws/q8a6e1s5/public-agent:v6.0.0-alpha.1-8-g22f83c3e4
* lenses/public-agent:v6.0.0-alpha.1-8-g22f83c3e4
* **HQ image:**
* ```
public.ecr.aws/q8a6e1s5/public-hq:v6.0.0-alpha.16
```
* ```
lenses/public-hq:v6.0.0-alpha.16
```
* New Helm version 16 for agent and for the HQ:
## HQ Changelog
{% stepper %}
{% step %}
### Introducing License
With the new version of HQ, we are introducing licence. Every customer will receive licence separately.
Additional field **acceptEULA** has been introduced as well and has to be accepted otherwise HQ will fail on startup.
{% tabs %}
{% tab title="Reference from Secret" %}
{% code title="values.yaml" %}
```yaml
license:
# -- (string) Enables usage of secret for licence.
# **Required: false**
referenceFromSecret: false
# -- (string) Secret name where licence is stored.
# **Required: false**
secretName: ""
# -- (string) Secret key where within a secret where licence is sotred.
# **Required: false**
secretKeyName: ""
# Marks the end-user license agreement (EULA) as accepted.
acceptEULA: true
```
{% endcode %}
{% endtab %}
{% tab title="Reference from String" %}
{% code title="values.yaml" %}
```yaml
license:
stringData: ""
acceptEULA: true
```
{% endcode %}
{% endtab %}
{% endtabs %}
{% endstep %}
{% step %}
### New authentication method (Password based)
In the new release, password-based authentication has been introduced as an optional method alongside SAML / SSO.
{% tabs %}
{% tab title="Enabling Password based auth" %}
lensesHq_
auth:
# -- Adds uses for password based auth
# **Required: false**
users:
- username: admin
# bcrypt("changeme").
password: $2a$12$dTSwP3jgCQPoBNDYXNoLy.6l7fMcHYgonl0u8GYCOrkfGM4a.8jze
{% endtab %}
{% tab title="Enable / Disable SAML / SSO" %}
Existing property `saml`now has new field `saml.enabled` which either enabled or disables SAML / SSO
{% code title="values.yaml" %}
```yaml
lensesHq:
auth:
saml:
# -- Enables SAML / SSO authentication
# **Required: true**
enabled: false
```
{% endcode %}
{% endtab %}
{% tab title="Password based + SAML / SSO" %}
{% code title="values.yaml" %}
```yaml
lensesHq:
auth:
administrators:
- admin@example.com
- admin
users:
- username: admin
# bcrypt("admin").
password: $2a$10$DPQYpxj4Y2iTWeuF1n.ItewXnbYXh5/E9lQwDJ/cI/.gBboW2Hodm
sessionDuration: "23h"
saml:
enabled: true
baseURL: "https://your.hq.url"
entityID: "https://your.hq.url"
# -- Example:
metadata:
referenceFromSecret: true
secretName: hq-saml-metadata
secretKeyName: metadata.xml
```
{% endcode %}
{% endtab %}
{% endtabs %}
{% endstep %}
{% step %}
### SAML / SSO is now optional
In previous versions, SAML / SSO was a mandatory requirement for authentication. However, with the new release, **it becomes optional**, allowing you to choose between password-based authentication and SAML / SSO according to your needs.
{% hint style="warning" %}
Existing alpha users will have to introduce `lensesHq.saml.enabled` property into their `values.yaml` files
{% endhint %}
{% code title="values.yaml" %}
```yaml
lensesHq:
auth:
saml:
# -- Enables SAML / SSO authentication
# **Required: true**
enabled: false
```
{% endcode %}
{% endstep %}
{% step %}
### Ingress structure changes + new agent ingress
In this release, the ingress configuration has been enhanced to provide more flexibility.
Previously, the HQ chart supported a single ingress setting, but now you can define separate ingress configurations for HTTP and the agent.
This addition allows you to tailor ingress rules more specifically to your deployment needs, with dedicated rules for handling HTTP traffic and TCP-based agent connections.
{% hint style="warning" %}
The `http` ingress is intended only for HTTP/S traffic, while the `agents` ingress is designed specifically for TCP protocol. Ensure appropriate ingress configuration for your use case.
{% endhint %}
{% tabs %}
{% tab title="Old structure" %}
{% code title="values.yaml" %}
```yaml
ingress:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.middlewares: common-traefik-basic-auth@kubernetescrd
enabled: true
host: example.com
```
{% endcode %}
{% endtab %}
{% tab title="New structure" %}
In the following example you will notice how ingress configuration has been broken into:
* ***http*** - which covers main ingress for HQ and where users will be accessing HQ portal
* ***agent** - new* and additional ingress which allows you to add new ingress with your custom implementation, whether it is Traefik or any other based.
By default both *http* and *agent* ingresses are **disabled.**
{% code title="values.yaml" %}
```yaml
ingress:
http:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
host: example.com
agent:
enabled: true
agentIngressConfig:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: agents
spec:
entryPoints:
- agents
routes:
- match: HostSNI(`example.com`) # HostSNI to match TLS for TCP
services:
- name: lenses-hq # Replace with your service name
port: 10000 # Agent default TCP port
tls: {}
```
{% endcode %}
{% endtab %}
{% endtabs %}
{% endstep %}
{% endstepper %}
## Agent
{% hint style="danger" %}
Due to new changes in provisioning structure, the database to which agent is connected **must be recreated**.
{% endhint %}
### Changes in provisioning connection to HQ
In the provisioning, there has been slight adjustment in connection naming with HQ.
Changes:
* *grpcServer* has been renamed to ***lensesHq***
* *apiKey* has been renamed to ***agentKey***
{% tabs %}
{% tab title="Old connection structure" %}
{% code title="values.yaml" lineNumbers="true" fullWidth="true" %}
```yaml
lenses:
provision:
enabled: true
version: "2"
path: /mnt/provision-secrets
connections:
grpcServer: # Property that has changed
- name: lenses-hq
version: 1
tags: ['hq']
configuration:
server:
value: [HQ_URL]
port:
value: 10000
apiKey: # Property that has changed
value: ${LENSESHQ_AGENT_KEY}
```
{% endcode %}
{% endtab %}
{% tab title="New connection structure" %}
{% code title="values.yaml" lineNumbers="true" %}
```yaml
lenses:
provision:
enabled: true
version: "2"
path: /mnt/provision-secrets
connections:
lensesHq: # Renamed property
- name: lenses-hq
version: 1
tags: ['hq']
configuration:
server:
value: [HQ_URL]
port:
value: 10000
agentKey: # Renamed property
value: ${LENSESHQ_AGENT_KEY}
```
{% endcode %}
{% endtab %}
{% endtabs %}
## **Known issues**
With the new version of Agent, HQ connection in provisioning has changed which requires complete recreation of database. Following log message will indicate it:
```log
liquibase.exception.ValidationFailedException: Validation Failed: │
│ 1 change sets check sum │
│ io/lenses/store/jdbc/migration/6.0.0/02_new_template_data.xml::2::lenses was: 8:357e3bd4e93a5cc938420eb2521c4b7c but is now: 8:03dad3472f5facacdd10a985e5e02da3 │
```