Merge branch 'master' into trusted-boot

spectrocloud · Apr 24, 2024 · 87d3dc4 · 87d3dc4
2 parents 6e61ce0 + 45f6da4
commit 87d3dc4
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 12 deletions.
diff --git a/.github/workflows/nightly-docker-build.yaml b/.github/workflows/nightly-docker-build.yaml
@@ -5,6 +5,7 @@ on:
     - cron: '15 22 * * 1-5'  # 22:15 UTC, Monday through Friday
   workflow_dispatch:
 
+
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   # We cannot use our production values for nightly Docker builds as that would leak our production secrets.
@@ -28,6 +29,7 @@ jobs:
 
       - name: Compile
         run: |
+          touch .env
           make build
 
 

diff --git a/...ntent/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md b/...ntent/clusters/cluster-management/backup-restore/add-backup-location-dynamic.md
@@ -102,6 +102,9 @@ cloud account.
   [Troubleshooting key access](https://docs.aws.amazon.com/kms/latest/developerguide/policy-evaluation.html) guide to
   learn more about common KMS issues.
 
+- If you are using a custom Certificate Authority (CA) for SSL/TLS connections, provide the x509 certificate in
+  Privacy-Enhanced Mail (PEM) format to Palette.
+
   :::tip
 
   Use the IAM Policy Simulator to verify the IAM role has the necessary permissions to access a customer managed KMS
@@ -130,7 +133,7 @@ cloud account.
    | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
    | **Location Name**       | Provide a name of your choice.                                                                                                                                                                                                                                                                |
    | **Location Provider**   | Select AWS from the **drop-down** Menu.                                                                                                                                                                                                                                                       |
-   | **Certificate**         | Optional service provider x509 certificate.                                                                                                                                                                                                                                                   |
+   | **Certificate**         | Provide the CA bundle in PEM format if you are using a custom certificate bundle to establish SSL/TLS sessions.                                                                                                                                                                               |
    | **S3 Bucket**           | The name of the S3 bucket you created in the object store. The bucket name must be DNS-compliant. For more information, refer to the [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) defined by AWS.                                      |
    | **Region**              | Region where the S3 bucket is hosted. You can check region codes in the [Service endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region) section in the AWS documentation.                                                                                                |
    | **S3 URL**              | Optional S3 URL. If you choose to provide a value, refer to the [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html#virtual-host-style-url-ex) guide to determine the bucket URL and enable the **Force S3 path style** checkbox. |
@@ -231,6 +234,9 @@ multiple cloud accounts.
 
 - An S3 bucket in AWS Account B. The bucket will store the backup of your clusters or workspaces.
 
+- If you are using a custom Certificate Authority (CA) for SSL/TLS connections, provide the x509 certificate in
+  Privacy-Enhanced Mail (PEM) format to Palette.
+
 - The following IAM policy must be created in your AWS Account B. Replace the `BUCKET-NAME` placeholder in the policy
   below with your bucket name. Refer to the
   [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html) for

diff --git a/...ontent/clusters/cluster-management/backup-restore/add-backup-location-static.md b/...ontent/clusters/cluster-management/backup-restore/add-backup-location-static.md
@@ -99,6 +99,9 @@ The following sections provide detailed instructions. Select the environment whe
   [Troubleshooting key access](https://docs.aws.amazon.com/kms/latest/developerguide/policy-evaluation.html) guide to
   learn more about common KMS issues.
 
+- If you are using a custom Certificate Authority (CA) for SSL/TLS connections, provide the x509 certificate in
+  Privacy-Enhanced Mail (PEM) format to Palette.
+
   :::tip
 
   Use the IAM Policy Simulator to verify the IAM role has the necessary permissions to access a customer managed KMS
@@ -122,7 +125,7 @@ The following sections provide detailed instructions. Select the environment whe
    | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
    | **Location Name**       | Provide a name of your choice.                                                                                                                                                                                                                                                                                            |
    | **Location Provider**   | Select AWS from the **drop-down** Menu.                                                                                                                                                                                                                                                                                   |
-   | **Certificate**         | Optional Service provider certificate.                                                                                                                                                                                                                                                                                    |
+   | **Certificate**         | Provide the CA bundle in PEM format if you are using a custom certificate bundle to establish SSL/TLS sessions.                                                                                                                                                                                                           |
    | **S3 Bucket**           | Name of the S3 bucket you created in the object store. The bucket name must be DNS-compliant. For more information, refer to the [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) defined by AWS.                                                                      |
    | **Region**              | Region where the S3 bucket is hosted. You can check the region code from the [Service endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_region) section in the AWS documentation.                                                                                                                       |
    | **S3 URL**              | Optional bucket URL. If you choose to provide a value, refer to the [Methods for accessing a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html#virtual-host-style-url-ex) guide to determine the bucket URL. If you provided an S3 URL, enable the **Force S3 path style** checkbox. |
@@ -234,7 +237,9 @@ Use the following steps to validate adding the new backup location.
   [MinIO official documentation](https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#access-keys)
   to learn about creating access keys.
 
-- An optional service provider x509 certificate.
+- If you are using a custom Certificate Authority (CA) for SSL/TLS connections, provide the x509 certificate in
+  Privacy-Enhanced Mail (PEM) format to Palette. This is required if the MinIO endpoint is using a self-signed
+  certificate.
 
 ### Add a MinIO Bucket
 
@@ -246,15 +251,15 @@ Use the following steps to validate adding the new backup location.
 
 4. Fill out the following input fields. Refer to the table below to learn more.
 
-   | **Field**               | **Value**                                                                   |
-   | ----------------------- | --------------------------------------------------------------------------- |
-   | **Location Name**       | Provide a name of your choice.                                              |
-   | **Location Provider**   | Select MinIO from the drop-down field.                                      |
-   | **Certificate**         | Service provider certificate, if your organization prefers it.              |
-   | **S3 Bucket**           | The name of the S3 bucket you created in the MinIO object store.            |
-   | **Region**              | The region where the MinIO server is configured. Example: `us-east-1`       |
-   | **S3 URL**              | The MinIO object storage console URL. Example: `http://12.123.234.567:0000` |
-   | **Force S3 path style** | This value is required for MinIO.                                           |
+   | **Field**               | **Value**                                                                                                                                                                       |
+   | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+   | **Location Name**       | Provide a name of your choice.                                                                                                                                                  |
+   | **Location Provider**   | Select MinIO from the drop-down field.                                                                                                                                          |
+   | **Certificate**         | Provide the CA bundle in PEM format if you are using a custom certificate bundle to establish SSL/TLS sessions. This is required for endpoints using a self-signed certificate. |
+   | **S3 Bucket**           | The name of the S3 bucket you created in the MinIO object store.                                                                                                                |
+   | **Region**              | The region where the MinIO server is configured. Example: `us-east-1`                                                                                                           |
+   | **S3 URL**              | The MinIO object storage console URL. Example: `http://12.123.234.567:0000`                                                                                                     |
+   | **Force S3 path style** | This value is required for MinIO.                                                                                                                                               |
 
    <br />
 
@@ -310,6 +315,7 @@ guide to learn how to create an Azure storage account
 
 - An Azure service principal with sufficient permissions to perform the required read and write operations on the
   container. You will need the values of the following items:
+
   - Client ID
   - Client Secret