Merge branch 'main' into cc-apt-doc

Author: niket-intc

.github/workflows/post-merge-scorecard.yml

@@ -22,7 +22,7 @@ jobs:
       id-token: write
       contents: read
 
-    uses: open-edge-platform/orch-ci/.github/workflows/post-merge-scorecard.yml@24a3a495be45af021486e265cf09a17ac3798405  # 2026.0.13
+    uses: open-edge-platform/orch-ci/.github/workflows/post-merge-scorecard.yml@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # 2026.0.17
     with:
       project_folder: "."
     secrets:

.github/workflows/post-merge.yml

@@ -18,7 +18,7 @@ jobs:
       contents: read
       security-events: write
       id-token: write
-    uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@24a3a495be45af021486e265cf09a17ac3798405  # yamllint disable-line rule:line-length
+    uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # yamllint disable-line rule:line-length
     with:
       run_version_check: true
       run_dep_version_check: false
@@ -37,7 +37,7 @@ jobs:
       contents: read
       pull-requests: read
       issues: write
-    uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@24a3a495be45af021486e265cf09a17ac3798405  # yamllint disable-line rule:line-length
+    uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # yamllint disable-line rule:line-length
     with:
       simple_mode: false
       branch_pattern: '^(main|release-[0-9]+\.[0-9]+.*)$'

.github/workflows/pre-merge.yml

@@ -26,13 +26,13 @@ jobs:
         with:
           persist-credentials: false
       - name: "Verify Branch Name"
-        uses: open-edge-platform/orch-ci/verify-branch-name@24a3a495be45af021486e265cf09a17ac3798405  # yamllint disable-line rule:line-length
+        uses: open-edge-platform/orch-ci/verify-branch-name@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # yamllint disable-line rule:line-length
 
   pre-merge-pipeline:
     permissions:
       contents: read
     needs: pre-checks
-    uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@24a3a495be45af021486e265cf09a17ac3798405  # yamllint disable-line rule:line-length
+    uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # yamllint disable-line rule:line-length
     with:
       run_security_scans: false
       run_version_check: true

.github/workflows/publish-docs.yml

@@ -15,7 +15,7 @@ jobs:
       contents: read          # needed for actions/checkout
       pull-requests: read     # needed for gh pr list
       issues: write           # needed to post PR comment
-    uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@24a3a495be45af021486e265cf09a17ac3798405  # yamllint disable-line rule:line-length
+    uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@b5930c48c1fcdb6b34ffbcd465cff96dabfbde70  # yamllint disable-line rule:line-length
     with:
       simple_mode: false
       branch_pattern: '^(main|release-[0-9]+\.[0-9]+.*)$'

docs/deployment_guide/on_prem_deployment/on_prem_deployment_profiles/on_prem_oxm_profile.rst

@@ -51,9 +51,9 @@ A sample network topology is presented in the diagram below:
 #. Most of Edge Orchestrator services are accessible via ``TRAEFIK_IP``, a Virtual IP reserved in the local subnet.
 
 #. The Edge Orchestrator must be configured with two more Virtual IPs that are reserved in the local subnet. ``ARGO_IP`` is used to access
-   ArgoCD server, while ``NGINX_IP`` exposes installation artifacts that are downloaded by Edge Nodes during OS provisioning.
+   ArgoCD server, while ``HAPROXY_IP`` exposes installation artifacts that are downloaded by Edge Nodes during OS provisioning.
 
-#. Note that one of ``TRAEFIK_IP``, ``NGINX_IP`` and ``ARGO_IP`` can be same as the physical interface's IP address (``ARGO_IP`` in the example).
+#. Note that one of ``TRAEFIK_IP``, ``HAPROXY_IP`` and ``ARGO_IP`` can be same as the physical interface's IP address (``ARGO_IP`` in the example).
 
 #. Only the PXE server is attached to the host networking and binds to the IP address of the physical network interface to listen to DHCP requests.
 
@@ -156,7 +156,7 @@ Post-installation steps
      .. code-block:: shell
 
         address=/[on.prem.domain.name]/[traefik-external-ip]
-        address=/tinkerbell-nginx.[on.prem.domain.name]/[ingress-nginx-external-ip]
+      address=/tinkerbell-haproxy.[on.prem.domain.name]/[ingress-nginx-external-ip]
 
 #. Retrieve the self-signed Edge Orchestrator certificate and install it to the trust store.
 

docs/deployment_guide/on_prem_deployment/on_prem_get_started/index.rst

@@ -85,7 +85,7 @@ Firewall Configuration
 The following table lists the network endpoints for Edge Orchestrator and edge nodes, which you can use to configure firewall rules tailored to your network environment.
 
 * ArgoCD Admin UI at ``argo.{domain}``. Intel recommends that you restrict the incoming traffic to a subset of known source IPs because this is an administrator interface.
-* BIOS Onboarding accesses ``tinkerbell-nginx.{domain}``.
+* BIOS Onboarding accesses ``tinkerbell-haproxy.{domain}``.
 * You can access all other services from edge nodes agents, UI, and APIs of Edge Orchestrator.
 
 .. list-table:: Network Endpoints for Edge Orchestrator and Edge Nodes
@@ -252,7 +252,7 @@ The following table lists the network endpoints for Edge Orchestrator and edge n
      -  443
      -  Edge infrastructure management
    * -  Edge node
-     -  tinkerbell-nginx.{domain}
+     -  tinkerbell-haproxy.{domain}
      -  TCP
      -  443
      -  BIOS onboarding

docs/deployment_guide/on_prem_deployment/on_prem_get_started/on_prem_install.rst

@@ -103,7 +103,10 @@ Core Deployment Configuration
      - ``registry-rs.edgeorchestration.intel.com``
    * - ``DEPLOY_VERSION``
      - Version of Edge Orchestrator to deploy
-     - ``v2025.2.0``
+     - ``v2026.0.0``
+   * - ``DEPLOY_REPO_BRANCH``
+     - Git tag or branch for deployment repository (overrides default commit)
+     - ``v2026.0.0``
    * - ``ORCH_INSTALLER_PROFILE``
      - Deployment profile for Edge Orchestrator
      - ``onprem``
@@ -144,8 +147,8 @@ Network Configuration
    * - ``TRAEFIK_IP``
      - MetalLB IP address for Traefik
      - (empty)
-   * - ``NGINX_IP``
-     - MetalLB IP address for NGINX
+   * - ``HAPROXY_IP``
+     - MetalLB IP address for HAProxy
      - (empty)
 
 Container Registry Configuration
@@ -787,7 +790,7 @@ An example of the `dnsmasq` config file:
    address=/vnc.[on.prem.domain.name]/[traefik-external-ip]
    address=/web-ui.[on.prem.domain.name]/[traefik-external-ip]
    address=/ws-app-service-proxy.[on.prem.domain.name]/[traefik-external-ip]
-   address=/tinkerbell-nginx.[on.prem.domain.name]/[ingress-nginx-external-ip]
+   address=/tinkerbell-haproxy.[on.prem.domain.name]/[ingress-nginx-external-ip]
    address=/mps.[on.prem.domain.name]/[traefik-external-ip]
    address=/rps.[on.prem.domain.name]/[traefik-external-ip]
    address=/mps-wss.[on.prem.domain.name]/[traefik-external-ip]

docs/deployment_guide/on_prem_deployment/on_prem_how_to/on_prem_upgrade.rst

@@ -1,23 +1,23 @@
 On-Prem Upgrade Guide
 =========================
 
-**Upgrade Path:** EMF On-Prem v3.1.3 → v2025.2.0
+**Upgrade Path:** EMF On-Prem v2025.2.0 → v2026.0.0
 
 **Document Version:** 1.0
 
 Overview
 --------
 
 This document provides step-by-step instructions to upgrade
-On-Prem Edge Manageability Framework (EMF) from version v3.1.3 to v2025.2.0.
+On-Prem Edge Manageability Framework (EMF) from version v2025.2.0 to  v2026.0.0
 
 Prerequisites
 -------------
 
 System Requirements
 ~~~~~~~~~~~~~~~~~~~
 
-- Current EMF On-Prem installation version 3.1.3 or later
+- Current EMF On-Prem installation version v2025.2.0 or later
 - Root/sudo privileges on orchestrator node
 - PostgreSQL service running and accessible
 - Sufficient disk space for backups (~200GB minimum)
@@ -53,7 +53,7 @@ Step 1: Download the Latest On-Prem Upgrade Script
     REGISTRY_URL='registry-rs.edgeorchestration.intel.com'
     RS_PATH='edge-orch/common/files/on-prem'
     ORAS_VERSION='1.1.0'
-    ORCH_VERSION='v2025.2.0'
+    ORCH_VERSION='v2026.0.0'
 
     # Install oras if not already installed
     if ! command -v oras &> /dev/null; then
@@ -135,7 +135,10 @@ Core Deployment Configuration
      - ``registry-rs.edgeorchestration.intel.com``
    * - ``DEPLOY_VERSION``
      - Version of Edge Orchestrator to deploy
-     - ``v2025.2.0``
+     - ``v2026.0.0``
+   * - ``DEPLOY_REPO_BRANCH``
+     - Git tag or branch for edge-manageability-framework deployment repository
+     - ``v2026.0.0``
    * - ``ORCH_INSTALLER_PROFILE``
      - Deployment profile for Edge Orchestrator
      - ``onprem``
@@ -176,10 +179,14 @@ Network Configuration
    * - ``TRAEFIK_IP``
      - MetalLB IP address for Traefik
      - (empty)
-   * - ``NGINX_IP``
-     - MetalLB IP address for NGINX
+   * - ``HAPROXY_IP``
+     - MetalLB IP address for HAProxy
      - (empty)
 
+.. note::
+   In **v2026.0.0 (latest release)**, the ingress controller was **replaced from NGINX to HAProxy**.
+   Please check whether the DNS entry for HAProxy is present after installation .
+
 Container Registry Configuration
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -335,6 +342,7 @@ Update the following sections:
 - **CORE DEPLOYMENT CONFIGURATION:**
   - RELEASE_SERVICE_URL
   - DEPLOY_VERSION
+  - DEPLOY_REPO_BRANCH
   - ORCH_INSTALLER_PROFILE
 
 - **AUTHENTICATION & SECURITY:**
@@ -343,7 +351,7 @@ Update the following sections:
 
 - **NETWORK CONFIGURATION:**
   - CLUSTER_DOMAIN
-  - ARGO_IP, TRAEFIK_IP, NGINX_IP
+  - ARGO_IP, TRAEFIK_IP, HAPROXY_IP
 
 - **CONTAINER REGISTRY:**
   - GITEA_IMAGE_REGISTRY
@@ -367,8 +375,10 @@ Update the following sections:
    kubectl get svc traefik -n orch-gateway
    kubectl get svc ingress-nginx-controller -n orch-boots
 
-   # Set deployment version (replace with your actual upgrade version tag)
-   export DEPLOY_VERSION=v2025.2.0
+  # Set deployment version (replace with your actual upgrade version tag)
+  export DEPLOY_VERSION=v2026.0.0
+  #Set the deploy repo release tag/branch (Gitea commit/tag/branch from EMF repo)
+  export DEPLOY_REPO_BRANCH=v2026.0.0
 
    # Set non-interactive mode to true to skip prompts
    export PROCEED=true
@@ -427,7 +437,7 @@ Before confirming in Terminal 1, open **Terminal 2** and update configurations:
       # Check current LoadBalancer IPs
       kubectl get svc argocd-server -n argocd
       kubectl get svc traefik -n orch-gateway
-      kubectl get svc ingress-nginx-controller -n orch-boots
+      kubectl get svc ingress-haproxy-kubernetes-ingress -n orch-boots
 
       # Verify LB IP configurations are updated
       nano repo_archives/tmp/edge-manageability-framework/orch-configs/clusters/onprem.yaml
@@ -451,7 +461,7 @@ Step 7: Monitor Upgrade Progress
 
 The upgrade process includes:
 
-- Upgrade RKE2 to 1.34.1 versions
+- Upgrade RKE2 to 1.34.4 versions
 - OS Configuration upgrade
 - Gitea upgrade
 - ArgoCD upgrade
@@ -575,8 +585,8 @@ Verify that the ``signed_ipxe.efi`` image is downloaded using the freshly downlo
       # Delete both files before downloading
       rm -rf Full_server.crt signed_ipxe.efi
       export CLUSTER_DOMAIN=cluster.onprem
-      wget https://tinkerbell-nginx.$CLUSTER_DOMAIN/tink-stack/keys/Full_server.crt --no-check-certificate --no-proxy -q -O Full_server.crt
-      wget --ca-certificate=Full_server.crt https://tinkerbell-nginx.$CLUSTER_DOMAIN/tink-stack/signed_ipxe.efi -q -O signed_ipxe.efi
+      wget https://tinkerbell-haproxy.$CLUSTER_DOMAIN/tink-stack/keys/Full_server.crt --no-check-certificate --no-proxy -q -O Full_server.crt
+      wget --ca-certificate=Full_server.crt https://tinkerbell-haproxy.$CLUSTER_DOMAIN/tink-stack/signed_ipxe.efi -q -O signed_ipxe.efi
 
    Once the above steps are successful, the orchestrator (Orch) is ready for onboarding new Edge Nodes (EN).
 

docs/index.rst

@@ -116,6 +116,22 @@ you can find details about the high-level design and submit patches of your own.
         APIs offer Create, Read, Update, and Delete capabilities.
 
 
+Modular Workflows
+-----------------
+Device management workflows from EMF that showcase Intel Architecture capabilities,
+designed to be evaluated independently and seamlessly integrated into partner
+device-management solutions to extend their functionality.
+
+.. grid:: 3
+
+    .. grid-item-card:: Modular Workflows
+        :link: modular_workflows/index
+        :link-type: doc
+        :link-alt: clickable cards
+
+        Explore modular device management workflows that extend partner solutions with Intel Architecture capabilities.
+
+
 .. toctree::
    :hidden:
 
@@ -125,5 +141,6 @@ you can find details about the high-level design and submit patches of your own.
    developer_guide/index
    api/index
    system_requirements/index
+   modular_workflows/index
 
 

docs/modular_workflows/index.rst

@@ -0,0 +1,20 @@
+Modular Workflows
+=================
+
+Device management workflows from EMF that showcase Intel Architecture
+capabilities, designed to be evaluated independently and seamlessly integrated
+into partner device-management solutions to extend their functionality.
+
+.. grid:: 3
+
+    .. grid-item-card:: Modular vPro Workflow
+        :link: vpro-amt-ism/index
+        :link-type: doc
+        :link-alt: clickable cards
+
+        End-to-end activation and device management using Intel® vPro AMT and ISM.
+
+.. toctree::
+   :hidden:
+
+   vpro-amt-ism/index