Merge branch 'master' into doc-2423-slack-notif-sec-advisories

Author: addetz

.github/workflows/clean-up-unused-images.yaml

@@ -1,14 +1,14 @@
 # This workflow removed unused images from the repository and creates a PR to clean them up.
-# The workflow runs on the first day of every month at 2 am UTC.
+# The workflow runs on the first day of every month at 12PM UTC.
 # Any image that is not referenced in the repository is considered unused.
 # This workflow supports on-demand execution using the workflow_dispatch event.
 
 name: Clean Up Unused Images
 
 on:
   schedule:
-    # On the first of every month at 2 am
-    - cron: '0 2 1 * *'
+    # On the first of every month at 12 PM UTC
+    - cron: '0 12 1 * *'
   workflow_dispatch:
 
 concurrency:

.github/workflows/spellcheck-report.yaml

@@ -1,12 +1,12 @@
 # This workflow runs the set of core vale checks on the entire repo.
-# The workflow runs every Monday at 8 am UTC.
+# The workflow runs every Monday at 4PM UTC.
 # This workflow supports on-demand execution using the workflow_dispatch event.
 
 name: Spellcheck Entire Librarium
 on:
   schedule:
-    # Every Monday at 8AM UTC
-    - cron: '0 8 * * 1'
+    # Every Monday at 4PM UTC
+    - cron: '0 16 * * 1'
   workflow_dispatch:
 
 concurrency:

.github/workflows/url-checks.yaml

@@ -1,11 +1,11 @@
 # This workflow scans the markdown files in the repository for broken URLs.
 # Additional logic is added to the Make command verify-rate-limited-links-ci to check for rate-limited URLs, including guidance on what domains to ignore.
-# The workflow is scheduled to run every Monday at 6 am.
+# The workflow is scheduled to run every Monday at 2PM UTC.
 
 on:
   schedule:
-    # Every Monday at 6 am
-    - cron: '0 6 * * 1'
+    # Every Monday at 2PM UTC
+    - cron: '0 14 * * 1'
   workflow_dispatch:
 
 

_partials/self-hosted/feature-flags/_feature-flags-intro.mdx

@@ -17,7 +17,7 @@ The following table lists all available feature flags and their supported platfo
 | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-----------------: | :------------------------: |
 | **AwsSecretPartition** | Configure [AWS Secret Cloud](https://aws.amazon.com/federal/secret-cloud/) and [AWS Top Secret Cloud](https://aws.amazon.com/federal/top-secret-cloud/) accounts and deploy EKS clusters in AWS Secret and Top Secret clouds. Refer to our [Register and Manage AWS Accounts](/clusters/public-cloud/aws/add-aws-accounts) guide for more information.                                                                                                                                                         |         :x:         |     :white_check_mark:     |
 | **AzureUSSecretCloud** | Configure [Azure Government Secret cloud](https://azure.microsoft.com/en-us/explore/global-infrastructure/government/national-security) accounts and deploy Azure IaaS clusters in Azure Government Secret cloud. Refer to our [Register and Manage Azure Accounts](/clusters/public-cloud/azure/azure-cloud/#azure-government-secret-cloud) guide for more information.                                                                                                                                                                                                                                    |         :x:         |     :white_check_mark:     |
-| **LxdMaas**            | Spawn multiple control plane nodes as LXD VMs and consolidate them on MAAS-managed servers while your worker nodes run on bare metal devices. Refer to our [Create and Manage MAAS Clusters Using LXD VMs](/clusters/data-center/maas/create-manage-maas-lxd-clusters/) /> guide for more information.                                                                                                                                            | :white_check_mark:  |     :white_check_mark:     |
+| **LxdMaas**            | Spawn multiple control plane nodes as LXD VMs and consolidate them on MAAS-managed servers while your worker nodes run on bare metal devices. Refer to our [Create and Manage MAAS Clusters Using LXD VMs](/clusters/data-center/maas/create-manage-maas-lxd-clusters/) guide for more information.                                                                                                                                            | :white_check_mark:  |     :white_check_mark:     |
 | **ApacheCloudStack**            | Allows for the creation of workloads on Apache CloudStack. Refer to our [Create and Manage Apache CloudStack Clusters](/clusters/data-center/cloudstack/create-manage-cloudstack-clusters/) guide for more information.                                                                                                                                            | :white_check_mark:  |     :white_check_mark:     |
 
 

_partials/self-hosted/management-appliance/_installation-steps-enablement.mdx

@@ -20,75 +20,20 @@ partial_name: installation-steps-enablement
 
 4. Restart the nodes to start the installation process.
 
-5. Once the nodes have rebooted and entered the GRand Unified Bootloader (GRUB) menu, select the **Palette eXtended Kubernetes Edge Install (manual)** option and press **ENTER**.
+5. Once the nodes have rebooted and entered the GRand Unified Bootloader (GRUB) menu, allow {props.version} to select the **Palette Edge Interactive Installer** boot option automatically.
 
-   :::caution
+6. Once the **Palette Edge Interactive Installer** window appears, select the target disk for installation.
 
-   Ensure that you select the option within the first five seconds of the GRUB menu appearing, as it will automatically proceed with the default installation option after this time.
+7. Choose the post-installation action: **nothing**, **reboot**, or **poweroff**, then press **ENTER**.
 
-   :::
+8. Review the **Installation Summary**.
 
-6. Once the nodes have finished booting, in the terminal, issue the following command to list the block devices.
+9. Press **ENTER** to start the installation.
 
-   ```bash
-   lsblk --paths
-   ```
+10. Wait for the installation process to complete. This will take at least 15 minutes, depending on the resources
+    available on the nodes. If you selected the **reboot** option in step 7, the nodes will reboot and display the Palette TUI after completion. If you chose the **poweroff** action in step 7, power on the nodes.
 
-   Use the output to identify the device name to use for the {props.version} ISO stack. For example, `/dev/sda`.
-
-   ```shell hideClipboard title="Example output" {3}
-   NAME       MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
-   /dev/loop0   7:0    0     1G  1 loop /run/rootfsbase
-   /dev/sda     8:0    0   250G  0 disk
-   /dev/sdb     8:16   0  5000G  0 disk
-   /dev/sr0    11:0    1  17.3G  0 rom  /run/initramfs/live
-   ```
-
-7. If there are any partitions on the device you plan to use for the installation, you must delete them before proceeding. For example, if the device is `/dev/sda`, issue the following command to delete all partitions on the device.
-
-   ```bash
-   wipefs --all /dev/sda
-   ```
-
-   :::danger
-
-   Deleting partitions will erase all data on the device. Ensure that you back up any important data before proceeding.
-
-   :::
-
-8. Issue the following command to edit the installation manifest.
-
-   ```bash
-   vi /oem/stylus_config.yaml
-   ```
-
-9. Add the following `install.device` section to your manifest, replacing `<storage-drive>` with the device name identified in step 6.
-
-   ```yaml hideClipboard {6}
-   #cloud-config
-
-   cosign: false
-   verify: false
-   install:
-     device: <storage-drive>
-     grub-entry-name: "Palette eXtended Kubernetes Edge"
-     system:
-       size: 8192
-   ...
-   ```
-
-10. Save the changes and exit the editor.
-
-11. Issue the following command to start the installation process.
-
-    ```bash
-    kairos-agent install
-    ```
-
-12. Wait for the installation process to complete. This will take at least 15 minutes, depending on the resources
-    available on the nodes. After completion, the nodes will reboot and display the Palette TUI.
-
-13. In the Palette TUI, provide credentials for the initial account. This account will be used to log in to Local UI and for SSH access to the node.
+11. In the Palette TUI, provide credentials for the initial account. This account will be used to log in to Local UI and for SSH access to the node.
 
     | **Field**                | **Description**                            |
     |--------------------------|--------------------------------------------|
@@ -98,13 +43,13 @@ partial_name: installation-steps-enablement
 
     Press **ENTER** to continue.
 
-14. In the Palette TUI, the available configuration options are displayed and are described in the next three steps.
+12. In the Palette TUI, the available configuration options are displayed and are described in the next three steps.
     Use the **TAB** key or the up and down arrow keys to switch between fields. When you make a change, press **ENTER**
     to apply the change. Use **ESC** to go back.
 
-15. In **Hostname**, check the existing hostname and, optionally, change it to a new one.
+13. In **Hostname**, check the existing hostname and, optionally, change it to a new one.
 
-16. In **Network Adapter**, select a network adapter to configure. By default, the network adapters request an IP
+14. In **Network Adapter**, select a network adapter to configure. By default, the network adapters request an IP
     automatically from the Dynamic Host Configuration Protocol (DHCP) server. The Classless Inter-Domain Routing (CIDR)
     block of an adapter's possible IP address is displayed in the **Network Adapter** screen without selecting an
     individual adapter.
@@ -122,10 +67,10 @@ partial_name: installation-steps-enablement
     - You can also specify the Maximum Transmission Unit (MTU) for your network adapter. The MTU defines the largest size,
       in bytes, of a packet that can be sent over a network interface without needing to be fragmented.
 
-17. In **DNS Configuration**, specify the IP address of the primary and alternate name servers. You can optionally
+15. In **DNS Configuration**, specify the IP address of the primary and alternate name servers. You can optionally
     specify a search domain.
 
-18. After you are satisfied with the configurations, navigate to **Quit** and press **ENTER** to finish the
+16. After you are satisfied with the configurations, navigate to **Quit** and press **ENTER** to finish the
     configuration. Press **ENTER** again on the confirmation prompt.
 
     After a few seconds, the terminal displays the **Device Info** and prompts you to provision the device through Local UI.
@@ -136,11 +81,11 @@ partial_name: installation-steps-enablement
 
     :::
 
-19. Ensure you complete the configuration on each node before proceeding to the next step.
+17. Ensure you complete the configuration on each node before proceeding to the next step.
 
-20. Decide on the host that you plan to use as the leader of the group. Refer to <VersionedLink text="Link Hosts" url="/clusters/edge/local-ui/cluster-management/link-hosts#leader-hosts"/> for more information about leader hosts.
+18. Decide on the host that you plan to use as the leader of the group. Refer to <VersionedLink text="Link Hosts" url="/clusters/edge/local-ui/cluster-management/link-hosts#leader-hosts"/> for more information about leader hosts.
 
-21. Access the Local UI of the leader host. Local UI is used to manage the {props.version} nodes and perform administrative
+19. Access the Local UI of the leader host. Local UI is used to manage the {props.version} nodes and perform administrative
     tasks. It provides a web-based interface for managing the {props.version} management cluster.
 
     In your web browser, go to `https://<node-ip>:5080`. Replace `<node-ip>` with the IP address of your node. If you
@@ -151,31 +96,31 @@ partial_name: installation-steps-enablement
     is because Local UI uses a self-signed certificate. You can safely ignore this warning and proceed to Local
     UI.
 
-22. Log in to Local UI using the credentials you provided in step 10.
+20. Log in to Local UI using the credentials you provided in step 11.
 
-23. (Optional) If you need to configure a HTTP proxy server for the node, follow the steps in the <VersionedLink text="Configure HTTP-Proxy in Local UI" url="/clusters/edge/local-ui/host-management/configure-proxy"/> guide. When done, proceed to the next step.
+21. (Optional) If you need to configure a HTTP proxy server for the node, follow the steps in the <VersionedLink text="Configure HTTP-Proxy in Local UI" url="/clusters/edge/local-ui/host-management/configure-proxy"/> guide. When done, proceed to the next step.
 
-24. From the left main menu, click **Linked Edge Hosts**.
+22. From the left main menu, click **Linked Edge Hosts**.
 
-25. Click **Generate token**. The host begins generating tokens that you will use to link this host with other
+23. Click **Generate token**. The host begins generating tokens that you will use to link this host with other
     hosts. The Base64 encoded token contains the IP address of the host, as well as an OTP that will expire in two
     minutes. Once a token expires, the leader generates another token automatically.
 
-26. Click the **Copy** button to copy the token.
+24. Click the **Copy** button to copy the token.
 
-27. Log in to Local UI on the host that you want to link to the leader host.
+25. Log in to Local UI on the host that you want to link to the leader host.
 
-28. From the left main menu, click **Linked Edge Hosts**.
+26. From the left main menu, click **Linked Edge Hosts**.
 
-29. Click **Link this device to another**.
+27. Click **Link this device to another**.
 
-30. In the pop-up box that appears, enter the token you copied from the leader host.
+28. In the pop-up box that appears, enter the token you copied from the leader host.
 
-31. Click **Confirm**.
+29. Click **Confirm**.
 
-32. Repeat steps 27-31 for every host you want to link to the leader host.
+30. Repeat steps 25-29 for every host you want to link to the leader host.
 
-33. Confirm that all linked hosts appear in the **Linked Edge Hosts** table. The following columns should show the
+31. Confirm that all linked hosts appear in the **Linked Edge Hosts** table. The following columns should show the
     required statuses.
 
     | **Column**  | **Status** |
@@ -186,19 +131,19 @@ partial_name: installation-steps-enablement
 
     Content synchronization will take at least five minutes to complete, depending on your network resources.
 
-34. On the left main menu, click **Cluster**.
+32. On the left main menu, click **Cluster**.
 
-35. Click **Create cluster**.
+33. Click **Create cluster**.
 
-36. For **Basic Information**, provide a name for the cluster and optional tags in `key:value` format.
+34. For **Basic Information**, provide a name for the cluster and optional tags in `key:value` format.
 
-37. In **Cluster Profile**, the **Imported Applications preview** section displays the applications that are included
+35. In **Cluster Profile**, the **Imported Applications preview** section displays the applications that are included
     with the {props.app}. These applications are pre-configured and used to deploy your {props.version} management
     cluster.
 
     Leave the default options in place and click **Next**.
 
-38. In **Profile Config**, configure the cluster profile settings to your requirements. Review the following tables for
+36. In **Profile Config**, configure the cluster profile settings to your requirements. Review the following tables for
     the available options.
 
     #### Cluster Profile Options
@@ -227,9 +172,9 @@ partial_name: installation-steps-enablement
     | **Root Domain (Optional)**                    | The root domain for the registry. The default is set for the internal Zot registry, which is a virtual IP address assigned by [kube-vip](https://kube-vip.io/). If using an external registry, adjust this to the appropriate domain. | String                | **`{{.spectro.system.cluster.kubevip}}`** |
     | **Mongo Replicas** | The number of MongoDB replicas to create for the cluster. The accepted values are `1` or `3`. We recommend using **3** to provide high availability for the MongoDB database. _This value must match the **CSI Placement Count** value._ | Integer               | **`3`**                                   |
 
-39. Click **Next** when you are done.
+37. Click **Next** when you are done.
 
-40. In **Cluster Config**, configure the following options.
+38. In **Cluster Config**, configure the following options.
 
     #### Cluster Config Options
 
@@ -241,7 +186,7 @@ partial_name: installation-steps-enablement
 
     Click **Next** when you are done.
 
-41. In **Node Config**, configure the following options.
+39. In **Node Config**, configure the following options.
 
     :::important
 
@@ -290,9 +235,9 @@ partial_name: installation-steps-enablement
     | **NIC Name**             | The name of the network interface card (NIC) to use for the nodes. Leave on **Auto** to let the system choose the appropriate NIC, or select one manually from the drop-down menu.        | N/A           | **Auto**                                                                                         |
     | **Host Name (Optional)** | The hostname for the nodes. This is used to identify the nodes in the cluster. A generated hostname is provided automatically, which you can adjust to your requirements.                   | String        | **`edge-*`**                                                                                     |
 
-42. Click **Next** when you are done.
+40. Click **Next** when you are done.
 
-43. In **Review**, check that your configuration is correct. If you need to make changes, click on any of the sections
+41. In **Review**, check that your configuration is correct. If you need to make changes, click on any of the sections
     in the left sidebar to go back and edit the configuration.
 
     When you are satisfied with your configuration, click **Deploy Cluster**. This will start the cluster creation
@@ -302,17 +247,17 @@ partial_name: installation-steps-enablement
     on the **Cluster** page in the left main menu. The cluster is fully provisioned when the status changes to
     **Running** and the health status is **Healthy**.
 
-44. Once the cluster is provisioned, access the {props.version} system console using the virtual IP address (VIP) you configured
+42. Once the cluster is provisioned, access the {props.version} system console using the virtual IP address (VIP) you configured
     earlier. Open your web browser and go to `https://<vip-address>/system`. Replace `<vip-address>` with the VIP you
     configured for the cluster.
 
     The first time you visit the system console, a warning message about an untrusted TLS certificate may appear. This
     is expected, as you have not yet uploaded your TLS certificate. You can ignore this warning message and proceed.
 
-45. You will be prompted to log in to {props.version} system console. Use `admin` as the username and `admin` as the password.
+43. You will be prompted to log in to {props.version} system console. Use `admin` as the username and `admin` as the password.
     You will be prompted to change the password after logging in.
 
-46. In the **Account Info** window, provide the following information.
+44. In the **Account Info** window, provide the following information.
 
     | **Field**                | **Description**    |
     |--------------------------|--------------------|