public/nplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Public Information

Browse Source
This commit is contained in:
Andreas Ahmann
2026-03-10 07:33:55 +01:00
commit 4c9519166e
499 changed files with 125937 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

527
HISTORY.md Normal file
View File

@@ -0,0 +1,527 @@
# Version History
## March 2026, Beta 192
- Added `ingress.backend` switch (`nginx` or `traefik`) to the shared ingress template.
- Added Traefik middleware manifest generation for app-root redirect, rewrite (inputPath + rewriteTarget), and whitelist.
- Added automatic Traefik middleware binding via `traefik.ingress.kubernetes.io/router.middlewares`.
- Remaining non-1:1 topics for Traefik are `proxy-read-timeout` and custom `configuration-snippet` based deny rules.
- Added the option to add a RAMDrive configuration to the generic Volume list. See the generic example for details.
- Update nscale to 10.1.1500
## February 2026, Beta 191
- Fixed a bug in the SharePoint Cluster Ingress, where we had a double if enabled preventing it from being generated
## February 2026, Beta 190
- Added postgres (official) supprt, see example.
- Added Gateway API support replacing ingresses, see example
## February 2026, Beta 189
- Implemented ability to override the probes in all charts
see the probes sample for demo
## February 2026, Release 1.4.1303
- Stable version
## February 2026, Beta 187
- Update to nscale 10.1.1303
Some components are on 1400, like Pipeliner.
## January 2026, Beta 186
- Update to nscale 10.1.1301
- Refactored the dev environment to the new dev container
- Refactored the server in the data center
## November 2025, Beta 185
- Update to nscale 10.1.1101
- Added custom init containers
(see sample initcontainers and documentation in README.md for more info)
## October 2025, Beta 183
- Update to nscale 10.0.1503
## September 2025, Beta 182
- Update to nscale 10.0.1502
## August 2025, Beta 181
- No new nscale version available yet (as of 2025-08-05).
- Changed the NAPPL probes due to current discussions
## July 2025, Beta 180
- Update to nscale 10.0.1300
- Added an option to turn off service stickiness in nappl
## May 2025, Beta 178/179
- Added revisionHistoryLimit to all charts. You can also set it globally per instance or environment.
## May 2025, Beta 177
- Ability to set (and create) a PriorityClass for all components. This was possible for the database and the application layer before. Now you can set it for
cmis, ilm, administrator, mon, nappl, nstl, pam, pipeliner, rs, sharepoint, web and webdav.
See component README.md for details.
- Update to version 10.0.1101
- Path types for the default ingress paths in NAPPL were wrong: /engine.properties and /index.html
have been changed from `Prefix` to `Exact`
## April 2025, Beta 176
- NAPPL probes set to official endpoints
## April 2025, Beta 175
- Update to nscale 10
- Fixed a bug in the Pipeliner ingress
## February 2025, Beta 174
- Next to `ingress.cookie` you can now set `ingress.sameSite` to `strict`, `lax` or `none`.
- Update to 9.3.1401
## February 2025, Beta 173
- Set SAPPROXY_CONTEXT_PATH for erpproxy to enable multiple instances on
different paths. The Helm value is .this.ingress.contextPath.
## February 2025, Release 1.3.1400
- Stable release
## January 2025, Beta 171
- values.schema.json were too strict with respect to `global` and `environment` settings (AdditionalProperties). Now they are more permissive.
- Added erpproxy[a-d] to allow multiple ERP Proxy deployments with different configurations in one nplus instance.
- Added ERP-Proxy to DSL for documentation
- Updated ERP CMIS version
## January 2025, Beta 170
- Added values.schema.json to all charts for validation. Please add, for instance,
```
# yaml-language-server: $schema=https://git.nplus.cloud/public/nplus/raw/branch/master/charts/instance/values.schema.json
```
to your values file.
## January 2025, Beta 169
- Allow the ERP Proxy URL to be fully customizable
## January 2025, Beta 168
- Removed the extra certificate from the RMS component
## January 2025, Beta 167
- Update to nscale 9.3.1300
- Added terminationGracePeriodSeconds to all pods; it can now be set with `.terminationGracePeriodSeconds`.
## December 2024, Beta 166
- The secondary disk is now optional and needs to be enabled with `mounts.disk.enabled: true`.
- The default mount for the HID is now on the secondary disk. If you have HID enabled, this is a breaking change. Make sure you deal with existing HID files.
## December 2024, Beta 164
- Separated the buffers and DA for performance reasons in nstl. The buffers are now stored on a new volume *disk*.
- Added `/var/crash` to nstl, storing potential crash dumps on pTemp.
## December 2024, Beta 163
- Update to nscale 9.3.1202
- In addition to .this.resources, you can now also set .this.sidecarResources and .this.initResources.
However, you should not do so unless you know what you are doing.
## December 2024, Beta 162
- Changed resources for the Fluentbit sidecar container
## December 2024, Beta 161
- Added startup probes for all components
## November 2024, Beta 160
- Added a startup probe for nstl
## November 2024, Beta 159
- Added .instance.stage to identify a stage
## November 2024, Beta 158
- Added service.name for OpenTelemetry
## October 2024, Beta 157
- Latest ERP-Proxy version by Ceyoniq. This also has been **renamed** to **erpproxy** to match the **erpcmis** connector chart naming.
- First beta of the ERP-CMIS connector in directory **erpcmis**
- Added the possibility to add annotations to payloads for use with OpenTelemetry
Also see [here](https://opentelemetry.io/docs/kubernetes/operator/automatic/)
- Also added hard-coded OpenTelemetry support for convenience
- Fixed a bug where the prepper chart waited for post-sync in Argo deployments
## October 2024, Beta 156
- nscale ERP Proxy chart now available. There is still a bug in this first image by Ceyoniq, so the chart will not bring up a running
system yet. But the values are in, so you can start setting up the instances.
## October 2024, Beta 155
- Added the possibility to use ConfigMaps and secrets in the generic mount interface.
Please see the *generic* example for details
## September 2024, Release 1.2.1500
- Update to nscale 9.2.1502
- Added value `logForwarder.db` to set a fully qualified path to the database file, in case you do not want to have it alongside the logs.
Example:
```
logForwarder:
- name: Accounting
path: "/opt/ceyoniq/nscale-server/storage-layer/accounting/*.csv"
db: "/opt/ceyoniq/nscale-server/storage-layer/logsdb/logs.db"
```
- BASEFOLDER value typo corrected in SharePoint. It is now `Values.nappl.baseFolder`.
- The default value for `doInitialCrawl` was a boolean. It is now a string `false`, which is correct.
- You can now add any extra annotations to services and ingresses.
Example:
```
global:
ingress:
annotations:
nginx.org/proxy-read-timeout: "20s"
service:
annotations:
consul.hashicorp.com/service-sync: "true"
```
- Added `.this.ingress.proxyReadTimeout` to set this extra annotation on ingress objects
- Ports can now be disabled in NetworkPolicies if you use a CNI driver that does not support them.
This is especially for the "endPort" attribute, which is currently not supported by Cilium.
- Added port 443 to the egress in NetworkPolicies for pods accessing the K8s API
- There was a duplicate PodDisruptionBudget. Fixed it.
- Fixed a bug with respect to Volume Names / Static Volumes and Storage Classes
- Corrected documentation for `global.pullSecretOverride` (wrong, missing s) and `global.pullSecretsOverride` (correct)
- Fixed a bug where PAM could not communicate with JOBSNAPPL in a HA scenario
## August 2024, Release 1.2.1400
- Fixed bugs related to the KubePing protocol in versions < 9.1.
- Fixed bugs related to tenant-chart-agro. Be aware: it was the .helmignore after all.
- Added nscale 9.1.1506 to versions and released the chart version to the repo.
- The Application Chart now waits a minute before executing to prevent race conditions.
- Setting SERVER_BASE_URL in Application Layer for SAML redirects to work
- Added liveness probes
- Added the ability to define *PodDisruptionBudgets* for any component.
- Added a readiness probe to Postgres
- Reviewed resource consumption and added better requests and limits. Also see the sample *resources*.
- Worked on the documentation
- Updated the SharePoint chart to meet the latest specs from Ceyoniq
- SharePoint Connector is now a StatefulSet
- SharePoint doInitialCrawl now defaults to false
- Changed nstl and SharePoint updateStrategy to OnDelete
- Updated SharePoint to version 9.2.1400
- Updated nscale to 9.2.1402
- The nstl HID check was disabled by default, as it only made sense when using multiple volumes. Now, we have pTemp since a few builds, so it makes
sense to store the HID file in pTemp. Therefore, a new pTemp directory *hid* has been created to hold this file. The new sample *hid* shows how to turn this feature on.
- nstl checks the *audit.log* size when starting up. After an update, the log directory on emptydir got deleted when re-creating the new pod. This caused
the audit log to be empty and caused an error. The log directory of nstl has also now moved to pTemp to avoid this.
- Added *limitations.md* to the docs directory and READMEs
- Updated JSONL structure to get AI Support Assistant running
- SP connector health check now at `/nscale_spc/images/icons/PowerPoint.svg`
- Added *generic mounts* to be able to add any pre-provisioned PV to a container. For example, an SMB, NFS, or CIFS share with migration data for Pipeliner.
- Moved the nstl cluster service to the nstl chart and made sure the default ports etc. are used correctly
- Fixed a bug in the domain name
- Added a *Service* configuration section to most components. This section can be used to disable a component's service (along with the potential ingress) to
configure cluster services for retrieval (used in the SharePoint scenario). Please see the SharePoint sample for more information
- Added a clusterService configuration as an additional option to achieve the same goal
- Commented out the SharePoint probe because it needs work
- New Instance Group feature
You can set an alternative `.instance.group` to bundle multiple instances together. This will allow traffic to be passed between all instances within this group.
This is meant to be used for large instances that you might want to split up. Please see the `group` sample.
- Fixed a bug in the resolver, preventing sliced maps from being deep-copied into .this
- Fixed a bug with Postgres PullSecrets
- Added pullSecretsOverride
- waitFor can now be turned off if you feel Argo CD waves are all you need:
```
utils.disableWait: true
```
- Argo CD waves can now be turned off if you feel waitFor is all you need:
```
utils.disableWave: true
```
- Added FluentBit:2.0 as the default log forwarder, e.g. for the accounting log.
- Changed the default Argo CD waves to make sure the prepper runs first
- Fixed a bug where the condition of the SharePoint instances were all bound to the same key
- Added *Maintenance Mode* to start pods without starting the service, providing the ability to access the container to perform recovery tasks that need to be done offline. In order to do this:
- All *waitFor* definitions are ignored
- All *Health Checks* are ignored
- The container starts idle
- Application Jobs are disabled
You can put a component, an instance or the whole environment into maintenance.
- Added a new values map: `.instance` holding `.instance.version` currently, showing the nscale version installed (pinning the nappl)
- Added backward compatibility for `nscaleVersion` and `componentVersion`
- The *nplus Environment Chart* now has a *prepper* component you can turn on if needed
- nstore Downloader is now *disabled* by default
- Renamed the Administrator Server (aka RMS) to *nplus Remote Management Server*
This is meant to show the proximity to the *nscale Remote Management Service* and the idea of using a *virtual Server* for the rich Admin Client
- Worked on documentation
- Restructured the samples directory
Breaking Changes
- The **storageClass** of a static volume is now set to empty ("") to prevent the PV from being bound to the wrong PVC. We also recommend putting a claimRef into your PV to make sure only the correct PVC can bind to it.
Your PV also has to set the storage class to "", otherwise it will not bind.
See https://kubernetes.io/docs/concepts/storage/persistent-volumes/
- Sliced the Environment Chart into subcharts:
The Environment Chart is now an Umbrella Chart. It references the operator, toolbox, dav, and backend separately. That means you can now also add those charts to the Instance Umbrella Chart with *SIM*.
- Added *SIM* to the instance
The *Single Instance Mode* lets you run a single *nplus Instance* in your namespace. The instance *should* be named after the namespace. You can turn on the environment components *operator, toolbox, dav and backend* in the Instance chart to get a single chart that brings everything it needs.
- Excluded "globals" from ArgoCD values
There was a large globals section in the ArgoCD application, which was unnecessary. It is removed.
- Added *Prepper* as a component to deploy Git assets prior to component deployment:
Sometimes you need to deploy assets like Web Snippets to the instance *before* any other component is deployed and initially started. The prepper can be used to download assets from Git, extract tarballs, and then call scripts to perform any custom action. The prepper has no waitFor condition, thus running directly after the PVs are created, which happens in the *backend* chart of the environment. *Prepper* is much like the *Application* Chart, but it cannot deploy anything into an Application Layer because the nappl does not yet exist.
- Added download capability to the Application Chart
You can now define downloads that the Application Chart should perform prior to executing any script or App Installation.
- CIFS mode for file storage, preventing chmod from being run in scripts, is now *on* by default.
- Renamed the *nappl* cluster if there is no prefix (as in instance name == Release.namespace due to SIM).
- Fixed a bug where some resources (defaultconfig, networkpolicies, database config, ...) were not created in the release namespace but the default.
- Added `includeNamespace`
By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to set this to `false` so you can use `kubectl apply -n <namespace> -f template.yaml` later.
Potentially Breaking Changes:
- The former Environment Chart used non-standard labels you might have used for your firewall rules. These are now normalized and the new environmental components behave just like any other component.
- Introduced *ptemp* as a persistent temp space, e.g. for the accounting logs or database dumps, etc.
- Accounting in the Storage Layer: set `accounting: true` and the CSV files will be written to *ptemp*.
## July 2024, Release 1.2.1303
- customizingMode as a new switch in *web*
- Fixed a bug with timezone data
- Add a key to switch off certificate generation if no issuer is set: createSelfSignedCertificate
- Added tcps as port with 3006 to nstl
- Fixed a bug with the resolver in combination with the instance name: Resolving was too late for some
String operations.
- Normalized all examples that no more includes are used in templates (are not necessary any more) and also
single quotes are normalized to double quotes for strings, as we now do not need to use double quotes for the
includes any more.
- Adding nscale Web tls and completing Zerotrust Mode
- Changed the default of priorityClasses: It is now OFF. See FAQ for documentation
- global flags and defaults for TZDATA / Timezone setting
Big things:
- An all new Values sub-system:
- You can now stage **any** value!
- You can now override **any** value on **any** stage!
- This also works with your own values for your custom charts
- templates used in values are automatically and recursively resolved. This also works with your custom values!
- Update to nscale 9.2.1302
- Many cleanups
Breaking Changes:
- new .Values section: *meta*
- *nscaleVersion* is now in section meta
- *componentVersion* is now in section meta
- *ports* is now in section meta
- *type* is now in section meta
- *wave* is now in section meta
- *commercial.tenant* is now in section meta
- *commercial.provider* is now in section meta
Non breaking Changes:
- *this*
In code, you can now refer to `.this.*` instead of `.Values.*`.
*this* is build from .Values (for component values), .Values.global (for instance values) and .Values.global.environment (for environment values) automatically
- automatic resolver
after condensing the `.Values` into `.this`, a new recursive resolving function now looks for any template used in values and resolves it (using `.this` values)
- new .Values section: *override*
This section is automatically applied to all .this, overwriting any existing value.
*override* is also subject to automativ compression and resolving
- Helper functions are moved from _helper.tpl to a new map in code, accessible via `$.component`.
if you used helper functions in your templates, you need to port them. They are still working, but are depricated.
- *_depricated.tpl* now holds depricated functions. They resolve to the new function / value and are subject for being removed in future majors.
- new debugging mechanism:
You might want to debug your values and functions and helm lacks some important functionality for this, like a callstack.
The new debug feature now provides this functionality. You can call `nplus.debug.enter` and `nplus.debug.leave` in your code to
add this functionality to your own definitions.
- debugging Values:
if debugging is enabled, Values are reported in the component custom resource. Just search for `DEBUG` in `helm template` code.
- to enable debug, set `debug: true` on any level. Example:
```
global:
environment:
utils:
debug: true
```
- debug also adds strict mode, so depricated functions are failing
- *init function*
if you want to use the new functionality (.this, .component, ...) in your template, call `include "nplus.init"` as first line in your code.
It initializes automatically
- new .component section with calculated values for you to use in your templates.
- fixed a bug, where nappl sync wave is after application sync wave (ArgoCD)
- Sorting and Documenting the default ArgoCD Waves (see quickstart-argo)
Breaking changes:
- renamed nstlIPRange to nstlIpRange
- In Application Chart, renamed .Values.rs to .Values.rs.host
- In Application Chart, renamed .Values.nstl to .Values.nstl.host
- changes in database Values.yaml, please check if you used it
Non breaking changes:
- Added nstlIpRange to the Storage Layer Chart to allow to open egress connections from internal Storage Layer to servers outside the cluster
- New *defaultConfig* possibility to add default config files to Charts that are used prior to image templates (e.g. for a common cold.xml)
- Added *sessionCacheStorageType* as a new parameter for NAPPL
- Adding *dbIpRange* to the cni security options
## June 2024, release 1.2.1204
- RMS now including HA Mode (see samples)
- Fixes a problem, that the SNC Files are not in the NAPPL lib directory
- Encrypt Sample
- ZeroTrust Mode
- Code cleanup
## June 2024, release 1.2.1203
- Allow Application Scripts to run before and after globally and per DocArea
- Add more logging to DAV Container
- Add PAM and SharePoint Connector to dsl
## June 2024, release 1.2.1202
- Allow multiple nscale SharePoint Connector instances with a separate configuration each
- Allow Certificate Stores to be defined as configMaps OR secrets
- current alpha Version of nscale SharePoint Connector for testing
## June 2024, release 1.2.1201
- Fixed a bug in nscale Web due to the read only file system
- Added SNC support to access SAP Server
- Added Java Certificate Keystores (cacerts and component.store)
## June 2024, release 1.2.1200
- Update to nscale Version 9.2.1200
- Adding nscale PAM (Process Automation Modeler) helm chart
- Adding nscale SharePoint Connector helm Chart
- Adding O365 Sample (with SP Connector)
- Support extra fonts (like Microsoft Core Fonts)
- Allow calling global or local custom installation scripts during initialization (application chart)
- Add Applications to Health Status
- Adding a *Zero Trust* Example (`zerotrust.yaml`). The functionality is not yet completely implemented, so this is alpha status.
- Temporarily adding Custom Project API container ("dms-api") to the instance
- Alpha Version of Ports cleanup
## May 2024, Release 1.2.11xx
- Support envFrom in all components, with secretRef. Set the secret name in `envSecret`
- Support whitelisting in ingresses
- Add Inter Pod AntiAffinity
- Now using kube-linter for pre-release checking
- Supporting CNI NetworkPolicies
## Apr 2024, Release 1.2.1004
- Test with nscale 9.2
- Operator Web GUI switch
- Deny in all ingresses
- Added Priority Classes
- Added Budgets
- Support for volumeName in PVC to supress dynamic provisioning of PVs
- Support for kubePing **and** KUBERNETES Discovery for Cluster Communication
- Documentation Updates
- Updates to dsl (nstl and operator)
- Bug Fixes
## Mar 2024, Release 1.1.1501
- Added the Operator
- Web GUI for Monitoring
- RBAC enhancements
- Remote Management Server (RMS) Preview
## Feb 2024, Release 1.1.1401
- Added Administrator Client
## Jan 2024, Release 1.1.1302
- Changed Packaging to enable new helm Repo (gitea)
- Update dsl (C4) config files
- Added support for up to 4 Storage Layer
## Jan 2024, Release 1.1.1301
- Fixed Application Chart Security Settings
- Added possibility to easily overwrite Versions
(see versions/*.yaml and e90 Example)
- Added Charts for nscale Administrator (RAP) and WebDAV Connector
- Added nstl Cluster (up to 4 Storage Layer)
- Added support for Docker Desktop Kubernetes
## Jan 2024, Release 1.1.1300
- Added Security Features:
- root-less Container
- dropped capabilities (all)
- read only root file systems on all container
- Prohibit Privilege Escalation
- New Toolbox Image
- new (controlled source) "wait" function
- new (controlled source) "webdav server" function
- Change DB Image to bitnami beacuse of better support for security features.
- User 1001 instead of 999
- no chown necessary
- support for read-only root
- Support multi-temp paths (because of read-only root)
## 23 December Release
- Security Features:
- Support for Illumio Labels and Gates