Update open-balena-s3 to 2.8.3
This makes new installations of openBalena use the S3 container as a
storage backend for the Registry service by default. Existing installs
should not be affected.
Change-type: major
Signed-off-by: Rich Bayliss <rich@balena.io>
Update open-balena-registry to 2.11.1
This allows the registry to use an S3 bucket for storing images.
Change-type: minor
Signed-off-by: Rich Bayliss <rich@balena.io>
- remove some `.gitignore` entries as this is also honoured by `balena push`
- added a step to `scripts/quickstart` to produce a single, flat `docker-compose.yml` after running
- set the compose file versions to `2.0` to ensure only supported terms are used in the `docker-compose.yml` file output
- quoted empty env values as these need to be passed in as blank, and not ommitted
- include the MDNS publisher service IF the domain being used is a .local one
- corrected spelling of macOS in script messages
- move sidecar container source into ./src as per convention
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Update open-balena-registry to 2.7.0
This allows registry to be configured to use its internal Redis instance for caching. It is still disabled by default though.
Change-type: minor
Update open-balena-api from 0.11.8 to 0.19.5
This brings in the latest bugfixes and changes.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Credentials for S3 can now be specified using the
following docker-compose based envvars:
* S3_MINIO_ACCESS_KEY
* S3_MINIO_SECRET_KEY
Connects-to: #48
Change-type: minor
Signed-off-by: Heds Simons <heds@balena.io>
For convenience, also add instructions what to install.
Tha change also addresses invalid usage of 'local' outside of a function.
Change-type: patch
Signed-off-by: Roman Mazur <mazur.roman@gmail.com>
The VPN CA shouldn't need to be signed by the same CA that the HAproxy service
certificate is signed by. By removing this chain we are able to use a
different CA for the HTTPS services without impacting on the VPN service.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
In order to have concrete releases of openBalena we should pin each
service to a given version. This PR is the start of this and marks
the first version of openBalena with known service tags.
Change-type: major
Signed-off-by: Rich Bayliss <rich@balena.io>
Add a service which will acquire certificates from an ACME cert
provider, such as LetsEncrypt (), to allow an openBalena instance
to use a publicly trusted certificate instead of the self-signed
one it wil generate on setup.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
We are currently exposing the DB and Redis ports to the host, making the services externally accessible, which is very useful for a development environment.
`docker-compose` is however the only deployment method we currently support, and our Getting Started guide uses the very same configuration to guide users through the process of deploying open-balena on a public server (mostly because it’s easier with regards to DNS). This means we’re effectively guiding users to deploy open-balena in a very insecure way.
This commit removes host port bindings for the database and Redis services, effectively making them externally inaccessible.
Fixes#34
Change-type: minor
Vagrant machine is based on Ubuntu 18.04 including:
- docker
- docker-compose
Provisions some helper functions to the CLI:
- dc (shortcut to ./scripts/compose)
- enter {service} (opens a terminal in the service's container)
- logs {service} (access the journal of the service)
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>