Document v6.0.0 in the release notes#669
Merged
Merged
Conversation
The release notes had not been touched since v3.4.0. Add a v6.0.0 section covering the changes that require an operator to act: nanosecond Sparkplug timestamps, Grafana moving to Keycloak OIDC, the two new default-on services and their hosts, the ConfigDB subclass and Files permission changes, removal of v1 dumps, and the ISA-95 controlled vocabulary needing to be seeded by hand. Also notes that MetaDB ships disabled and should stay that way, and that v4 and v5 were never documented here.
Following #667 and #668, both merged. The ISA-95 section no longer tells operators to build the vocabulary by hand. It points at the new ISA-95 page and its "Import from Devices" action, which derives the vocabulary from the values already saved on existing devices. Record why the import is a manual action rather than an upgrade fixup: it reads device values it does not rewrite, so running it automatically would resurrect pruned nodes on every chart upgrade. Also document the new serviceAccountsEnabled option on OIDC clients, which is opt-in and needs no action on upgrade.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Document v6.0.0 in the release notes
Summary
docs/reference/release-notes.mdhad not been touched since v3.4.0, so v4 and v5 were never written up and v6 had nothing at all. This adds av6.0.0section covering the changes an operator has to act on when upgrading from v5.1.0, and notes the v4/v5 gap rather than pretending it isn't there.Why v6 is a major release
Three independently sufficient reasons, documented in that order of importance:
uint64timestamp field now carries nanoseconds where it carried milliseconds. New code treats values below 1e15 as milliseconds, so a v6 central service reads a v5 edge agent fine. The reverse silently corrupts data: a v5 historian reading a v6 edge agent writes points dated tens of millions of years in the future. This dictates an upgrade order, which the notes spell out. It also makes ACS deliberately non-compliant with the Sparkplug B spec, which matters to any external consumer.auth.proxyand thebasic-authmiddleware are gone, Keycloak is deployed by default, and Grafana roles now come from Factory+ permission grants.WriteSuperclasseson the target class (Fixed configdb object permission for writing subclasses #638), and Files needsReadMembers(Fix ACS-Files Permissions #654).Plus the v1 ConfigDB dump format being removed, and the ISA-95 hierarchy becoming a controlled vocabulary.
Manual upgrade steps documented
openid,i3x,data-accessare all enabled by default).serviceSetup.config.grafanaPermissions, and a warning that v5 proxy-created accounts may not be reclaimed under the new UPN-based usernames.WriteSuperclassesfor any local principal that creates subclasses.Also covers
serviceAccountsEnabled(#668, opt-in, no action) and records that MetaDB ships disabled and incomplete and should stay that way.Notes for the reviewer
Every factual claim was checked against the code on
mainrather than against the PR descriptions. One claim I could not settle and have flagged in the notes as something to test: whether existing Grafana user rows created by v5's proxy auth are reclaimed by the new federated logins, or whether those users land as fresh Viewer accounts. The reclaim machinery exists (oauth_allow_insecure_email_lookup,email_attribute_path: preferred_username) but only fires when the old username matches the Kerberos UPN. Worth testing on staging before tagging, because the failure is quiet.edge-openprotocolis in the tree and the CI image build but is not invalues.yamland not in the driver list, so it cannot be selected in the Manager. I left it out of the notes; you may want to decide whether it belongs in the v6 changelog at all.