nplus/HISTORY.md

# Version History

## February 2025, beta 168

- Remove extra certificate from RMS component

## January 2025, beta 167

- Update to nscale 9.3.1300
- Added terminationGracePeriodSeconds to all PODs, can now be set with `.terminationGracePeriodSeconds`

## december 2024, beta 166

- the secondary disk is now optional and needs to be enabled with `mounts.disk.enabled: true`.
- the default mount for the hid is now on the secondary disk. If you have hid enabled, this is a breaking change! Make sure you deal with existing HID files.

## december 2024, beta 164

- Separated the buffers and DA for performance reasons in nstl. The buffers are now stored on a new volume *disk*.
- Added `/var/crash` to nstl, storing potential crash dumps on pTemp.

## december 2024, beta 163

- Update to nscale 9.3.1202
- Next to .this.resources, you can now also set .this.sidecarResources and .this.initResources.
  However, you should not do so unless you know what you are doing.

## december 2024, beta 162

- Changed Resources for Fluentbit Sidecar Container

## december 2024, beta 161

- Added startup probes for all components

## November 2024, beta 160

- Added a startup probe for nstl

## November 2024, beta 159

- Added .instance.stage to identify a stage

## November 2024, beta 158

- Added service.name for Open Telemetry

## Oktober 2024, beta 157

- Latest ERP-Proxy Version by Ceyoniq. This also has been **renamed** to **erpproxy** to match the **eprcmis** connector chart naming
- First BETA of ERP-CMIS Connector in directory **erpcmis**
- Added the possibility to add Annotations to Payloads, for the use with OpenTelemetry  
  Also see [here](https://opentelemetry.io/docs/kubernetes/operator/automatic/)
- Also added hard coded openTelemetry support for convenience
- Fixed a bug where the prepper chart waited for post sync in argo deployments

## Oktober 2024, beta 156

- nscale ERP Proxy Chart now available. There is still a bug in this first image by Ceyoniq, so the chart will not bring up a running
  system yet. But the Values are in, so you can start setting up the instances.

## Oktober 2024, beta 155

- Added the possibility to use configMaps and secrets in the generic mount interface.  
  Please see the *generic* example for details

## September 2024, release 1.2.1500

- Update to nscale 9.2.1502
- Added value `logForwarder.db` to set a fully qualified path to the database file, in case you do not want to have it along the logs.  
  Example:
  ```
  logForwarder:
  - name: Accounting
    path: "/opt/ceyoniq/nscale-server/storage-layer/accounting/*.csv"
    db: "/opt/ceyoniq/nscale-server/storage-layer/logsdb/logs.db"
  ```
- BASEFOLDER Value Typo corrected in SharePoint. Is now `Values.nappl.baseFolder`
- The default value for `doInitialCrawl` was a bool. It is now a string `false` which is correct.
- You can now add any extra Annotation to services and ingresses.
  Example:
  ```
  global:
    ingress:
      annotations:
        nginx.org/proxy-read-timeout: "20s"
    service:
      annotations:
        consul.hashicorp.com/service-sync: "true"
  ```
- Add `.this.ingress.proxyReadTimeout` to set this extra annotation to ingress objects
- Ports can now be disabled in NetworkPolicies, if you use a CNI driver that does not support them.
  This is especially for the "endPort" Attribute, that is currently not supported by Cilium.
- Added port 443 to the egress in Network Policies for Pods accessing the K8s API
- there was a duplicate podDisruptionBudget. Fixed it.
- Fixed a bug with respect to Volume Names / Static Volumes and Storage Classes
- Correction of documentation regarding `global.pullSecretOverride` (wrong, missing s) and `global.pullSecretsOverride` (correct)
- Fixed a bug where PAM could not communication with JOBSNAPPL in a HA scenario

## August 2024, release 1.2.1400

- Fixed bugs regarding KubePing Protocol in Version < 9.1

- Fixed bugs regarding tenant-chart-agro. Be aware: It was the .helmignore after all.

- Added nscale 9.1.1506 to versions and released the chart version to repo

- The Application Chart now waits a minute before executing to prevent race condition problems
- Setting SERVER_BASE_URL in Application Layer for SAML redirects to work
- Added Liveness Probes

- Added the possibility to define *PodDisruptionBudgets* for any component.

- Added a readyness probe to postgres
- reviewed the resource consumption and added better requests and limits. Also see the sample *resources*

- Working on the documentation
- updated sharepoint chart to meet the latest specs from Ceyoniq
- Sharepoint Connector is now a StatefulSet
- SharePoint DoInitialCrawl now defaults to false
- Changed nstl and sharepoint updateStrategy to OnDelete
- Update Sharepoint to version 9.2.1400

- Update nscale auf 9.2.1402
- The nstl HID Check was disabled by default, as it only made sense when using multiple volumes. Now, we habe pTemp since a few builds, so it makes  
  sense now to store the hid file to pTemp. Therefore a new pTemp directory *hid* has been created to hold this file. The new sample *hid* shows how to turn this feature on.
- nstl checks the *audit.log* size when starting up. After an update, the log directory on emptydir got deleted when re-creating the new pod. This caused  
  the audit log to be empty and caused an error. The log directory of nstl has also now moved to pTemp to avoid this.
- Added *limitations.md* to the docs directory and READMEs

- Update jsonl structure to get AI Support Assistent running

- Health Check des SP Connectors nun auf `/nscale_spc/images/icons/PowerPoint.svg`

- Added *generic mounts* to be able to add any pre provisioned PV to a container. Like a smb, nfs oder cifs share with migration data for pipeliner for example.
- Moved the nstl cluster service to the nstl chart and made sure the default ports etc. are used correctly
- Bugfix in domain name

- Adding *Service* configuration section to most components. This section can be used to disable a components service (along with the potential ingress) to  
  be able to configure cluster services for retrieval (used in the SharePoint scenario). Please see the sharepoint sample for more information
- Adding a clusterService configuration as an additional option to achieve above goal

- Commented the SharePoint Probe out, because it needs work

- New Instance Group Feature  
  You can set an alternative `.instance.group` to bundle multiple Instances together. This will allow traffic to be passed beween all instances within this group.  
  This is ment to be used for large instances that you might want to split up. Please see the `group` sample.
- Fixed a bug in the resolver, preventing sliced maps to be deepCopied into .this

- Fixed a bug concerning Postgres PullSecrets
- Added pullSecretsOverride 
- waitFor can now be turned off if you feel argoWaves are all you need:  
  ```
  utils.disableWait: true
  ```
- argoCD Waves can now be turned off if you feel waitFor is all you need:  
  ```
  utils.disableWave: true
  ```
- Added FluentBit:2.0 as default LogForwarder e.g. for the Accounting Log. 

- Changed the default argoCD waves to make sure the prepper runs first
- Fixed a bug, where the condition of the sharepoint instances were all bound to the same key
- Adding *Maintenance Mode*, to start pods without starting the service, providing the possibility to gain access to the container to perform recovery tasks that need to be done offline. In order to do this:
    - All *waitFor* definitions are ignored
    - All *Health Checks* are ignored
    - The container starts in idle
    - Application Jobs are disabled
  You can put a component, an instance or the whole environment into maintenance.
- Adding a new values map: `.instance` holding `.instance.version` currently, showing the nscale Version installed (pinning the nappl)
- Adding downward compatability for `nscaleVersion` and `componentVersion`
- the *nplus Environment Chart* now has a *prepper* component you can turn on if needed
- nstore Downloader is now *disabled* by default
- Renamed Administrator Server aka RMS to *nplus Remote Management Server*  
  This should show the proximity to the *nscale Remote Management Service* and the idea of using a *virtual Server* for the rich Admin Client
- worked on Documentation
- Re-Structuring the Samples Directory

Breaking Changes

- The **storageClass** of a static volume is now set to empty ("") to prevent the PV from being bound to the wrong PVC. We also recommend putting a claimRef into your PV to make sure only the correct PVC can bind to it.  
  Your PV also has to set the storage class to "" otherwise it will not bind.  
  see https://kubernetes.io/docs/concepts/storage/persistent-volumes/

- Slicing Environment Chart into Subcharts:
  The Environment Chart is now an Umbrella Chart. It references the operator, toolbox, dav and backend separately. By that means, you can now also add those charts to the Instance Umbrella Chart with *SIM*

- Adding *SIM* to Instance
  The *Single Instance Mode* lets you run a single *nplus Instance* in your namespace. The Instance *should* be named after the namespace. You can turn on the environmental components *operator, toolbox, dav and backend* in the Instance chart to get a single chart that brings all it needs

- Excluding "globals" from ArgoCD Values
  There was a large globals section in the ArgoCD Application, that was unnecessary. It is removed

- Adding *Prepper* as a component to deploy git assets prior to component deployment:
  Sometimes you need to deploy assets like Web Snippets to the Instance *before* any other component is deployed and initially started. The prepper can be used to download assets from git, extract tarballs and then calling scripts to perform any custom action. The prepper has no waitFor condition, thus running directly after the PVs are created, which happens in the *backend* chart of the environment. *Prepper* ist much like the *Application* Chart, but it of course cannot deploy anything into an Application Layer, as the nappl not yet exists.

- Adding download capability to the Application Chart
  You can now define downloads, that the Application Chart should perform prior to executing any script or App Installation

- CIFS Mode for File Storage, preventing chmod from being run in scripts, is now *on* by default.
- Renamed the *nappl* Cluster, if there is no prefix (as in instance name == Release.namespace due to SIM)
- fixed a bug, where some resources (defaultconfig, networkpolicies, database config, ...) were not created in the release namespace but the default

- Added `includeNamespace`
  By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later

Potentially Breaking Changes:

- The former Environment Chart used non-Standard Labels you might have used for your firewall rules. These are now normalized and the new environmental components behave just like any other component.

- Introduced *ptemp* as a persistent temp space, e.g. for the accounting logs or database dumps etc.
- Accounting in Storage Layer: set `accounting: true` and the csv files will be written to *ptemp*

## July 2024, release 1.2.1303

- customizingMode as new switch in *web*
- fixed a bug with timezone data
- Add a key to switch off certificate generation if no issuer is set: createSelfSignedCertificate
- Added tcps as port with 3006 to nstl
- Fixed a bug with the resolver in combination with the instance name: Resolving was too late for some
  String operations.
- Normalized all examples that no more includes are used in templates (are not necessary any more) and also 
  single quotes are normalized to double quotes for strings, as we now do not need to use double quotes for the
  includes any more.
- Adding nscale Web tls and completing Zerotrust Mode
- Changed the default of priorityClasses: It is now OFF. See FAQ for documentation
- global flags and defaults for TZDATA / Timezone setting

Big things:

- An all new Values sub-system:
  - You can now stage **any** value!
  - You can now override **any** value on **any** stage!
  - This also works with your own values for your custom charts
  - templates used in values are automatically and recursively resolved. This also works with your custom values!
- Update to nscale 9.2.1302
- Many cleanups

Breaking Changes:

- new .Values section: *meta*
- *nscaleVersion* is now in section meta
- *componentVersion* is now in section meta
- *ports* is now in section meta
- *type* is now in section meta
- *wave* is now in section meta
- *commercial.tenant* is now in section meta
- *commercial.provider* is now in section meta

Non breaking Changes:

- *this*  
    In code, you can now refer to `.this.*` instead of `.Values.*`.
    *this* is build from .Values (for component values), .Values.global (for instance values) and .Values.global.environment (for environment values) automatically
- automatic resolver  
    after condensing the `.Values` into `.this`, a new recursive resolving function now looks for any template used in values and resolves it (using `.this` values)
- new .Values section: *override*  
    This section is automatically applied to all .this, overwriting any existing value.
    *override* is also subject to automativ compression and resolving

- Helper functions are moved from _helper.tpl to a new map in code, accessible via `$.component`.  
    if you used helper functions in your templates, you need to port them. They are still working, but are depricated.

- *_depricated.tpl* now holds depricated functions. They resolve to the new function / value and are subject for being removed in future majors.

- new debugging mechanism:  
    You might want to debug your values and functions and helm lacks some important functionality for this, like a callstack.
    The new debug feature now provides this functionality. You can call `nplus.debug.enter` and `nplus.debug.leave` in your code to 
    add this functionality to your own definitions.
- debugging Values:
    if debugging is enabled, Values are reported in the component custom resource. Just search for `DEBUG` in `helm template` code.
- to enable debug, set `debug: true` on any level. Example:
    ```
    global:
      environment:
        utils:
          debug: true
    ```
- debug also adds strict mode, so depricated functions are failing

- *init function*  
    if you want to use the new functionality (.this, .component, ...) in your template, call `include "nplus.init"` as first line in your code.
    It initializes automatically

- new .component section with calculated values for you to use in your templates.
- fixed a bug, where nappl sync wave is after application sync wave (ArgoCD)
- Sorting and Documenting the default ArgoCD Waves (see quickstart-argo)

Breaking changes:

- renamed nstlIPRange to nstlIpRange
- In Application Chart, renamed .Values.rs to .Values.rs.host
- In Application Chart, renamed .Values.nstl to .Values.nstl.host
- changes in database Values.yaml, please check if you used it

Non breaking changes:

- Added nstlIpRange to the Storage Layer Chart to allow to open egress connections from internal Storage Layer to servers outside the cluster
- New *defaultConfig* possibility to add default config files to Charts that are used prior to image templates (e.g. for a common cold.xml)
- Added *sessionCacheStorageType* as a new parameter for NAPPL
- Adding *dbIpRange* to the cni security options

## June 2024, release 1.2.1204

- RMS now including HA Mode (see samples)
- Fixes a problem, that the SNC Files are not in the NAPPL lib directory
- Encrypt Sample
- ZeroTrust Mode
- Code cleanup

## June 2024, release 1.2.1203

- Allow Application Scripts to run before and after globally and per DocArea
- Add more logging to DAV Container
- Add PAM and SharePoint Connector to dsl

## June 2024, release 1.2.1202

- Allow multiple nscale SharePoint Connector instances with a separate configuration each
- Allow Certificate Stores to be defined as configMaps OR secrets
- current alpha Version of nscale SharePoint Connector for testing

## June 2024, release 1.2.1201

- Fixed a bug in nscale Web due to the read only file system
- Added SNC support to access SAP Server
- Added Java Certificate Keystores (cacerts and component.store)

## June 2024, release 1.2.1200

- Update to nscale Version 9.2.1200
- Adding nscale PAM (Process Automation Modeler) helm chart
- Adding nscale SharePoint Connector helm Chart
- Adding O365 Sample (with SP Connector)
- Support extra fonts (like Microsoft Core Fonts)
- Allow calling global or local custom installation scripts during initialization (application chart)
- Add Applications to Health Status
- Adding a *Zero Trust* Example (`zerotrust.yaml`). The functionality is not yet completely implemented, so this is alpha status.
- Temporarily adding Custom Project API container ("dms-api") to the instance
- Alpha Version of Ports cleanup

## May 2024, Release 1.2.11xx

- Support envFrom in all components, with secretRef. Set the secret name in `envSecret`
- Support whitelisting in ingresses
- Add Inter Pod AntiAffinity
- Now using kube-linter for pre-release checking
- Supporting CNI NetworkPolicies

## Apr 2024, Release 1.2.1004

- Test with nscale 9.2
- Operator Web GUI switch
- Deny in all ingresses
- Added Priority Classes
- Added Budgets
- Support for volumeName in PVC to supress dynamic provisioning of PVs
- Support for kubePing **and** KUBERNETES Discovery for Cluster Communication
- Documentation Updates
- Updates to dsl (nstl and operator)
- Bug Fixes

## Mar 2024, Release 1.1.1501

- Added the Operator
- Web GUI for Monitoring
- RBAC enhancements
- Remote Management Server (RMS) Preview

## Feb 2024, Release 1.1.1401

- Added Administrator Client

## Jan 2024, Release 1.1.1302

- Changed Packaging to enable new helm Repo (gitea)
- Update dsl (C4) config files
- Added support for up to 4 Storage Layer

## Jan 2024, Release 1.1.1301

- Fixed Application Chart Security Settings
- Added possibility to easily overwrite Versions
    (see versions/*.yaml and e90 Example)
- Added Charts for nscale Administrator (RAP) and WebDAV Connector
- Added nstl Cluster (up to 4 Storage Layer)
- Added support for Docker Desktop Kubernetes


## Jan 2024, Release 1.1.1300

- Added Security Features:
    - root-less Container
    - dropped capabilities (all)
    - read only root file systems on all container
    - Prohibit Privilege Escalation
- New Toolbox Image
    - new (controlled source) "wait" function
    - new (controlled source) "webdav server" function
- Change DB Image to bitnami beacuse of better support for security features.
    - User 1001 instead of 999
    - no chown necessary
    - support for read-only root
- Support multi-temp paths (because of read-only root)

## 23 December Release

- Security Features:
    - Support for Illumio Labels and Gates
Public Information 2025-01-24 16:18:47 +01:00			`# Version History`

			`## February 2025, beta 168`

			`- Remove extra certificate from RMS component`

			`## January 2025, beta 167`

			`- Update to nscale 9.3.1300`
			- Added terminationGracePeriodSeconds to all PODs, can now be set with `.terminationGracePeriodSeconds`

			`## december 2024, beta 166`

			- the secondary disk is now optional and needs to be enabled with `mounts.disk.enabled: true`.
			`- the default mount for the hid is now on the secondary disk. If you have hid enabled, this is a breaking change! Make sure you deal with existing HID files.`

			`## december 2024, beta 164`

			`- Separated the buffers and DA for performance reasons in nstl. The buffers are now stored on a new volume disk.`
			- Added `/var/crash` to nstl, storing potential crash dumps on pTemp.

			`## december 2024, beta 163`

			`- Update to nscale 9.3.1202`
			`- Next to .this.resources, you can now also set .this.sidecarResources and .this.initResources.`
			`However, you should not do so unless you know what you are doing.`

			`## december 2024, beta 162`

			`- Changed Resources for Fluentbit Sidecar Container`

			`## december 2024, beta 161`

			`- Added startup probes for all components`

			`## November 2024, beta 160`

			`- Added a startup probe for nstl`

			`## November 2024, beta 159`

			`- Added .instance.stage to identify a stage`

			`## November 2024, beta 158`

			`- Added service.name for Open Telemetry`

			`## Oktober 2024, beta 157`

			`- Latest ERP-Proxy Version by Ceyoniq. This also has been renamed to erpproxy to match the eprcmis connector chart naming`
			`- First BETA of ERP-CMIS Connector in directory erpcmis`
			`- Added the possibility to add Annotations to Payloads, for the use with OpenTelemetry`
			`Also see [here](https://opentelemetry.io/docs/kubernetes/operator/automatic/)`
			`- Also added hard coded openTelemetry support for convenience`
			`- Fixed a bug where the prepper chart waited for post sync in argo deployments`

			`## Oktober 2024, beta 156`

			`- nscale ERP Proxy Chart now available. There is still a bug in this first image by Ceyoniq, so the chart will not bring up a running`
			`system yet. But the Values are in, so you can start setting up the instances.`

			`## Oktober 2024, beta 155`

			`- Added the possibility to use configMaps and secrets in the generic mount interface.`
			`Please see the generic example for details`

			`## September 2024, release 1.2.1500`

			`- Update to nscale 9.2.1502`
			- Added value `logForwarder.db` to set a fully qualified path to the database file, in case you do not want to have it along the logs.
			`Example:`
			```
			`logForwarder:`
			`- name: Accounting`
			`path: "/opt/ceyoniq/nscale-server/storage-layer/accounting/*.csv"`
			`db: "/opt/ceyoniq/nscale-server/storage-layer/logsdb/logs.db"`
			```
			- BASEFOLDER Value Typo corrected in SharePoint. Is now `Values.nappl.baseFolder`
			- The default value for `doInitialCrawl` was a bool. It is now a string `false` which is correct.
			`- You can now add any extra Annotation to services and ingresses.`
			`Example:`
			```
			`global:`
			`ingress:`
			`annotations:`
			`nginx.org/proxy-read-timeout: "20s"`
			`service:`
			`annotations:`
			`consul.hashicorp.com/service-sync: "true"`
			```
			- Add `.this.ingress.proxyReadTimeout` to set this extra annotation to ingress objects
			`- Ports can now be disabled in NetworkPolicies, if you use a CNI driver that does not support them.`
			`This is especially for the "endPort" Attribute, that is currently not supported by Cilium.`
			`- Added port 443 to the egress in Network Policies for Pods accessing the K8s API`
			`- there was a duplicate podDisruptionBudget. Fixed it.`
			`- Fixed a bug with respect to Volume Names / Static Volumes and Storage Classes`
			- Correction of documentation regarding `global.pullSecretOverride` (wrong, missing s) and `global.pullSecretsOverride` (correct)
			`- Fixed a bug where PAM could not communication with JOBSNAPPL in a HA scenario`

			`## August 2024, release 1.2.1400`

			`- Fixed bugs regarding KubePing Protocol in Version < 9.1`

			`- Fixed bugs regarding tenant-chart-agro. Be aware: It was the .helmignore after all.`

			`- Added nscale 9.1.1506 to versions and released the chart version to repo`

			`- The Application Chart now waits a minute before executing to prevent race condition problems`
			`- Setting SERVER_BASE_URL in Application Layer for SAML redirects to work`
			`- Added Liveness Probes`

			`- Added the possibility to define PodDisruptionBudgets for any component.`

			`- Added a readyness probe to postgres`
			`- reviewed the resource consumption and added better requests and limits. Also see the sample resources`

			`- Working on the documentation`
			`- updated sharepoint chart to meet the latest specs from Ceyoniq`
			`- Sharepoint Connector is now a StatefulSet`
			`- SharePoint DoInitialCrawl now defaults to false`
			`- Changed nstl and sharepoint updateStrategy to OnDelete`
			`- Update Sharepoint to version 9.2.1400`

			`- Update nscale auf 9.2.1402`
			`- The nstl HID Check was disabled by default, as it only made sense when using multiple volumes. Now, we habe pTemp since a few builds, so it makes`
			`sense now to store the hid file to pTemp. Therefore a new pTemp directory hid has been created to hold this file. The new sample hid shows how to turn this feature on.`
			`- nstl checks the audit.log size when starting up. After an update, the log directory on emptydir got deleted when re-creating the new pod. This caused`
			`the audit log to be empty and caused an error. The log directory of nstl has also now moved to pTemp to avoid this.`
			`- Added limitations.md to the docs directory and READMEs`

			`- Update jsonl structure to get AI Support Assistent running`

			- Health Check des SP Connectors nun auf `/nscale_spc/images/icons/PowerPoint.svg`

			`- Added generic mounts to be able to add any pre provisioned PV to a container. Like a smb, nfs oder cifs share with migration data for pipeliner for example.`
			`- Moved the nstl cluster service to the nstl chart and made sure the default ports etc. are used correctly`
			`- Bugfix in domain name`

			`- Adding Service configuration section to most components. This section can be used to disable a components service (along with the potential ingress) to`
			`be able to configure cluster services for retrieval (used in the SharePoint scenario). Please see the sharepoint sample for more information`
			`- Adding a clusterService configuration as an additional option to achieve above goal`

			`- Commented the SharePoint Probe out, because it needs work`

			`- New Instance Group Feature`
			You can set an alternative `.instance.group` to bundle multiple Instances together. This will allow traffic to be passed beween all instances within this group.
			This is ment to be used for large instances that you might want to split up. Please see the `group` sample.
			`- Fixed a bug in the resolver, preventing sliced maps to be deepCopied into .this`

			`- Fixed a bug concerning Postgres PullSecrets`
			`- Added pullSecretsOverride`
			`- waitFor can now be turned off if you feel argoWaves are all you need:`
			```
			`utils.disableWait: true`
			```
			`- argoCD Waves can now be turned off if you feel waitFor is all you need:`
			```
			`utils.disableWave: true`
			```
			`- Added FluentBit:2.0 as default LogForwarder e.g. for the Accounting Log.`

			`- Changed the default argoCD waves to make sure the prepper runs first`
			`- Fixed a bug, where the condition of the sharepoint instances were all bound to the same key`
			`- Adding Maintenance Mode, to start pods without starting the service, providing the possibility to gain access to the container to perform recovery tasks that need to be done offline. In order to do this:`
			`- All waitFor definitions are ignored`
			`- All Health Checks are ignored`
			`- The container starts in idle`
			`- Application Jobs are disabled`
			`You can put a component, an instance or the whole environment into maintenance.`
			- Adding a new values map: `.instance` holding `.instance.version` currently, showing the nscale Version installed (pinning the nappl)
			- Adding downward compatability for `nscaleVersion` and `componentVersion`
			`- the nplus Environment Chart now has a prepper component you can turn on if needed`
			`- nstore Downloader is now disabled by default`
			`- Renamed Administrator Server aka RMS to nplus Remote Management Server`
			`This should show the proximity to the nscale Remote Management Service and the idea of using a virtual Server for the rich Admin Client`
			`- worked on Documentation`
			`- Re-Structuring the Samples Directory`

			`Breaking Changes`

			`- The storageClass of a static volume is now set to empty ("") to prevent the PV from being bound to the wrong PVC. We also recommend putting a claimRef into your PV to make sure only the correct PVC can bind to it.`
			`Your PV also has to set the storage class to "" otherwise it will not bind.`
			`see https://kubernetes.io/docs/concepts/storage/persistent-volumes/`

			`- Slicing Environment Chart into Subcharts:`
			`The Environment Chart is now an Umbrella Chart. It references the operator, toolbox, dav and backend separately. By that means, you can now also add those charts to the Instance Umbrella Chart with SIM`

			`- Adding SIM to Instance`
			`The Single Instance Mode lets you run a single nplus Instance in your namespace. The Instance should be named after the namespace. You can turn on the environmental components operator, toolbox, dav and backend in the Instance chart to get a single chart that brings all it needs`

			`- Excluding "globals" from ArgoCD Values`
			`There was a large globals section in the ArgoCD Application, that was unnecessary. It is removed`

			`- Adding Prepper as a component to deploy git assets prior to component deployment:`
			Sometimes you need to deploy assets like Web Snippets to the Instance before any other component is deployed and initially started. The prepper can be used to download assets from git, extract tarballs and then calling scripts to perform any custom action. The prepper has no waitFor condition, thus running directly after the PVs are created, which happens in the backend chart of the environment. Prepper ist much like the Application Chart, but it of course cannot deploy anything into an Application Layer, as the nappl not yet exists.

			`- Adding download capability to the Application Chart`
			`You can now define downloads, that the Application Chart should perform prior to executing any script or App Installation`

			`- CIFS Mode for File Storage, preventing chmod from being run in scripts, is now on by default.`
			`- Renamed the nappl Cluster, if there is no prefix (as in instance name == Release.namespace due to SIM)`
			`- fixed a bug, where some resources (defaultconfig, networkpolicies, database config, ...) were not created in the release namespace but the default`

			- Added `includeNamespace`
			By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later

			`Potentially Breaking Changes:`

			`- The former Environment Chart used non-Standard Labels you might have used for your firewall rules. These are now normalized and the new environmental components behave just like any other component.`

			`- Introduced ptemp as a persistent temp space, e.g. for the accounting logs or database dumps etc.`
			- Accounting in Storage Layer: set `accounting: true` and the csv files will be written to ptemp

			`## July 2024, release 1.2.1303`

			`- customizingMode as new switch in web`
			`- fixed a bug with timezone data`
			`- Add a key to switch off certificate generation if no issuer is set: createSelfSignedCertificate`
			`- Added tcps as port with 3006 to nstl`
			`- Fixed a bug with the resolver in combination with the instance name: Resolving was too late for some`
			`String operations.`
			`- Normalized all examples that no more includes are used in templates (are not necessary any more) and also`
			`single quotes are normalized to double quotes for strings, as we now do not need to use double quotes for the`
			`includes any more.`
			`- Adding nscale Web tls and completing Zerotrust Mode`
			`- Changed the default of priorityClasses: It is now OFF. See FAQ for documentation`
			`- global flags and defaults for TZDATA / Timezone setting`

			`Big things:`

			`- An all new Values sub-system:`
			`- You can now stage any value!`
			`- You can now override any value on any stage!`
			`- This also works with your own values for your custom charts`
			`- templates used in values are automatically and recursively resolved. This also works with your custom values!`
			`- Update to nscale 9.2.1302`
			`- Many cleanups`

			`Breaking Changes:`

			`- new .Values section: meta`
			`- nscaleVersion is now in section meta`
			`- componentVersion is now in section meta`
			`- ports is now in section meta`
			`- type is now in section meta`
			`- wave is now in section meta`
			`- commercial.tenant is now in section meta`
			`- commercial.provider is now in section meta`

			`Non breaking Changes:`

			`- this`
			In code, you can now refer to `.this.` instead of `.Values.`.
			`this is build from .Values (for component values), .Values.global (for instance values) and .Values.global.environment (for environment values) automatically`
			`- automatic resolver`
			after condensing the `.Values` into `.this`, a new recursive resolving function now looks for any template used in values and resolves it (using `.this` values)
			`- new .Values section: override`
			`This section is automatically applied to all .this, overwriting any existing value.`
			`override is also subject to automativ compression and resolving`

			- Helper functions are moved from _helper.tpl to a new map in code, accessible via `$.component`.
			`if you used helper functions in your templates, you need to port them. They are still working, but are depricated.`

			`- _depricated.tpl now holds depricated functions. They resolve to the new function / value and are subject for being removed in future majors.`

			`- new debugging mechanism:`
			`You might want to debug your values and functions and helm lacks some important functionality for this, like a callstack.`
			The new debug feature now provides this functionality. You can call `nplus.debug.enter` and `nplus.debug.leave` in your code to
			`add this functionality to your own definitions.`
			`- debugging Values:`
			if debugging is enabled, Values are reported in the component custom resource. Just search for `DEBUG` in `helm template` code.
			- to enable debug, set `debug: true` on any level. Example:
			```
			`global:`
			`environment:`
			`utils:`
			`debug: true`
			```
			`- debug also adds strict mode, so depricated functions are failing`

			`- init function`
			if you want to use the new functionality (.this, .component, ...) in your template, call `include "nplus.init"` as first line in your code.
			`It initializes automatically`

			`- new .component section with calculated values for you to use in your templates.`
			`- fixed a bug, where nappl sync wave is after application sync wave (ArgoCD)`
			`- Sorting and Documenting the default ArgoCD Waves (see quickstart-argo)`

			`Breaking changes:`

			`- renamed nstlIPRange to nstlIpRange`
			`- In Application Chart, renamed .Values.rs to .Values.rs.host`
			`- In Application Chart, renamed .Values.nstl to .Values.nstl.host`
			`- changes in database Values.yaml, please check if you used it`

			`Non breaking changes:`

			`- Added nstlIpRange to the Storage Layer Chart to allow to open egress connections from internal Storage Layer to servers outside the cluster`
			`- New defaultConfig possibility to add default config files to Charts that are used prior to image templates (e.g. for a common cold.xml)`
			`- Added sessionCacheStorageType as a new parameter for NAPPL`
			`- Adding dbIpRange to the cni security options`

			`## June 2024, release 1.2.1204`

			`- RMS now including HA Mode (see samples)`
			`- Fixes a problem, that the SNC Files are not in the NAPPL lib directory`
			`- Encrypt Sample`
			`- ZeroTrust Mode`
			`- Code cleanup`

			`## June 2024, release 1.2.1203`

			`- Allow Application Scripts to run before and after globally and per DocArea`
			`- Add more logging to DAV Container`
			`- Add PAM and SharePoint Connector to dsl`

			`## June 2024, release 1.2.1202`

			`- Allow multiple nscale SharePoint Connector instances with a separate configuration each`
			`- Allow Certificate Stores to be defined as configMaps OR secrets`
			`- current alpha Version of nscale SharePoint Connector for testing`

			`## June 2024, release 1.2.1201`

			`- Fixed a bug in nscale Web due to the read only file system`
			`- Added SNC support to access SAP Server`
			`- Added Java Certificate Keystores (cacerts and component.store)`

			`## June 2024, release 1.2.1200`

			`- Update to nscale Version 9.2.1200`
			`- Adding nscale PAM (Process Automation Modeler) helm chart`
			`- Adding nscale SharePoint Connector helm Chart`
			`- Adding O365 Sample (with SP Connector)`
			`- Support extra fonts (like Microsoft Core Fonts)`
			`- Allow calling global or local custom installation scripts during initialization (application chart)`
			`- Add Applications to Health Status`
			- Adding a Zero Trust Example (`zerotrust.yaml`). The functionality is not yet completely implemented, so this is alpha status.
			`- Temporarily adding Custom Project API container ("dms-api") to the instance`
			`- Alpha Version of Ports cleanup`

			`## May 2024, Release 1.2.11xx`

			- Support envFrom in all components, with secretRef. Set the secret name in `envSecret`
			`- Support whitelisting in ingresses`
			`- Add Inter Pod AntiAffinity`
			`- Now using kube-linter for pre-release checking`
			`- Supporting CNI NetworkPolicies`

			`## Apr 2024, Release 1.2.1004`

			`- Test with nscale 9.2`
			`- Operator Web GUI switch`
			`- Deny in all ingresses`
			`- Added Priority Classes`
			`- Added Budgets`
			`- Support for volumeName in PVC to supress dynamic provisioning of PVs`
			`- Support for kubePing and KUBERNETES Discovery for Cluster Communication`
			`- Documentation Updates`
			`- Updates to dsl (nstl and operator)`
			`- Bug Fixes`

			`## Mar 2024, Release 1.1.1501`

			`- Added the Operator`
			`- Web GUI for Monitoring`
			`- RBAC enhancements`
			`- Remote Management Server (RMS) Preview`

			`## Feb 2024, Release 1.1.1401`

			`- Added Administrator Client`

			`## Jan 2024, Release 1.1.1302`

			`- Changed Packaging to enable new helm Repo (gitea)`
			`- Update dsl (C4) config files`
			`- Added support for up to 4 Storage Layer`

			`## Jan 2024, Release 1.1.1301`

			`- Fixed Application Chart Security Settings`
			`- Added possibility to easily overwrite Versions`
			`(see versions/*.yaml and e90 Example)`
			`- Added Charts for nscale Administrator (RAP) and WebDAV Connector`
			`- Added nstl Cluster (up to 4 Storage Layer)`
			`- Added support for Docker Desktop Kubernetes`


			`## Jan 2024, Release 1.1.1300`

			`- Added Security Features:`
			`- root-less Container`
			`- dropped capabilities (all)`
			`- read only root file systems on all container`
			`- Prohibit Privilege Escalation`
			`- New Toolbox Image`
			`- new (controlled source) "wait" function`
			`- new (controlled source) "webdav server" function`
			`- Change DB Image to bitnami beacuse of better support for security features.`
			`- User 1001 instead of 999`
			`- no chown necessary`
			`- support for read-only root`
			`- Support multi-temp paths (because of read-only root)`

			`## 23 December Release`

			`- Security Features:`
			`- Support for Illumio Labels and Gates`