azure-industrial-iot Helm chart 0.3.2

This is the release of version 0.3.2 of the azure-industrial-iot Helm chart, which deploys version 2.7.206 of the Azure Industrial IoT components.

Release Notes

• Removal of OPC Vault service and dependencies #970

Azure Industrial IoT Release 2.7.206

We are pleased to announce that we are releasing the next update, 2.7.206 of the Azure Industrial IoT Platform.

One of the changes that will be delivered with the update are the removal of Bouncy Castle as a dependency, a collection of APIs used in cryptography. Based on the new System.Formats.Asn1 library released with .NET Core 5 many ASN.1 encoding and decoding operations have been reimplemented to be able to retire the dependency on the external crypto library, Bouncy Castle.

The following is the detailed list of changes that are part of this point release:

• Update OPC Stack to latest version without Bouncy Castle dependency removed.
• Update CDM package to latest official version on nuget.org and remove multi-feed configuration to improve build security
• Ensure device scope is set on OPC Twin endpoint to fix #831
• Remove OPC Vault service experimental service and dependencies including Bouncy Castle.

We suggest to update from the version 2.6 or later to ensure secure operations of your deployment. 2.7.206 is not backwards compatible with version 2.5. Updated Helm charts will follow in the next days and will be announced separately.

OPC Publisher Release 2.5.4

We added a log message when communication with IoT Hub or Edge Hub fails for easier debugging of Internet connectivity issues.

Security Patch for the 2.5.3 docker images

This security update patches all 2.5.3 docker images in ACR and MCR with base images with long time support.

• .NET core 2.2 linux base images were flagged for security vulnerabilities and no updates available

• move to .NET Core 2.1 base images with long time support, so ACR can auto update.

• addressed the following CVE/DSA (list may not be complete):

• DSA4685-1, DLA2290-1, DSA4646-1, DSA4633-1, DSA4666-1, DLA2295-1

• CVE-2020-3810, CVE-2019-5188, CVE-2020-10531, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-12243, CVE-2020-8177

Azure Industrial IoT Release 2.7.199

This is the latest release - version 2.7.199 of the Industrial IoT Platform. It includes the following updates and features compared to 2.7.183:

1. Re-enabled store & forward feature (through EdgeHub) in OPC Publisher orchestrated mode
2. Re-enabled separate OPC Publisher DataSetWriters for separate publishing jobs
3. Made sure OPC Publisher DataSetWriter IDs are unique for each job
4. Changed core retry logic to stop also for repeated ITransientExceptions
5. Re-enabled container host bind mounts for OPC Publisher certificate store
6. Added specific EdgeHub routes for OPC Publisher, OPC Twin and Discovery to enable 3rd party IoT Edge modules
7. Updated to latest nanoserver AMD64 Windows container images to fix a security issue
8. Updated to latest IoT Edge image (1.0.9.4) to fix a security issue
9. Convert OPC Publisher heartbeat exceptions from debug to info level
10. Changed HTTP client class to throw HttpRequestException on timeout
11. Added several unit tests

Azure Industrial IoT Release 2.7.183

This is the latest release - version 2.7.183 of the Industrial IoT Platform. It includes the following updates and features compared to 2.7.182:

• Publisher module updates
  • The environment variable PCS_DEFAULT_PUBLISH_MAX_OUTGRESS_MESSAGES can be set as value between 1 and 25000 (default: 200) and is used for backpressure handling. The value defines the maximum number of messages within outgoing queue, when this number is reached no new incoming messages will be handled, instead they will be dropped.
    • One incoming message can lead to one or multiple outgress messages, based on the configuration (e.g. OPC UA nodes subscribed, frequency of value change, amount of OPC subscriptions, etc.). Therefore, the current value of messages in outgress queue may be higher than configured limit.
    • One outgoing message can have up to 256 KB payload. With the default value (200) approximate 50MB memory will be used for outgoing message queue. When the publisher works with high throughput and/or inconsistent load we recommend increasing the number to at least 4000 (1GB) or 8000 (2GB).
    • OPC Publisher diagnostic information logs how many incoming messages were dropped. (see # Outgress input buffer dropped)
    • The environment variables must be set on the Publisher container Pod to affect the settings in all job configurations from this point on that are performed using the Publisher REST API. (iot/opc-publisher-service).

This parameters can be added to an existing values.yaml file of the Helm chart as follows:

Azure Industrial IoT Release 2.7.182

This is the latest release - version 2.7.182 of the Industrial IoT Platform. It includes the following updates and features compared to 2.7:

• Publisher module updates
  • The following environment variables can be set to configure the batch trigger interval and batch size.
    • The environment variable PCS_DEFAULT_PUBLISH_JOB_BATCH_INTERVAL can be set as milliseconds from 100 to 3,600,000 ms. Other values (e.g. <= 0) will result in the default value of 10,000 ms (10 seconds).
    • The environment variable PCS_DEFAULT_PUBLISH_JOB_BATCH_SIZE can be set as a value between 2 and 1000. Every other value will result in the default of 50 subscription notifications per batch being set.
    • The environment variables must be set on the Publisher container Pod to affect the settings in all job configurations from this point on that are performed using the Publisher REST API. (iot/opc-publisher-service). The change is in the PublisherJobService Adapter, which adapts from 2.7 REST API to internal Publisher configuration API.
  • Bugfix regarding batch interval

These parameters can be added to an existing values.yaml file of the Helm chart as follows:

Azure Industrial IoT Release 2.7

This is the latest release - version 2.7 of the Industrial IoT Platform. It includes the following updates and features compared to 2.6:

• API changes
  • Twin change events for all registry entities in API
  • Added the read status and timestamps in addition to value for all nodes in browse response
  • Added a “nodeclass” browse filter to the browse API
  • Do not upload certificates during discovery, store real certificate thumbprint in registry
  • BREAKING: full certificate blob removed from endpoint info models (due to size) and replaced by thumbprint.
  • New x509 certificate API to pull entire certificate chain from endpoint.
  • New chain validation API to annotate downloaded certificates with more information.
  • New Bulk publish and unpublish configuration API as well as integration test for it.
  • Support for x-msgpack serialization in addition to JSON for all APIs
• Support interactive auth in CLI using msal as well as login via Azure CLI or Visual Studio
• Updates to Services
  • Single SignalR endpoint instead of multiple across all services - SignalR service is now optional.
  • Remove non-essential services and consolidate all IoTHub related "daemons" into a single one.
  • New Activation sync agent as safety net to re-synchronize activation state between supervisor and endpoints if needed.
  • Add onboarding processor back to increase edge event (discovery progress and twin changes) throughput.
  • Use DataLake SDK for CDM storage including access via Account Key instead of principal
  • All services use Asp.net core Hosts now
• Modules now also report metrics through metrics collector at edge into azure monitor.
• Publisher module updates
  • Publisher module now supports heartbeat setting again
  • Publisher module also gained back batch messaging support (batch interval as well as batch size configurable)
  • Legacy mode (publishednodes.json driven) compatibility fixes
  • New publisher standalone arguments to for load testing
  • Sequence numbers added to messages
  • Optimization of the publisher sessions/subscriptions/monitoring items handling
• OPC UA updates across both publisher and opc twin modules
  • Windows hosted edge modules now use Directory certificate store by default for their OPC UA Application instance certificate allowing easier persistence of certificates across container restarts
  • Add gateway's device id or hostname to generated OPC client certificates instead of container's hostname as well as alternative aliases
  • Edge modules will automatically renew invalid / expired OPC UA Application Instance certificate
  • Using Microsoft forked and signed build of OPC UA stack nugets
• Updated engineering tool
  • Implement paging using continuation token
  • Show updates to entities as they are changed
  • New published node list per endpoint.
  • Enable crash tracing through browser developer console by default.
  • More configuration options for all modules
  • Icons and UI beautification
  • Refactoring navigation menu and auth
  • Implement ad-hoc discovery across all edges.
• Updates related to deployment
  • Break ARM template into required (Minimum) and optional (standard)
  • Increased retention period (2 days) and number of partitions (4) of both Event Hubs.
  • Out of the box dashboard / workbook deployment to monitor operations.
  • IAI: Removing proxy service running in App Service.
  • IAI: Added jumpbox for AKS.
  • IAI: Enabled incoming traffic on port 80 in NSG.
  • IAI: Upgraded AKS Kubernetes version to 1.16.9.
  • IAI: Pushing IIoTEnvironment to KeyVault.
  • Upgraded deployed Storage Accounts to Gen2.
  • Helm: Changed deployments to use envFrom for env var injection.
  • Helm: Added value for Prometheus metrics scraping.
  • Helm: Ability to omit most of Azure parameters if they should be loaded from Key Vault.
  • Split simulation from platform ARM template and add new simulation “type” to deploy.ps1
  • Support non-layered (unmanaged) edge deployments so that you can deploy your own modules using deployment.json and still participate in platform.
• Updated documentation
• Updated package dependencies to latest to fix several CVE
• ... and numerous fixes across the entire platform (including #554 #551 #474 #455 #438 #437 #430 #416 #400 #388 #380 #377 #370 #334).

azure-industrial-iot Helm chart 0.3.1

This is release of 0.3.1 version of azure-industrial-iot Helm chart which deploys 2.7.170 version of Azure Industrial IoT components.

Release Notes

• Exposing Prometheus endpoints for non-api services (#597)

azure-industrial-iot Helm chart 0.3.0

This is release of 0.3.0 version of azure-industrial-iot Helm chart which deploys 2.7.105 RC version of Azure Industrial IoT components.

Release Notes

• Helm: Updated chart to deploy 2.7.105 RC version of Azure Industrial IoT components.
• Helm: Changed deployments to use envFrom for injection of configuration environment variables.
• Helm: Added configuration to enable scraping of Prometheus metrics, defaults to true.
• Helm: Added ability to omit most of Azure parameters if they should be loaded from Azure Key Vault.