Merge pull request #10408 from mxashokkhedkar/portuns_release__2_23_0

Added changes for private cloud portal release 2.23.0

Author: katarzyna-koltun-mx

content/en/docs/deployment/mx-azure/configuration/_index.md

@@ -41,6 +41,28 @@ For more information, see [Configuring Ingress and Egress](/developerportal/depl
 | AKS Maximum Node Count | The number of available cluster nodes will be increased and decreased automatically based on the combined capacity requirement of all deployed Mendix apps. This setting controls the upper limit to the number of available nodes in order to avoid cost surprises.    | Yes    |
 | AKS Service Tier    | The [AKS service tier](https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers) determines the service level Microsoft provides on the Mendix on Azure Kubernetes cluster control plane. This does not impact application performance, only Microsoft's SLA. The Free tier is sufficient in most situations. Standard can be considered by organizations that value a financially backed SLA. For information about the associated costs, refer to Microsoft documentation. The Premium tier does not offer any additional value in combination with Mendix on Azure and is not recommended. | Yes |
 
+### Redundancy
+
+| Advanced Option | Description | Editable after Initial Creation |
+| --- | --- | --- |
+| Application Layer Redundancy | Defines Azure Availability Zones for AKS node pools to enhance resilience by distributing nodes across zones. | Yes |
+| Database Layer Redundancy | Configures high availability (HA) for the PostgreSQL database by setting the Azure Availability Zone for the standby replica. **HA Modes**: **SameZone** (Primary and standby in the same zone, protects against instance failure); **ZoneRedundant** (Primary and standby in different zones protects against zone-wide failures). | Yes |
+| Storage Layer Redundancy | Defines the data replication strategy for the application's storage account to ensure durability and availability. **Options**: **LRS** (Locally Redundant Storage, 3 copies in one datacenter in the same region); **ZRS** (Zone-Redundant Storage, 3 copies across 3 availability zones in the same region); **GRS** (Geo-Redundant Storage, 3 LRS copies in the primary region and 3 asynchronous copies in the paired secondary region);  **RA-GRS** (Read-Access Geo-Redundant Storage, GRS with read access to the secondary region); **GZRS** (Geo-Zone-Redundant Storage, ZRS in the primary region and 3 asynchronous copies in the paired secondary region); **RA-GZRS** (Read-Access Geo-Zone-Redundant Storage, GZRS with read access to the secondary region). **Upgrade Paths (No Recreation)**: - LRS → GRS → RA-GRS - ZRS → GZRS → RA-GZRS | Yes |
+| Backup Storage Redundancy | Specifies the replication strategy for the backup storage account. **Options**: Same as application storage redundancy (LRS, ZRS, GRS, RA-GRS, GZRS, RA-GZRS). | Yes |
+
+#### Restrictions and Limitations when Editing a Cluster
+
+The following restrictions and limitations apply:
+
+* You cannot change the database layer cannot change from Zone Redundant to Same Zone. You must first disable High Availability (HA), and then enable it with Same Zone.
+* You cannot change the database layer to HA and the Postgres Compute tier to Burstable during same edit. You must first upgrade to GP/MO, and then enable HA in the next edit.
+* You can only upgrade the storage layer and backup layer redundancy in the following ways:
+
+    * LRS → GRS → RAGRS
+    * ZRS → GZRS → RAGZRS
+
+{{< figure src="/attachments/deployment/mx-azure/infraredundancy.png" class="no-border" >}}
+
 ### Database Settings
 
 | Advanced Option | Description    | Editable after initial creation |

content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md

@@ -1292,7 +1292,12 @@ You can configure the runtime metrics for the environment in the **Runtime** sec
 
 You can also configure the pod labels for the environment in the **Labels** section. For more information, see [App Pod Labels](#pod-labels).
 
-Starting from Operator 2.20.0 onwards, it is now also possible to set the deployment strategy for an environment. This allows you to update an app with reduced downtime by performing a rolling update. To use this feature, you must enable the **Reduced App Downtime Strategy** option.  For more information, see [Deployment Strategy](/developerportal/deploy/private-cloud-reduced-downtime/)
+Starting from Operator 2.20.0 onwards, you can set the deployment strategy for an environment. This allows you to update an app with reduced downtime by performing a rolling update. To use this feature, you must enable the **Custom Options** under Reduced downtime options.
+
+The deployment strategy now includes the following options under the **Deployment Strategy Options** subheader:
+
+* **Max Surge** - Specifies the maximum number of pods that can be created above the desired number of pods during a rolling update.
+* **Max Unavailable** - Specifies the maximum number of pods that can be unavailable during a rolling update.
 
 {{< figure src="/attachments/deployment/private-cloud/private-cloud-cluster/deploymentStrategy.png" class="no-border" >}}
 

content/en/docs/deployment/private-cloud/private-cloud-deploy.md

@@ -597,7 +597,8 @@ If you change the data type and value in the .mpr file, the changes are visible
 
 ### Network Tab
 
-On the Network tab, you add client certificates (in the PKCS12 format) or certificate authorities (in the PEM format) for outgoing connections. These will be used when your application initiates SSL/TLS connections. This works in the same way as the Network tab for deployments to Mendix Cloud. For more details on these, see the [Network Tab](/developerportal/deploy/environments-details/#network-tab) section of *Environment Details*.
+On the Network tab, you add client certificates (in the PKCS12 format) or certificate authorities (in the PEM format) for outgoing connections. These will be used when your application initiates SSL/TLS connections. This works in the same way as the Network tab for deployments to Mendix Cloud. 
+Starting from Mendix 10.24.1, the Mendix Runtime can set Custom Http Headers natively, without relying on an Ingress controller. For more details on these, see the [Network Tab](/developerportal/deploy/environments-details/#network-tab) section of **Environment Details**.
 
 For security reasons, root CAs can only be enabled in custom [TLS section](/developerportal/deploy/standard-operator/#custom-tls) in mxpc-cli. The root CAs need to be configured before creating an environment. 
 {{< figure src="/attachments/deployment/private-cloud/private-cloud-deploy/network-tab.png" class="no-border" >}}

content/en/docs/releasenotes/deployment/mendix-azure.md

@@ -10,6 +10,16 @@ These release notes cover changes to deployment to [Mendix on Azure](/developerp
 
 For information on the current status of Mendix deployment, see [Mendix Status](https://status.mendix.com/).
 
+### Release date: November 27, 2025
+
+* Operator, Agent, Build, Sidecars, and NGINX logs are now directly accessible within Grafana for monitoring and troubleshooting.
+* We have introduced a new Infrastructure Redundancy configuration option, available during cluster initialization and cluster edit, to enhance resilience and provide clearer control over VM, Storage, and Database redundancy.
+* We have fixed an issue where Terraform apply fails when Read replica is enabled. (Ticket 458)
+
+### Known issues:
+
+* In some scenarios, the initialized cluster may be visible to other users under the same subscription immediately after creation, depending on the logged-in account. We are actively working on a fix for this issue.
+
 ### Release date: November 6, 2025
 
 * We have resolved an issue where the AKS Node VM Size field sometimes appeared empty if the corresponding Microsoft endpoint was unavailable. Now, in such cases, the field will not be available for selection, and the value chosen during the cluster's initialization will be automatically considered.

content/en/docs/releasenotes/deployment/mendix-for-private-cloud.md

@@ -12,6 +12,19 @@ For information on the current status of deployment to Mendix on Kubernetes and
 
 ## 2025
 
+### November 27, 2025
+
+#### Portal Improvements
+
+* We have enhanced the **Apps** section of the **Namespace Overview** page to display the technical contact's name and email address next to each application. This makes it easier to find the technical contact for inquiries or support.
+* We have added deep links for the application URL to the **Environment Overview** page, allowing for quicker, direct navigation to the application page. 
+* We have added **Enhanced Deployment Strategy UI** to the deployment options, featuring new **Min Available** and **Max Unavailable** fields for more precise control over your application's availability.
+* You can now directly configure HTTP headers by using a new key/value UI in the **Network** tab to manage headers like Content-Security-Policy within Mendix Runtime and reduce ingress reliance. This feature supports Mendix 10.24.1 and newer.
+
+#### Known Issues
+
+* Currently, if you adjust your Pod Disruption Budget settings, those modifications will not take effect until our next Operator release (2.25.0).
+
 ### November 7, 2025
 
 #### Portal Hotfix