From f1e92b713035c4134d77640be1758e1480e3aabd Mon Sep 17 00:00:00 2001 From: nidhi251289 Date: Mon, 18 May 2026 17:08:16 +0200 Subject: [PATCH 1/9] Stackit changes --- .../private-cloud-cluster/_index.md | 1 + .../private-cloud-registry.md | 14 +++++ .../private-cloud-storage-plans.md | 62 +++++++++++++++++++ .../private-cloud-supported-environments.md | 13 ++++ 4 files changed, 90 insertions(+) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md index 855f60a830e..9ff44ee2894 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md @@ -26,6 +26,7 @@ To create a cluster in your OpenShift context, you need the following: * A supported Kubernetes platform; for more information, see [Supported Versions](/developerportal/deploy/private-cloud-supported-environments/#supported-versions) * An administration account for your OpenShift or Kubernetes platform * **OpenShift CLI** installed (see [Getting started with the CLI](https://docs.openshift.com/container-platform/4.1/cli_reference/getting-started-cli.html) on the Red Hat OpenShift website for more information) if you are creating clusters on OpenShift +* **Stackit CLI** installed (see [Getting started with the CLI](https://github.com/stackitcloud/stackit-cli/blob/main/INSTALLATION.md) on the Stackit website for more information) if you are creating clusters on Stackit. * **Kubectl** installed if you are deploying to another Kubernetes platform (see [Install and Set Up kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on the Kubernetes webside for more information) * A command line terminal that supports the console API and mouse interactions. In Windows, this could be PowerShell or the Windows Command Prompt. See [Terminal limitations](#terminal-limitations), below, for a more detailed explanation. diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md index 16308b23ec4..cdfb8cefd02 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md @@ -25,6 +25,7 @@ Some examples of such container registries are: * Docker Hub * Azure ACR [admin account](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#admin-account) * Self-hosted registries such as [Sonartype Nexus](https://www.sonatype.com/products/nexus-repository) +* Stackit container registry However, static credentials are often considered insecure, and cloud providers offer alternative authentication methods based on short-lived tokens. For example, pushing an image to ECR requires getting a short-lived token from the AWS API. For more details about specific container registries, see the [Configuring the Registry](#configure-registry) section. @@ -279,6 +280,19 @@ To access quay.io, you will need to create a robot account, and give this accoun Check your image registry documentation to see if repositories can be created automatically (on push) or need to be pre-created. Some registries impose limitations on repository names, for example the repository path cannot have more than three parts. +**Stackit container registry** + +| Field | Value | +| ------------------- | -----------------------------------------------------------------------------------------------| +| Push URL | registry.onstackit.cloud | +| Pull URL | registry.onstackit.cloud | +| Registry name | `/`, where `` is the registry created in stackit | +| With authentication | enabled | +| User | Username for the registry robot account | +| Password | Token (password) for the robot account | + +Before pushing images to container registry, you will need to create the repository first. + ### Existing Docker Registry Secret If you already have a existing `~/.docker/config.json` file, you can use it directly by choosing the `docker-secret` option. diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md index 054820bcff2..39a7907e7a6 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md @@ -215,6 +215,12 @@ If you would like to have more control over database configuration, consider usi If your provider is AWS, [Postgres IAM authentication](#database-postgres-iam) can be used instead to increase security. If your provider is Azure, [Postgres managed identity authentication](#database-postgres-azwi) can be used instead to increase security. +{{% alert color="info" %}} +The Mendix on-demand PostgreSQL provisioner cannot be used directly. STACKIT PostgreSQL Flex does not expose the CREATEROLE privilege, which is necessary for Mendix to automatically create database users via SQL commands. In order to facilitate the use of Postgres, switch to [JDBC plan](#database-jdbc) and create a dedicated database user for the new Mendix environment using the STACKIT CLI or API. +{{% /alert %}} + + + ##### Prerequisites * A Postgres server - for example, an RDS instance, or a Postgres server installed from a Helm chart @@ -764,6 +770,10 @@ Azure workload identities allow a Kubernetes Service Account to authenticate its JDBC databases are dedicated, basic databases. The **Dedicated JDBC** plan enables you to enter the [database configuration parameters](/refguide/custom-settings/) for an existing database directly, as supported by the Mendix Runtime. This plan allows to configure and use any database supported by the Mendix Runtime, including Oracle. +{{% alert color="info" %}} +In order to use **STACKIT PostgreSQL Flex** db, use the JDBC plan and provide the connection details as per the STACKIT documentation. Use the STACKIT CLI or API to create a dedicated database user for the new Mendix environment. +{{% /alert %}} + #### Prerequisites * A database server, for example Postgres or Oracle. @@ -1884,6 +1894,58 @@ In the Ceph plan configuration, enter the following details: * **Access Key** and **Secret Key** - Credentials to access the bucket. * **Type** - Specifies if the container can be shared between environments (create an on-demand storage plan); or that the container can only be used by one environment (create a dedicated storage plan). To increase security and prevent environments from being able to access each other's data, select **Dedicated**. +### STACKIT Object Storage {#stackit-object-storage} + +This basic, dedicated option allows to attach an existing S3-compatible bucket and credentials (access and secret keys) to one or more environments. +All apps (environments) will use the same bucket and credentials (access and secret keys). However, with this approach, environments share a common storage namespace, which can lead to potential data isolation issues and increased security risks if not managed carefully. +Another option is to use a dedicated object storage bucket for each environment. + +#### Prerequisites + +* A Ceph or S3-compatible bucket. +* An Access and Secret key with permissions to access the bucket. + +#### Limitations + +* Access/Secret keys used by existing environments can only be rotated manually. +* No isolation between environments using the storage plan if using same bucket for all environments +* Configuration parameters will not be validated and will be provided to the Mendix app as-is. If the arguments are not valid or there is an issue with permissions, the Mendix Runtime will fail to start the and deployment will appear to hang with **Replicas running** and **Runtime** showing a spinner. + +#### Environment Isolation + +* The Ceph or S3-compatible bucket and credentials (access and secret keys) are shared between all environments using this plan. +* An environment can access data from other environments using this Storage Plan. +* By creating dedicated bucket for all the environment, isolation between the environment can be achieved. + +#### Create Workflow + +When a new environment is created, the Mendix Operator performs the following actions: + +* Generate a unique prefix based on the environment's name, so that each environment stores files in a separate prefix (directory). +* Create a Kubernetes secret to provide connection details to the new app environment - to automatically configure the new environment. + +#### Delete Workflow + +When an existing environment is deleted, the Mendix Operator performs the following actions: + +* Delete that environment's Kubernetes blob file storage credentials secret. + +#### Configuring the Plan + +In the Ceph plan configuration, enter the following details: + +* **Endpoint** - The Ceph bucket's endpoint address, for example `https://ceph-instance.local:9000/`. +* **Access Key** and **Secret Key** - Credentials to access the bucket. +* **Type** - Specifies if the container can be shared between environments (create an on-demand storage plan); or that the container can only be used by one environment (create a dedicated storage plan). To increase security and prevent environments from being able to access each other's data, select **Dedicated**. + +* **IRSA Authentication** - Set to **no**. +* **Create bucket per environment** - Set to **No**. +* **Create account (IAM user) per environment** - Set to **No**. +* **Endpoint** - The S3 bucket's endpoint address. +* **Access Key** and **Secret Key** - The credentials for the environment user account. +* **Autogenerate prefix** - Leave it empty +* **Share bucket between environments** - Specifies if the bucket can be shared between environments (create an on-demand storage plan); Enable this option and the bucket will be shared between multiple environments. + ## Walkthroughs This section provides instructions how to set up storage for the most typical use cases. diff --git a/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md b/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md index f4310608221..ed91932154d 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md @@ -27,6 +27,7 @@ If you want to deploy your app to Amazon EKS, consider using the Mendix for Amaz * [minikube](https://minikube.sigs.k8s.io/docs/) * [Google Cloud Platform](https://cloud.google.com/) * [Google Kubernetes Engine- Autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview). For more information, see [Mendix on Kubernetes Cluster: GKE Autopilot Workarounds](/developerportal/deploy/private-cloud-cluster/#gke-autopilot-workarounds) +* [Stackit Kubernetes Engine](https://stackit.com/en/products/runtime/stackit-kubernetes-engine) {{% alert color="warning" %}} If deploying to Red Hat OpenShift, you need to specify that specifically when creating your deployment. All other cluster types use generic Kubernetes operations. @@ -160,6 +161,10 @@ Mendix Operator supports registry authentication with [workload identity](https: When used together with an [Azure Kubernetes Service](https://azure.microsoft.com/en-us/products/kubernetes-service), Mendix Operator can use [managed identity authentication](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication-managed-identity) assigned to the Mendix Operator's Kubernetes service account. +### Stackit Container Registry + +[Stackit Container Registry](https://docs.stackit.cloud/products/developer-platform/container-registry/) is a cloud-native registry that enables you to store, manage and deploy container images securely and efficiently within the STACKIT Cloud. With this tool, you can easily manage the entire lifecycle of your container images (if static credential authentication is used). + ## Databases{#databases} The following databases are supported, and provide the features listed. @@ -208,6 +213,7 @@ The following managed PostgreSQL databases are supported: * [Azure Database for PostgreSQL](https://azure.microsoft.com/en-us/services/postgresql/). * [Google Cloud SQL for PostgreSQL](https://cloud.google.com/sql/docs/postgres). * [Amazon RDS Aurora for PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.AuroraPostgreSQL.html) +* [Stackit Postgres Flex](https://stackit.com/en/products/database/stackit-postgresql-flex) Amazon PostgreSQL instances require additional firewall configuration to allow connections from the Kubernetes cluster. @@ -243,6 +249,10 @@ The Mendix Operator allows you to specify custom Certificate Authorities to trus Strict TLS mode should only be used with apps created in Mendix 8.15.2 (or later versions), earlier Mendix versions will fail to start when validating the TLS certificate. {{% /alert %}} +{{% alert color="info" %}} +The Mendix on-demand PostgreSQL provisioner cannot be used directly. STACKIT PostgreSQL Flex does not expose the CREATEROLE privilege, which is necessary for Mendix to automatically create database users via SQL commands. Hence, a databaser user needs to be created per environment before deployment. +{{% /alert %}} + ### Microsoft SQL Server This refers to a SQL Server database which is automatically provisioned by the Operator. If you are connecting to an existing database, you should use the [Dedicated JDBC database](#jdbc) option described below. @@ -346,6 +356,9 @@ Mendix Operator will need the endpoint, access key, and secret key to access the [Ceph](https://ceph.io/en/) is supported with the S3-compatible interface [Ceph Object Gateway](https://docs.ceph.com/en/mimic/radosgw/). The Mendix Operator will need the endpoint, access key, and secret key to access the storage. Please check the Ceph documentation for information on how to get the credentials. +### STACKIT Object Storage (S3 compatible) +STACKIT's S3-compatible object storage does not implement APIs such as CreateUser, CreatePolicy, CreateBucket. Hence, a bucket needs to be created beforehand which will be shared with multiple environments or seperate buckets can be created per environment. + ## Networking {{% alert color="info" %}} From f62abc6757bc28f2a5184d5060af4145dbdae7c4 Mon Sep 17 00:00:00 2001 From: nidhi251289 Date: Tue, 19 May 2026 09:28:58 +0200 Subject: [PATCH 2/9] command for patching service account added --- .../private-cloud-registry.md | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md index cdfb8cefd02..9176f21fba0 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md @@ -200,12 +200,12 @@ To use Google Artifact registry with the Mendix Operator, perform the following 2. Assign the *Artifact Registry Writer* (`roles/artifactregistry.writer`) role to the GCR Service Account. 3. Allow the Mendix Operator to use the GCR Service Account by running the following command, where `PROJECT_ID` is the Google Cloud project ID, `K8S_NAMESPACE` is the Kubernetes namespace name where the Operator is installed, `KSA_NAME` is the Kubernetes Service Account name, and `GSA_NAME` is the GCP Service Account name from step 1: - ```shell - gcloud iam service-accounts add-iam-policy-binding \ - --role roles/iam.workloadIdentityUser \ - --member "serviceAccount:PROJECT_ID.svc.id.goog[K8S_NAMESPACE/KSA_NAME]" \ - GSA_NAME@PROJECT_ID.iam.gserviceaccount.com - ``` + ```shell + gcloud iam service-accounts add-iam-policy-binding \ + --role roles/iam.workloadIdentityUser \ + --member "serviceAccount:PROJECT_ID.svc.id.goog[K8S_NAMESPACE/KSA_NAME]" \ + GSA_NAME@PROJECT_ID.iam.gserviceaccount.com + ``` On the Kubernetes side, the Mendix Operator will use a Kubernetes Service Account to authenticate. On the GCP side, there should be a matching GCP Service Account. For simplicity, Mendix recommends using the `mendix-builder` for the service account name, on both GCP and Kubernetes sides. For more details, see the Google documentation on [using workload identities](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to). @@ -293,6 +293,14 @@ Some registries impose limitations on repository names, for example the reposito Before pushing images to container registry, you will need to create the repository first. +In order to fetch the container images from container registry, make sure to patch the default service accounts with the registry credentials. + +Example: + + ```shell + kubectl patch serviceaccount default -n -p '{"imagePullSecrets": [{"name": ""}]}' + ``` + ### Existing Docker Registry Secret If you already have a existing `~/.docker/config.json` file, you can use it directly by choosing the `docker-secret` option. From f79ef9945546d1e802081c754cfb6adc249394c1 Mon Sep 17 00:00:00 2001 From: katarzyna-koltun-mx <108737161+katarzyna-koltun-mx@users.noreply.github.com> Date: Wed, 20 May 2026 10:09:12 +0200 Subject: [PATCH 3/9] Update _index.md --- .../deployment/private-cloud/private-cloud-cluster/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md index 9ff44ee2894..580a5137e2c 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md @@ -26,7 +26,7 @@ To create a cluster in your OpenShift context, you need the following: * A supported Kubernetes platform; for more information, see [Supported Versions](/developerportal/deploy/private-cloud-supported-environments/#supported-versions) * An administration account for your OpenShift or Kubernetes platform * **OpenShift CLI** installed (see [Getting started with the CLI](https://docs.openshift.com/container-platform/4.1/cli_reference/getting-started-cli.html) on the Red Hat OpenShift website for more information) if you are creating clusters on OpenShift -* **Stackit CLI** installed (see [Getting started with the CLI](https://github.com/stackitcloud/stackit-cli/blob/main/INSTALLATION.md) on the Stackit website for more information) if you are creating clusters on Stackit. +* **Stackit CLI** [installed](https://github.com/stackitcloud/stackit-cli/blob/main/INSTALLATION.md) if you are creating clusters on Stackit * **Kubectl** installed if you are deploying to another Kubernetes platform (see [Install and Set Up kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on the Kubernetes webside for more information) * A command line terminal that supports the console API and mouse interactions. In Windows, this could be PowerShell or the Windows Command Prompt. See [Terminal limitations](#terminal-limitations), below, for a more detailed explanation. From b2ac84894a0b3e8067928ac621e9880371995bd5 Mon Sep 17 00:00:00 2001 From: katarzyna-koltun-mx <108737161+katarzyna-koltun-mx@users.noreply.github.com> Date: Wed, 20 May 2026 10:10:28 +0200 Subject: [PATCH 4/9] Update private-cloud-registry.md --- .../private-cloud-cluster/private-cloud-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md index 9176f21fba0..c3244b1e83d 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md @@ -291,7 +291,7 @@ Some registries impose limitations on repository names, for example the reposito | User | Username for the registry robot account | | Password | Token (password) for the robot account | -Before pushing images to container registry, you will need to create the repository first. +Before pushing images to container registry, you must first create the repository. In order to fetch the container images from container registry, make sure to patch the default service accounts with the registry credentials. From e9c055d45ee6fd6d1636923e7efbbb983933e1a9 Mon Sep 17 00:00:00 2001 From: katarzyna-koltun-mx <108737161+katarzyna-koltun-mx@users.noreply.github.com> Date: Wed, 20 May 2026 10:11:29 +0200 Subject: [PATCH 5/9] Correct casing for STACKIT container registry --- .../private-cloud-cluster/private-cloud-registry.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md index c3244b1e83d..3922728eda1 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-registry.md @@ -25,7 +25,7 @@ Some examples of such container registries are: * Docker Hub * Azure ACR [admin account](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#admin-account) * Self-hosted registries such as [Sonartype Nexus](https://www.sonatype.com/products/nexus-repository) -* Stackit container registry +* STACKIT container registry However, static credentials are often considered insecure, and cloud providers offer alternative authentication methods based on short-lived tokens. For example, pushing an image to ECR requires getting a short-lived token from the AWS API. For more details about specific container registries, see the [Configuring the Registry](#configure-registry) section. @@ -280,7 +280,7 @@ To access quay.io, you will need to create a robot account, and give this accoun Check your image registry documentation to see if repositories can be created automatically (on push) or need to be pre-created. Some registries impose limitations on repository names, for example the repository path cannot have more than three parts. -**Stackit container registry** +**STACKIT container registry** | Field | Value | | ------------------- | -----------------------------------------------------------------------------------------------| From fc99974d1189d216ef4e4348173061762f365672 Mon Sep 17 00:00:00 2001 From: katarzyna-koltun-mx <108737161+katarzyna-koltun-mx@users.noreply.github.com> Date: Wed, 20 May 2026 10:12:19 +0200 Subject: [PATCH 6/9] Update _index.md --- .../deployment/private-cloud/private-cloud-cluster/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md index 580a5137e2c..4eb4dbd4e12 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/_index.md @@ -26,7 +26,7 @@ To create a cluster in your OpenShift context, you need the following: * A supported Kubernetes platform; for more information, see [Supported Versions](/developerportal/deploy/private-cloud-supported-environments/#supported-versions) * An administration account for your OpenShift or Kubernetes platform * **OpenShift CLI** installed (see [Getting started with the CLI](https://docs.openshift.com/container-platform/4.1/cli_reference/getting-started-cli.html) on the Red Hat OpenShift website for more information) if you are creating clusters on OpenShift -* **Stackit CLI** [installed](https://github.com/stackitcloud/stackit-cli/blob/main/INSTALLATION.md) if you are creating clusters on Stackit +* **STACKIT CLI** [installed](https://github.com/stackitcloud/stackit-cli/blob/main/INSTALLATION.md) if you are creating clusters on STACKIT * **Kubectl** installed if you are deploying to another Kubernetes platform (see [Install and Set Up kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on the Kubernetes webside for more information) * A command line terminal that supports the console API and mouse interactions. In Windows, this could be PowerShell or the Windows Command Prompt. See [Terminal limitations](#terminal-limitations), below, for a more detailed explanation. From 439b709eff14493db46a9a11ef2678d8b1420c8f Mon Sep 17 00:00:00 2001 From: katarzyna-koltun-mx <108737161+katarzyna-koltun-mx@users.noreply.github.com> Date: Wed, 20 May 2026 10:16:17 +0200 Subject: [PATCH 7/9] Update private-cloud-storage-plans.md --- .../private-cloud-cluster/private-cloud-storage-plans.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md index 39a7907e7a6..5b2ff567ac7 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-cluster/private-cloud-storage-plans.md @@ -216,7 +216,7 @@ If your provider is AWS, [Postgres IAM authentication](#database-postgres-iam) c If your provider is Azure, [Postgres managed identity authentication](#database-postgres-azwi) can be used instead to increase security. {{% alert color="info" %}} -The Mendix on-demand PostgreSQL provisioner cannot be used directly. STACKIT PostgreSQL Flex does not expose the CREATEROLE privilege, which is necessary for Mendix to automatically create database users via SQL commands. In order to facilitate the use of Postgres, switch to [JDBC plan](#database-jdbc) and create a dedicated database user for the new Mendix environment using the STACKIT CLI or API. +The Mendix on-demand PostgreSQL provisioner cannot be used directly. STACKIT PostgreSQL Flex does not expose the `CREATEROLE` privilege, which is necessary for Mendix to automatically create database users with SQL commands. In order to facilitate the use of Postgres, switch to [JDBC plan](#database-jdbc) and create a dedicated database user for the new Mendix environment using the STACKIT CLI or API. {{% /alert %}} From ebd15728b426fe491abd5be04c511bd49e177239 Mon Sep 17 00:00:00 2001 From: katarzyna-koltun-mx <108737161+katarzyna-koltun-mx@users.noreply.github.com> Date: Wed, 20 May 2026 10:17:20 +0200 Subject: [PATCH 8/9] Update private-cloud-supported-environments.md --- .../private-cloud/private-cloud-supported-environments.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md b/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md index ed91932154d..56307afdf47 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md @@ -27,7 +27,7 @@ If you want to deploy your app to Amazon EKS, consider using the Mendix for Amaz * [minikube](https://minikube.sigs.k8s.io/docs/) * [Google Cloud Platform](https://cloud.google.com/) * [Google Kubernetes Engine- Autopilot](https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview). For more information, see [Mendix on Kubernetes Cluster: GKE Autopilot Workarounds](/developerportal/deploy/private-cloud-cluster/#gke-autopilot-workarounds) -* [Stackit Kubernetes Engine](https://stackit.com/en/products/runtime/stackit-kubernetes-engine) +* [STACKIT Kubernetes Engine](https://stackit.com/en/products/runtime/stackit-kubernetes-engine) {{% alert color="warning" %}} If deploying to Red Hat OpenShift, you need to specify that specifically when creating your deployment. All other cluster types use generic Kubernetes operations. @@ -161,9 +161,9 @@ Mendix Operator supports registry authentication with [workload identity](https: When used together with an [Azure Kubernetes Service](https://azure.microsoft.com/en-us/products/kubernetes-service), Mendix Operator can use [managed identity authentication](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication-managed-identity) assigned to the Mendix Operator's Kubernetes service account. -### Stackit Container Registry +### STACKIT Container Registry -[Stackit Container Registry](https://docs.stackit.cloud/products/developer-platform/container-registry/) is a cloud-native registry that enables you to store, manage and deploy container images securely and efficiently within the STACKIT Cloud. With this tool, you can easily manage the entire lifecycle of your container images (if static credential authentication is used). +[STACKIT Container Registry](https://docs.stackit.cloud/products/developer-platform/container-registry/) is a cloud-native registry that enables you to store, manage and deploy container images securely and efficiently within the STACKIT Cloud. With this tool, you can easily manage the entire lifecycle of your container images (if static credential authentication is used). ## Databases{#databases} From 329cdf3c5d084edbc4afa034e0c3e0e90bbfbd8c Mon Sep 17 00:00:00 2001 From: katarzyna-koltun-mx <108737161+katarzyna-koltun-mx@users.noreply.github.com> Date: Wed, 20 May 2026 10:19:03 +0200 Subject: [PATCH 9/9] Update private-cloud-supported-environments.md --- .../private-cloud/private-cloud-supported-environments.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md b/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md index 56307afdf47..f2cd2b17299 100644 --- a/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md +++ b/content/en/docs/deployment/private-cloud/private-cloud-supported-environments.md @@ -357,7 +357,8 @@ Mendix Operator will need the endpoint, access key, and secret key to access the [Ceph](https://ceph.io/en/) is supported with the S3-compatible interface [Ceph Object Gateway](https://docs.ceph.com/en/mimic/radosgw/). The Mendix Operator will need the endpoint, access key, and secret key to access the storage. Please check the Ceph documentation for information on how to get the credentials. ### STACKIT Object Storage (S3 compatible) -STACKIT's S3-compatible object storage does not implement APIs such as CreateUser, CreatePolicy, CreateBucket. Hence, a bucket needs to be created beforehand which will be shared with multiple environments or seperate buckets can be created per environment. + +STACKIT's S3-compatible object storage does not implement APIs such as `CreateUser`, `CreatePolicy`, or `CreateBucket`. Because of that, you must first create a bucket which will be shared with your environments. You can also create separate buckets for each environment. ## Networking