Merge branch 'master' into feat/spire-docs

Author: tossmilestone

.cspell/terms.txt

@@ -22,4 +22,5 @@ cephclusters
 cephfilesystems
 cephobjectstores
 cephobjectstoreusers
-ghostunnel
+ghostunnel
+lvmdconfig

.gitignore

@@ -1,3 +1,4 @@
+/.vscode
 **/node_modules
 **/dist
 local/*

README.md

@@ -18,6 +18,84 @@ $ yarn install
 
 ## Updating AC CLI Documentation
 
-* `yarn update-ac-manual`: Update the AC CLI documentation in [docs/en/ui/cli_tools/ac/](docs/en/ui/cli_tools/ac/).
+The AC CLI documentation in [docs/en/ui/cli_tools/ac/](docs/en/ui/cli_tools/ac/) is generated from the AC repository and should be updated through the sync script instead of manual edits.
 
-**Important:** Do not manually edit files in [docs/en/ui/cli_tools/ac/](docs/en/ui/cli_tools/ac/) as they are managed by this update command.
+### Prerequisites
+
+* Install project dependencies with `yarn install`
+* Ensure `git` is available on your machine
+* Ensure your account has SSH access to `git@gitlab-ce.alauda.cn:alauda/ac.git`
+
+### Default Update Command
+
+Run the standard update command from the repository root:
+
+```bash
+yarn update-ac-manual
+```
+
+This command runs:
+
+```bash
+node scripts/update-ac-manual.js
+```
+
+When you use `yarn update-ac-manual`, the repository sync pulls the `release-1.0` branch from `git@gitlab-ce.alauda.cn:alauda/ac.git` by default.
+
+### What the Sync Script Does
+
+The update script uses the following locations:
+
+* Source repository: `git@gitlab-ce.alauda.cn:alauda/ac.git`
+* Temporary clone directory: `local/temp-ac-clone`
+* Source manual directory inside the AC repository: `manual/`
+* Target directory in this repository: `docs/en/ui/cli_tools/ac/`
+
+The workflow is:
+
+1. Clone the AC repository into `local/temp-ac-clone`
+2. Read the `manual/` directory from the cloned repository
+3. Remove all existing files under `docs/en/ui/cli_tools/ac/` except `index.mdx`
+4. Copy the files from `manual/` into `docs/en/ui/cli_tools/ac/`
+5. Strip leading numeric prefixes from top-level Markdown filenames such as `01_foo.md`
+6. Remove the temporary clone directory after the sync finishes
+
+### Updating from a Different Branch
+
+If you need to sync from a branch other than `release-1.0`, pass the branch name as an argument:
+
+```bash
+yarn update-ac-manual <branch>
+```
+
+This is equivalent to running the script directly:
+
+```bash
+node scripts/update-ac-manual.js <branch>
+```
+
+Replace `<branch>` with the branch name you want to pull from.
+
+If you run `node scripts/update-ac-manual.js` without a branch argument, the script defaults to `release-1.0`.
+
+### Recommended Verification Steps
+
+After updating the generated files, review and validate the result:
+
+```bash
+git diff -- docs/en/ui/cli_tools/ac
+yarn lint
+yarn build
+```
+
+If the English source changes need to be synchronized to localized content, run:
+
+```bash
+yarn translate
+```
+
+### Notes
+
+* Do not manually edit files in [docs/en/ui/cli_tools/ac/](docs/en/ui/cli_tools/ac/); they are managed by the update script
+* `index.mdx` in [docs/en/ui/cli_tools/ac/](docs/en/ui/cli_tools/ac/) is preserved by the sync process
+* If local preview output changes in the sidebar or navigation, restart `yarn dev`

docs/en/configure/clusters/overview.mdx

@@ -87,3 +87,29 @@ The platform also supports connecting and managing existing Kubernetes clusters,
 | User-provisioned Infrastructure     | User                 | User                         | Platform              | Partial          |
 | Hosted Control Plane (HCP)          | Platform             | Shared nodes (Platform)      | Platform              | Partial          |
 | Connected Cluster (Cloud or CNCF)   | External Provider    | External Provider            | Partial / External    | Minimal          |
+
+<span id="version-compatibility"></span>
+
+## Version Compatibility
+
+When importing or connecting existing clusters, validate the Kubernetes version against the current ACP compatibility policy.
+
+### ACP 4.3 and Later
+
+- ACP 4.3 adds support for Kubernetes 1.34 for platform-managed cluster scenarios.
+- For upgrades to ACP 4.3, workload clusters must remain within the compatible version range 1.34, 1.33, 1.32, and 1.31 before the `global` cluster upgrade.
+- For third-party clusters, ACP 4.3 accepts Kubernetes versions in the range `>=1.19.0 <1.35.0` for management.
+- Product documentation continues to list only the Kubernetes versions that have passed product validation for third-party cluster support and the default Extend baseline.
+- Product validation for the Extend baseline covers the following capability areas:
+  - Installing and using Operators
+  - Installing and using Cluster Plugins
+  - ClickHouse-based logging
+  - VictoriaMetrics-based monitoring
+- This does not mean that all specific Operators or Cluster Plugins are covered by product validation.
+- For specific Operators or Cluster Plugins outside this baseline, refer to the relevant product documentation or contact technical support.
+- For ACP 4.3 and later, workload clusters no longer need to be on the single latest compatible Kubernetes minor release before the `global` cluster upgrade.
+
+### ACP 4.2 and Earlier
+
+- Upgrade workload clusters to the latest documented compatible Kubernetes version before upgrading the `global` cluster.
+- Use the [Kubernetes Support Matrix](../../overview/kubernetes-support-matrix.mdx) as the main reference for the documented version mapping.

docs/en/configure/networking/functions/configure_gatewayapi_gateway.mdx

@@ -49,6 +49,16 @@ In YAML, this setting is configured in the companion `EnvoyProxy` resource at
 The advantage is ease of use and high-availability load balancing capabilities.
 To use LoadBalancer, the cluster must have LoadBalancer support, which can be enabled via [MetalLB](./configure_metallb.mdx#configure_ip_pool).
 
+When using MetalLB, you can specify a static VIP through service annotations. In the Web Console, use the **Service Annotation** field:
+
+```yaml
+metallb.universe.tf/address-pool: ADDRESS_POOL_NAME
+# Or specify a specific IP directly
+metallb.universe.tf/loadBalancerIPs: VIP_IP
+```
+
+For more details, see [How To Specify a VIP When Using MetalLB](../how_to/tasks_for_envoy_gateway.mdx#specify_vip_metallb).
+
 #### NodePort \{#access_gateway_via_nodeport}
 
 The advantage is that it doesn't require any external dependencies.

docs/en/configure/networking/how_to/tasks_for_envoy_gateway.mdx

@@ -151,6 +151,46 @@ spec:
 NodePort can only be within a specific range, typically `30000-32767`. If you want the Gateway listener port and NodePort to be consistent, your listener port must also be within the NodePort range.
 :::
 
+### How To Specify a VIP When Using MetalLB \{#specify_vip_metallb}
+
+When using MetalLB as the LoadBalancer provider, you can specify a static VIP for the Gateway service through service annotations.
+
+```yaml
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyProxy
+metadata:
+  name: demo
+  namespace: demo
+spec:
+  provider:
+    type: Kubernetes
+    kubernetes:
+      envoyService:
+        type: LoadBalancer
+        annotations:                                      # [!code callout]
+          metallb.universe.tf/address-pool: production    # [!code callout]
+          metallb.universe.tf/loadBalancerIPs: VIP_IP   # [!code callout]
+```
+
+<Callouts>
+  1. Add MetalLB annotations in the `envoyService.annotations` field
+  2. Specify the address pool name to allocate IP from
+  3. Or specify a specific IP address (must be within the address pool range)
+</Callouts>
+
+**Available Annotations:**
+
+| Annotation | Description |
+| ---------- | ----------- |
+| `metallb.universe.tf/address-pool` | Select the address pool to allocate IP from |
+| `metallb.universe.tf/loadBalancerIPs` | Specify a specific IP address (supports multiple IPs, comma-separated) |
+
+:::note
+- The specified IP must be within a configured MetalLB address pool
+- Make sure MetalLB is properly installed and configured before specifying VIPs
+- For MetalLB configuration, see [Configure MetalLB](../functions/configure_metallb.mdx#configure_ip_pool)
+:::
+
 ### How To Add Pod Annotations In Envoy Gateway
 
 [Add pod annotation](./configure_endpoint_health_checker.mdx#add_pod_annotation_in_envoy_gateway)
@@ -363,8 +403,8 @@ For applications running inside the cluster, use the service ClusterIP instead o
 If you need to access the LoadBalancer VIP from any cluster node, change `externalTrafficPolicy` to `Cluster`:
 
 ```bash
-kubectl patch envoyproxy $GATEWAY_NAME -n $GATEWAY_NS --type='json' -p='[  
-  {"op": "replace", "path": "/spec/provider/kubernetes/envoyService/externalTrafficPolicy", "value": "Cluster"}  
+kubectl patch envoyproxy $GATEWAY_NAME -n $GATEWAY_NS --type='json' -p='[
+  {"op": "replace", "path": "/spec/provider/kubernetes/envoyService/externalTrafficPolicy", "value": "Cluster"}
 ]'
 ```
 

docs/en/overview/kubernetes-support-matrix.mdx

@@ -12,8 +12,8 @@ This document provides the Kubernetes version support matrix for <Term name="pro
 <Term name="productShort" /> supports multiple Kubernetes versions across different <Term name="productShort" /> releases. Understanding the supported versions is essential for:
 
 - **Creating clusters** – Determine which Kubernetes versions can be used when provisioning new clusters
-- **Upgrading <Term name="productShort" />** – Ensure all workload clusters meet compatibility requirements before upgrading the global cluster
-- **Managing third-party clusters** – Verify that public cloud or CNCF-compliant Kubernetes clusters are within the supported version range
+- **Upgrading <Term name="productShort" />** – Ensure all workload clusters meet the documented compatible-version requirements before upgrading the global cluster
+- **Managing third-party clusters** – Verify that public cloud or CNCF-compliant Kubernetes clusters are within the supported management range
 
 ## Version Support Matrix
 
@@ -28,12 +28,32 @@ This ensures consistency and simplifies the upgrade path for new clusters.
 
 | <Term name="productShort" /> Version | Supported for Cluster Creation | Compatible Versions |
 | --- | --- | --- |
+| <Term name="productShort" /> 4.3 | 1.34 | 1.34, 1.33, 1.32, 1.31 |
 | <Term name="productShort" /> 4.2 | 1.33 | 1.33, 1.32, 1.31, 1.30 |
 | <Term name="productShort" /> 4.1 | 1.32 | 1.32, 1.31, 1.30, 1.29 |
 | <Term name="productShort" /> 4.0 | 1.31, 1.30, 1.29, 1.28 | 1.31, 1.30, 1.29, 1.28 |
 
+## ACP 4.3 Notes
+
+- ACP 4.3 adds support for Kubernetes 1.34 for platform-managed cluster scenarios.
+- For upgrades to ACP 4.3, the workload-cluster compatible versions are 1.34, 1.33, 1.32, and 1.31.
+- This means environments upgrading from ACP 4.0 to ACP 4.3 can keep workload clusters on Kubernetes 1.31 through 1.34 while upgrading the global cluster.
+
+## Third-Party Cluster Management Range
+
+- For third-party clusters, ACP 4.3 accepts Kubernetes versions in the range `>=1.19.0 <1.35.0`.
+- This management range is separate from the Compatible Versions column, which is the authoritative prerequisite for upgrading the ACP global cluster.
+- Product documentation continues to list only the Kubernetes versions that have passed product validation for third-party cluster support and the default Extend baseline.
+- Product validation for the Extend baseline covers the following capability areas:
+  - Installing and using Operators
+  - Installing and using Cluster Plugins
+  - ClickHouse-based logging
+  - VictoriaMetrics-based monitoring
+- This does not mean that all specific Operators or Cluster Plugins are covered by product validation.
+- For specific Operators or Cluster Plugins outside this baseline, refer to the relevant product documentation or contact technical support.
+
 ## Upgrade Requirements
 
-For <Term name="productShort" /> 4.2 and earlier, **all** workload clusters must be upgraded to the **latest** Kubernetes version in the compatible versions list **before** upgrading the <Term name="productShort" /> global cluster.
+For <Term name="productShort" /> 4.3 and later, workload clusters only need to remain within the documented compatible version range before upgrading the <Term name="productShort" /> global cluster. For ACP 4.3, this means Kubernetes 1.31 through 1.34.
 
-In future releases, workload clusters will only need to be within the compatible versions range to upgrade the <Term name="productShort" /> global cluster.
+In <Term name="productShort" /> 4.2 and earlier, **all** workload clusters must be upgraded to the **latest** Kubernetes version in the compatible versions list **before** upgrading the <Term name="productShort" /> global cluster.

docs/en/overview/release_notes.mdx

@@ -5,49 +5,81 @@ title: Release Notes
 
 # Release Notes
 
-## 4.2.0
+## 4.3.0
 
 ### Features and Enhancements
 
-#### Support for Kubernetes 1.33
+#### Support for Kubernetes 1.34
 
-ACP now supports **Kubernetes 1.33**, delivering the latest upstream features, performance improvements, and security enhancements from the Kubernetes community.
+ACP 4.3 adds support for **Kubernetes 1.34** for platform-managed cluster scenarios.
 
-#### ACP CLI (ac)
+For upgrades to ACP 4.3, the workload-cluster compatible versions are 1.34, 1.33, 1.32, and 1.31. This compatible-version requirement determines whether the `global` cluster can be upgraded and is separate from the third-party cluster management range.
 
-The new **ACP CLI (ac)** enables you to develop, build, deploy, and run applications on ACP with a seamless command-line experience.
+For more information, see [Kubernetes Support Matrix](/overview/kubernetes-support-matrix.mdx).
+
+#### CVO-Based Cluster Upgrade Workflow
+
+ACP 4.3 introduces a Cluster Version Operator (CVO)-based upgrade workflow for both `global` and workload clusters.
 
 Key capabilities include:
 
-* **kubectl-compatible commands**
-* **Integrated authentication** with ACP platform environments
-* **Unified session management** across multiple environments
-* **ACP-specific extensions** for platform access and cross-environment workflows
+* Preparing upgrade artifacts and the upgrade controller with `bash upgrade.sh`
+* Running preflight checks before execution
+* Requesting upgrades from the Web Console or by updating `ClusterVersionShadow.spec.desiredUpdate`
+* Inspecting conditions, preflight results, stages, and history from `cvsh.status`
+
+ACP CLI also introduces upgrade-oriented administrator commands such as `ac adm upgrade`, `ac adm upgrade status`, `--to-latest`, `--to`, and `--allow-explicit-upgrade` for requesting and troubleshooting workload cluster upgrades from the current context.
+
+For operational guidance, see [Upgrade](/upgrade/index.mdx).
+
+#### MicroOS-Based Global Clusters on Huawei DCS
+
+ACP 4.3 allows administrators to create the `global` cluster on Huawei DCS with MicroOS-based immutable infrastructure. This extends the immutable operating model from workload clusters to platform installation scenarios on DCS.
+
+For more information, see [About Immutable Infrastructure](/configure/clusters/immutable-infra.mdx).
+
+#### Huawei Cloud Stack Support in Immutable Infrastructure
+
+ACP 4.3 adds Immutable Infrastructure support for Huawei Cloud Stack (HCS). The HCS provider documentation now covers provider overview, installation, cluster creation, node management, cluster upgrades, and provider APIs in the Immutable Infrastructure documentation set.
+
+For more information, see [About Immutable Infrastructure](/configure/clusters/immutable-infra.mdx).
+
+#### VMware vSphere Support in the 4.3 Cycle
+
+ACP 4.3 begins introducing Immutable Infrastructure support for VMware vSphere. The provider work is now tracked in the Immutable Infrastructure documentation set, while the public installation details and finalized plugin naming are still being published.
+
+For more information, see [About Immutable Infrastructure](/configure/clusters/immutable-infra.mdx).
+
+#### New Web Console Preview Entry
+
+ACP Core now provides the top-navigation anchor required by the next-generation Web Console experience. When Alauda Container Platform Web Console Base is installed on the `global` cluster, users in the **Container Platform** and **Administrator** views can open the new console through a **Preview Next-Gen Console** entry in a separate browser tab.
+
+The experience is designed for gradual migration and works with the Web Console Base plugin on the global cluster and the Web Console Collector plugin on workload clusters.
+
+#### Containerd 2.0 Baseline
 
-For full feature details, see:
-[ACP CLI (ac)](/ui/cli_tools/ac/index.mdx)
+ACP 4.3 upgrades the platform runtime baseline to containerd 2.0. Review runtime-dependent operational procedures before upgrading environments that rely on customized containerd configuration.
 
-#### Hosted Control Plane (HCP)
+#### Expanded Third-Party Cluster Management Range
 
-**Released:**
+For third-party clusters, ACP 4.3 now accepts Kubernetes versions in the range `>=1.19.0 <1.35.0`.
 
-* **Alauda Container Platform Kubeadm Provider**
-* **Alauda Container Platform Hosted Control Plane**
-* **Alauda Container Platform SSH Infrastructure Provider**
+This management range is separate from the compatible Kubernetes versions used to determine whether the `global` cluster can be upgraded.
 
-**Lifecycle:** *Agnostic* (released asynchronously with ACP)
+Product documentation continues to publish only the Kubernetes versions that have passed product validation for third-party cluster support and the default Extend baseline.
 
-Hosted Control Plane decouples the control plane from worker nodes by hosting each cluster's control plane as containerized components within a management cluster. This architecture reduces resource usage, speeds up cluster creation and upgrades, and provides improved scalability for large multi-cluster environments.
+Product validation for the Extend baseline covers the following capability areas:
 
-For more information, see:
-[About Hosted Control Plane](/configure/clusters/about-hcp.mdx)
+* Installing and using Operators
+* Installing and using Cluster Plugins
+* ClickHouse-based logging
+* VictoriaMetrics-based monitoring
 
-### Deprecated and Removed Features
+This does not mean that all specific Operators or Cluster Plugins are covered by product validation.
 
-#### Kubernetes Version Upgrade Policy Update
+For specific Operators or Cluster Plugins outside this baseline, refer to the relevant product documentation or contact technical support.
 
-Starting from **ACP 4.2**, upgrading the Kubernetes version is **no longer optional**. When performing a cluster upgrade, the Kubernetes version must be upgraded together with other platform components.
-This change ensures version consistency across the cluster and reduces future maintenance windows.
+For more information, see [Kubernetes Support Matrix](/overview/kubernetes-support-matrix.mdx) and [Import Standard Kubernetes Cluster](/configure/clusters/managed/import/standard-kubernetes.mdx).
 
 ### Fixed Issues