Skip to content

add Private Operator Upgrade Policy #894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Jul 2, 2025
Merged

add Private Operator Upgrade Policy #894

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
9ced758
add Private Operator Upgrade Policy
genwhittTTD Jun 25, 2025
c4fc8a3
Merge branch 'main' into gwh-APIDOCS-3273-uid2-private-operator-upgra…
genwhittTTD Jun 27, 2025
87afd77
updates to operator matrix pages
genwhittTTD Jun 27, 2025
c946784
reconfigure, update
genwhittTTD Jun 27, 2025
fe277b5
refresh JA copy page
genwhittTTD Jun 27, 2025
76e54af
AT edits, partial
genwhittTTD Jul 1, 2025
fbb1334
AT edits more
genwhittTTD Jul 1, 2025
63c49e8
adjust one JP heaading level
genwhittTTD Jul 1, 2025
4ef10ec
move upgrade policy to after versions
genwhittTTD Jul 1, 2025
abf1393
AT additional edit
genwhittTTD Jul 1, 2025
98c35de
update 2025 Q2 release
clarkxuyang Jul 1, 2025
c0fb1bb
update
clarkxuyang Jul 1, 2025
f37f8fe
Merge branch 'main' into gwh-APIDOCS-3273-uid2-private-operator-upgra…
genwhittTTD Jul 2, 2025
28d8831
final mods, remove unused snippet
genwhittTTD Jul 2, 2025
9fbe9e6
minor edit
genwhittTTD Jul 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions docs/guides/integration-options-private-operator.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ hide_table_of_contents: false
---

import Link from '@docusaurus/Link';
import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';

# UID2 Private Operator Integration Overview

Expand Down Expand Up @@ -83,6 +84,14 @@ There are a couple of limitations to Private Operator functionality:
- Private Operators do not currently support <Link href="../ref-info/glossary-uid#gl-client-side">client-side integration</Link>.
- Private Operator updates are released three times per year; Public Operator updates are released on a more frequent cadence.

## Private Operator Deprecation Schedule

For information about supported versions and deprecation dates, see [Private Operator Versions](../ref-info/deprecation-schedule.md#private-operator-versions).

## Private Operator Upgrade Policy

<UpgradePolicy />

## Getting Started

To get started as a Private Operator, follow these steps:
Expand Down
24 changes: 17 additions & 7 deletions docs/guides/operator-guide-aks-enclave.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sidebar_position: 18
---

import Link from '@docusaurus/Link';
import ReleaseMatrix from '../snippets/_private-operator-release-matrix.mdx';
import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';

# UID2 Private Operator for AKS Integration Guide

Expand All @@ -24,6 +24,22 @@ When the attestation is successful, the UID2 Core Service provides seed informat
UID2 Private Operator for AKS is not supported in these areas: Europe, China.
:::

<!-- ## Operator Version

The latest ZIP file is linked in the AKS Download column in the following table.

| AKS Version Name | Version&nbsp;#/Release&nbsp;Notes | AKS Download | Date | Deprecation Date |
| ------- | ------ | ------ | ------ | ------ |
| Q2 2025 | xxx | xxx | xxx | xxx |

:::note
For information about supported versions and deprecation dates, see [Private Operator Versions](../ref-info/deprecation-schedule.md#private-operator-versions).
::: -->

## Private Operator Upgrade Policy

<UpgradePolicy />

## Prerequisites

Before deploying the UID2 Private Operator for AKS, complete these prerequisite steps:
Expand Down Expand Up @@ -104,12 +120,6 @@ To get set up with the installation files, follow these steps:

- `operator.yaml` -->

<!-- ### Operator Version

The latest ZIP file is linked in the AKS Download column in the following table.

<ReleaseMatrix /> -->

### Prepare Environment Variables

Run the following commands to prepare environment variables that you'll use later. Choose variable names to suit your needs.
Expand Down
28 changes: 18 additions & 10 deletions docs/guides/operator-guide-aws-marketplace.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sidebar_position: 17
---

import Link from '@docusaurus/Link';
import ReleaseMatrix from '../snippets/_private-operator-release-matrix.mdx';
import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
import AttestFailure from '../snippets/_private-operator-attest-failure.mdx';

# UID2 Private Operator for AWS Integration Guide
Expand All @@ -17,8 +17,6 @@ The UID2 Operator is the API server in the UID2 ecosystem. For details, see [The

For a <Link href="../ref-info/glossary-uid#gl-private-operator">Private Operator</Link> service running in AWS Marketplace, the UID2 Operator solution is enhanced with [AWS Nitro](https://aws.amazon.com/ec2/nitro/) Enclave technology. This is an additional security measure to help protect UID2 information from unauthorized access.

## UID2 Private Operator for AWS

:::note
[UID2 Private Operator for AWS](https://aws.amazon.com/marketplace/pp/prodview-wdbccsarov5la) is a free product. The cost displayed on the product page is an estimated cost for the necessary infrastructure.
:::
Expand All @@ -30,7 +28,23 @@ By subscribing to UID2 Private Operator for AWS, you gain access to the followin
- [CloudFormation](https://aws.amazon.com/cloudformation/) template:<br/>
The template deploys the UID2 Operator AMI.

### Prerequisites
## Operator Version

The latest ZIP file is linked in the Release Notes column in the following table.

| Version Name | Version&nbsp;#/Release&nbsp;Notes | AWS Version | Date |
| ------- | ------ | ------ | ------ |
| Q2 2025 | [v5.55.9](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.55.9-r1) | v5.55.9-r1 | July 1, 2025 |

:::note
For information about supported versions and deprecation dates, see [Private Operator Versions](../ref-info/deprecation-schedule.md#private-operator-versions).
:::

## Private Operator Upgrade Policy

<UpgradePolicy />

## Prerequisites

To subscribe and deploy one or more UID2 Operators on AWS, complete the following steps:

Expand Down Expand Up @@ -162,12 +176,6 @@ To deploy UID2 Operator on AWS Marketplace, complete the following steps:

It takes several minutes for the stack to be created. When you see an Auto Scaling Group (ASG) created, you can select it and check the EC2 instances. By default, there is only one instance to start with.

### Operator Version

The latest ZIP file is linked in the Release Notes column in the following table.

<ReleaseMatrix />

### Stack Details

The following images show the **Specify stack details** page in the Create stack wizard ([deployment](#deployment) step 5). The table that follows provides a parameter value reference.
Expand Down
24 changes: 17 additions & 7 deletions docs/guides/operator-guide-azure-enclave.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sidebar_position: 18
---

import Link from '@docusaurus/Link';
import ReleaseMatrix from '../snippets/_private-operator-release-matrix.mdx';
import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';

# UID2 Private Operator for Azure Integration Guide

Expand All @@ -24,6 +24,22 @@ When the attestation is successful, the UID2 Core Service provides seed informat
UID2 Private Operator for Azure is not supported in these areas: Europe, China.
:::

## Operator Version

The latest ZIP file is linked in the Azure Download column in the following table.

| Version Name | Version Number | Release Notes | Azure Download | Date | Deprecation Date |
| ------- | ------ | ------ | ------ | ------ | ------ |
| Q2 2025 | v5.55.9 | [v5.55.9](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.55.9-r1) | [azure-cc-deployment-files-5.55.9-r1.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.55.9-r1/azure-cc-deployment-files-5.55.9-r1.zip) | July 1, 2025 | July 1, 2026 |

:::note
For information about supported versions and deprecation dates, see [Private Operator Versions](../ref-info/deprecation-schedule.md#private-operator-versions).
:::

## Private Operator Upgrade Policy

<UpgradePolicy />

## Prerequisites

Before deploying the UID2 Private Operator for Azure, complete these prerequisite steps:
Expand Down Expand Up @@ -93,12 +109,6 @@ The first step is to get set up with the deployment files you'll need:
- `operator.json` and `operator.parameters.json`
- `gateway.json` and `gateway.parameters.json`

### Operator Version

The latest ZIP file is linked in the Azure Download column in the following table.

<ReleaseMatrix />

### Create Resource Group

In Azure, run the following command to create a resource group to run the UID2 operator:
Expand Down
28 changes: 19 additions & 9 deletions docs/guides/operator-private-gcp-confidential-space.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ sidebar_position: 18
---

import Link from '@docusaurus/Link';
import ReleaseMatrix from '../snippets/_private-operator-release-matrix.mdx';
import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';

# UID2 Private Operator for GCP Integration Guide

Expand All @@ -26,6 +26,22 @@ When the Docker container for the UID2 Operator Confidential Space starts up, it

When the attestation is successful, the UID2 Core Service provides seed information such as salts and keys to bootstrap the UID2 Operator in the secure Confidential Space container.

## Operator Version

The latest ZIP file is linked in the GCP Download column in the following table.

| Version Name | Version&nbsp;#/Release&nbsp;Notes | GCP Download | Date | Deprecation Date |
| ------- | ------ | ------ | ------ | ------ |
| Q2 2025 | [v5.55.9](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.55.9-r1) | [gcp-oidc-deployment-files-5.55.9-r1.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.55.9-r1/gcp-oidc-deployment-files-5.55.9-r1.zip) | July 1, 2025 | July 1, 2026 |

:::note
For information about supported versions and deprecation dates, see [Private Operator Versions](../ref-info/deprecation-schedule.md#private-operator-versions).
:::

## Private Operator Upgrade Policy

<UpgradePolicy />

## Setup Overview

At a high level, the setup steps are as follows:
Expand Down Expand Up @@ -87,12 +103,6 @@ When UID2 account registration is complete, and you've installed the gcloud CLI,
- Review information about [deployment environments](#deployment-environments).
- Review information about the [deployment options](#deployment-options) available, including the benefits of each, and decide which to use.

### Operator Versions

The latest ZIP file is linked in the GCP Download column in the following table.

<ReleaseMatrix />

## Deployment Environments

The following environments are available, and both [deployment options](#deployment-options) support both environments.
Expand Down Expand Up @@ -175,7 +185,7 @@ Install Terraform if it is not already installed: visit [terraform.io](https://w

#### Download the Template Files

Download the ZIP file listed in [Operator Versions](#operator-versions) in the GCP Download column. Be sure to select the latest version. Unzip the files to a convenient location. You will have the files listed in the following table.
Download the ZIP file listed in [Operator Version](#operator-version) in the GCP Download column. Be sure to select the latest version. Unzip the files to a convenient location. You will have the files listed in the following table.

| File | Details |
| :--- | :--- |
Expand Down Expand Up @@ -401,7 +411,7 @@ Placeholder values are defined in the following table.
| `{ZONE}` | The Google Cloud zone that the VM instance will be deployed on. |
| `{IMAGE_FAMILY}` | Use `confidential-space` for Integration and Production, `confidential-space-debug` for debugging purposes in Integration only. Note that `confidential-space-debug` will not work in Production. |
| `{SERVICE_ACCOUNT}` | The service account email that you created as part of creating your account, in this format: `{SERVICE_ACCOUNT_NAME}@{PROJECT_ID}.iam.gserviceaccount.com`.<br/>For details, see [Set Up Service Account Rules and Permissions](#set-up-service-account-rules-and-permissions) (Step 4). |
| `{OPERATOR_IMAGE}` | The Docker image URL for the UID2 Private Operator for GCP, used in configuration.<br/>This can be found in the `terraform.tfvars` file in the GCP download file (see [Operator Versions](#operator-versions)). |
| `{OPERATOR_IMAGE}` | The Docker image URL for the UID2 Private Operator for GCP, used in configuration.<br/>This can be found in the `terraform.tfvars` file in the GCP download file (see [Operator Version](#operator-version)). |
| `{OPERATOR_KEY_SECRET_FULL_NAME}` | The full name that you specified for the Operator Key secret (see [Create Secret for the Operator Key in Secret Manager](#create-secret-for-the-operator-key-in-secret-manager)), including the path, in the format `projects/<project_id>/secrets/<secret_id>/versions/<version>`. For example: `projects/111111111111/secrets/uid2-operator-operator-key-secret-integ/versions/1`. |

##### Sample Deployment Script&#8212;Integ
Expand Down
80 changes: 80 additions & 0 deletions docs/ref-info/deprecation-schedule.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
---
title: Deprecation Schedule
description: Deprecation timeline for versions of UID2 APIs and services.
hide_table_of_contents: false
sidebar_position: 06
---

import Link from '@docusaurus/Link';
import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';

# Deprecation Schedule

The following sections provide information about supported versions and, where applicable, the deprecation timeline.

## Private Operator Versions

The following tables show the Private Operator versions that are currently supported, including:
- [Private Operator for AWS](#private-operator-for-aws)
- [Private Operator for GCP](#private-operator-for-gcp)
- [Private Operator for Azure](#private-operator-for-azure)
<!-- - [Private Operator for AKS](#private-operator-for-aks) -->

:::important
If you're using an older version, refer to the applicable table, Deprecation Date column, for information about the support lifetime for your version. We recommend upgrading to the latest version as soon as possible to take advantage of new and improved features.
:::

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest moving the policy here.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @atarassov-ttd oops about to publish and just noticed this comment.
I'd previously moved this to below the versions section based on your earlier comment #894 (comment).
The trouble is, the Important note is at the end of the H2 intro and then we have the individual H3 sections for each Private Operator. So it isn't good to interject another H2 section in there. To me, "the versions section" includes the parent and the children.
Given we need to get this out, keeping it as is. But if you take a look and need it moved still, happy to do it as a fast follow.

### Private Operator for AWS

The latest ZIP file is available in the Assets section at the bottom of the linked Release Notes in the following table.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@clarkxuyang there is indeed a ZIP for AWS in the release notes. Is it worthwhile linking it here? Our docs are centered around marketplace experience which does not require the zip. Is zip required only for setup experience outside of marketplace?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ZIP is only required for the setup experience outside of the marketplace. The public documentation doesn’t explain how to use it, I feel including the link might cause confusion.


| Version Name | Version&nbsp;#/Release&nbsp;Notes | AWS Version | Date | Deprecation Date |
| ------- | ------ | ------ | ------ | ------ |
| Q2 2025 | [v5.55.9](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.55.9-r1) | v5.55.9-r1 | July 1, 2025 | July 1, 2026 |
| Q1 2025 | [v5.49.7](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.49.7) | 5.49.7 | Mar 19, 2025 | Mar 31, 2026 |
| Q3 2024 Out-of-band | [v5.41.0](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.41.0) | 5.41.0 | October 29, 2024 | Mar 31, 2026 |
| Q3 2024 | [v5.38.104](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.38.104) | 5.38.104 | September 12, 2024 | Mar 31, 2026 |
| Q2 2024 | [v5.37.12](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.37.12) | 5.37.12 | June 12, 2024 | Sep 30, 2025 |

For documentation, see [UID2 Private Operator for AWS Integration Guide](..\guides\operator-guide-aws-marketplace.md).

### Private Operator for GCP

The latest ZIP file is linked in the GCP Download column in the following table.

| Version Name | Version&nbsp;#/Release&nbsp;Notes | GCP Download | Date | Deprecation Date |
| ------- | ------ | ------ | ------ | ------ |
| Q2 2025 | [v5.55.9](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.55.9-r1) | [gcp-oidc-deployment-files-5.55.9-r1.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.55.9-r1/gcp-oidc-deployment-files-5.55.9-r1.zip) | July 1, 2025 | July 1, 2026 |
| Q1 2025 | [v5.49.7](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.49.7) | [gcp-oidc-deployment-files-5.49.7.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.49.7/gcp-oidc-deployment-files-5.49.7.zip) | Mar 19, 2025 | Mar 31, 2026 |
| Q3 2024 Out-of-band | [v5.41.0](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.41.0) | [gcp-oidc-deployment-files-5.41.0.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.41.0/gcp-oidc-deployment-files-5.41.0.zip) | October 29, 2024 | Mar 31, 2026 |
| Q3 2024 | [v5.38.104](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.38.104) | [gcp-oidc-deployment-files-5.38.104.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.38.104/gcp-oidc-deployment-files-5.38.104.zip) | September 12, 2024 | Mar 31, 2026 |
| Q2 2024 | [v5.37.12](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.37.12) | [gcp-oidc-deployment-files-5.37.12.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.37.12/gcp-oidc-deployment-files-5.37.12.zip) | June 12, 2024 | Sep 30, 2025 |

For documentation, see [UID2 Private Operator for GCP Integration Guide](..\guides\operator-private-gcp-confidential-space.md).

### Private Operator for Azure

The latest ZIP file is linked in the Azure Download column in the following table.

| Version Name | Version&nbsp;#/Release&nbsp;Notes | Azure Download | Date | Deprecation Date |
| ------- | ------ | ------ | ------ | ------ |
| Q2 2025 | [v5.55.9](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.55.9-r1) | [azure-cc-deployment-files-5.55.9-r1.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.55.9-r1/azure-cc-deployment-files-5.55.9-r1.zip) | July 1, 2025 | July 1, 2026 |
| Q1 2025 | [v5.49.7](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.49.7) | [azure-cc-deployment-files-5.49.7.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.49.7/azure-cc-deployment-files-5.49.7.zip) | Mar 19, 2025 | Mar 31, 2026 |
| Q3 2024 Out-of-band | [v5.41.0](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.41.0) | [azure-cc-deployment-files-5.41.0.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.41.0/azure-cc-deployment-files-5.41.0.zip) | October 29, 2024 | Mar 31, 2026 |
| Q3 2024 | [v5.38.104](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.38.104) | [azure-cc-deployment-files-5.38.104.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.38.104/azure-cc-deployment-files-5.38.104.zip) | September 12, 2024 | Mar 31, 2026 |
| Q2 2024 | [v5.37.12](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.37.12) | [azure-cc-deployment-files-5.37.12.zip](https://github.com/IABTechLab/uid2-operator/releases/download/v5.37.12/azure-cc-deployment-files-5.37.12.zip) | June 12, 2024 | Sep 30, 2025 |

For documentation, see [UID2 Private Operator for Azure Integration Guide](..\guides\operator-guide-azure-enclave.md).

<!-- ### Private Operator for AKS

The latest ZIP file is linked in the Release Notes column in the following table.

| AKS Version Name | Version&nbsp;#/Release&nbsp;Notes | AKS Download | Date | Deprecation Date |
| ------- | ------ | ------ | ------ | ------ |
| Q2 2025 | xxx | xxx | xxx | xxx | -->
<!-- | Q1 2025 | 5.49.7 | [v5.49.7](https://github.com/IABTechLab/uid2-operator/releases/tag/v5.49.7) | Mar 19, 2025 | Mar 31, 2026 | -->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious why this is commented out?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@atarassov-ttd good point. It should probably come out -- but we did have this release. The info I was given (LC Confluence page) had it, but if you click through on the link, this artifact does not exist on the page.
If we could provide a different link, we could include this version. Otherwise, we should leave it out.
@clarkxuyang any input?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At the time of release Q1 2025, aks private operator was in final testing. It is not announced as part of Q1 release.


## Private Operator Upgrade Policy

<UpgradePolicy />
6 changes: 0 additions & 6 deletions docs/snippets/_private-operator-release-matrix.mdx
View file
Open in desktop

This file was deleted.

7 changes: 7 additions & 0 deletions docs/snippets/_private-operator-upgrade-policy.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<!-- Used by: All Private Operator guides plus Private Operator overview (guides/integration-options-private-operator.md) -->

To maintain security and operational integrity, outdated operator versions will be disabled after 12 months, which may cause affected deployments to shut down or fail to start. Upgrading ensures the use of the latest security and feature enhancements. We recommend upgrading proactively to avoid disruptions.

:::note
For critical security or operational issues, or where contract terms apply, we reserve the right to enforce tighter upgrade timelines for private operators.
:::
Loading