cf-networking/1.2.0
You can find the source of this version on GitHub at cloudfoundry-incubator/cf-networking-release. It was created based on the commit b303459
.
Release Notes¶
CF networking is officially part of cf-deployment! You do not need a separate ops-file to include cf-networking in your deployment. This release also adds new capabilities for bandwidth limiting and logging enhancements for ASGs and container networking.
Try it out and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Take a look at known issues for current limitations and known issues.
Verified with the following: - CF deployment
Manifest Changes
New Properties
- Optional parameters have been added to the
silk-cni
job to limit the bandwidth in and out of containers.cf_networking.rate
is the rate in Kbps at which traffic can leave and enter a container.cf_networking.burst
is the burst in Kb at which traffic can leave and enter a container.- Both of these parameters must be set in order to limit bandwidth. If neither one is set, then bandwidth is not limited.
- The burst must high enough to support the given rate. If burst is not high enough, then creating containers will fail.
- An optional parameter has been added to configure the rate of logs by
iptables for denied packets. Before, this rate was hardcoded to 2 packets
per minute. Now, the rate defaults to 1 packet per second.
cf_networking.iptables_denied_logs_per_sec
is the maximum number of denied packets logged by iptables per second, it should be configured on thesilk-cni
job.
Significant Changes
Port Ranges
Logging
- c2c logs for accepted packets use conntrack
- An operator can change the sampling time of deny logging
- ASG logging works for accepted traffic that match UDP and ICMP whitelist rules
Bandwidth Limiting
Deployment Changes
Documentation
Bug Fixes
Usage¶
You can reference this release in your deployment manifest from the releases
section:
- name: "cf-networking" version: "1.2.0" url: "https://bosh.io/d/github.com/cloudfoundry-incubator/cf-networking-release?v=1.2.0" sha1: "c5a61b8be54e62b6d0eacfe2e0a45880345a3a21"
Or upload it to your director with the upload-release
command:
bosh upload-release --sha1 c5a61b8be54e62b6d0eacfe2e0a45880345a3a21 \ "https://bosh.io/d/github.com/cloudfoundry-incubator/cf-networking-release?v=1.2.0"
Jobs¶
- cf-networking-acceptance
- garden-cni
- netmon
- policy-server
- silk-cni
- silk-controller
- silk-daemon
- vxlan-policy-agent