cf-networking/1.3.0
You can find the source of this version on GitHub at cloudfoundry-incubator/cf-networking-release. It was created based on the commit d58e429
.
Release Notes¶
Try out our new feature for augmented traffic logging with org, space and app information! Instructions are here. This release also lays the groundwork for supporting port ranges in policy configuration. Try it out and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Take a look at known issues for current limitations and known issues.
Verified with the following: - CF deployment
Manifest Changes
New Properties
- An optional parameter has been added to configure the rate of logs by
iptables for accepted UDP packets. Before, logging was done per UDP
connection. Now, the rate defaults to 100 packets per second.
- cf_networking.iptables_accepted_udp_logs_per_sec
is the maximum number of
accepted udp packets logged by iptables per second, it should be
configured on the silk-cni
job for ASGs or on the vxlan-policy-agent
job for C2C.
Significant Changes
Traffic logging enhancements
- Operators can see logs of egress network traffic with app/space/org GUIDs of the source in a file that can be forwarded via syslog
- ASG and c2c logging for UDP traffic is rate-limited
- Logs of egress network traffic include cell IP and GUIDs of the source in a file that can be forwarded via syslog
- Operators have instructions to consume augmented traffic logs in github
Port Ranges
- The internal API supports port ranges
- Policy server closes db connections on shutdown
vxlan-policy-agent uses ports field to write iptables rules
Github Issues
cloudfoundry-incubator/cf-networking-release #13: cf-release docs contain wrong configuration
remove http health check from cni wrapper
Miscellaneous
drain and pre-start clean up all potentially leftover cf-networking state
Usage¶
You can reference this release in your deployment manifest from the releases
section:
- name: "cf-networking" version: "1.3.0" url: "https://bosh.io/d/github.com/cloudfoundry-incubator/cf-networking-release?v=1.3.0" sha1: "ad62996fe70dc1791540c561c2ce1c1672288a07"
Or upload it to your director with the upload-release
command:
bosh upload-release --sha1 ad62996fe70dc1791540c561c2ce1c1672288a07 \ "https://bosh.io/d/github.com/cloudfoundry-incubator/cf-networking-release?v=1.3.0"
Jobs¶
- cf-networking-acceptance
- garden-cni
- iptables-logger
- netmon
- policy-server
- silk-cni
- silk-controller
- silk-daemon
- vxlan-policy-agent