cf-networking/1.5.0
You can find the source of this version on GitHub at cloudfoundry-incubator/cf-networking-release. It was created based on the commit f778cce.
Release Notes¶
This release includes initial support for BBR. Try it out and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Take a look at known issues for current limitations and known issues.
Verified with the following: - CF deployment
Manifest Changes
Links Enabled
The policy-server now provides database connection info via a link which the new policy-server-internal job consumes:
- cf_networking.policy_server.database.type
- cf_networking.policy_server.database.username
- cf_networking.policy_server.database.password
- cf_networking.policy_server.database.port
- cf_networking.policy_server.database.name
- cf_networking.policy_server.database.host
New Properties
- REQUIRED: A new job policy-server-internal has been added. This job requires the following properties:
- cf_networking.policy_server_internal.ca_cert
- cf_networking.policy_server_internal.server_cert
- cf_networking.policy_server_internal.server_key
There are additional optional paramaters that can be set and are viewable in the spec file
- An optional parameter has been added to configure the path to the iptables kernel log for
the iptables_logger.
- cf_networking.iptables_logger.kernel_log_file
Removed Properties
- The policy-server job has removed the following properties:
- cf_networking.policy_server.internal_listen_port
- cf_networking.policy_server.ca_cert
- cf_networking.policy_server.server_cert
- cf_networking.policy_server.server_key
Changed Properties
- The consul.agent.services.policy-server property for the consul_agent job on the api instance group
should be renamed to consul.agent.services.policy-server-internal.
Significant Changes
CLI Changes
BBR Changes
- An operator can lock the policy server so policies cannot be added/deleted
- operator can use scripts deployed with a colocated job to restore the policy server database on mysql
- operator can use scripts deployed with a colocated job to lock and unlock the policy server API
- operator can use scripts deployed with a colocated job to backup the policy server database on mysql
Chores
Usage¶
You can reference this release in your deployment manifest from the releases section:
- name: "cf-networking" version: "1.5.0" url: "https://bosh.io/d/github.com/cloudfoundry-incubator/cf-networking-release?v=1.5.0" sha1: "4244a6e99e24748d4b0161f18f804859cdb4391c"
Or upload it to your director with the upload-release command:
bosh upload-release --sha1 4244a6e99e24748d4b0161f18f804859cdb4391c \ "https://bosh.io/d/github.com/cloudfoundry-incubator/cf-networking-release?v=1.5.0"
Jobs¶
- bbr-cfnetworkingdb
- cf-networking-acceptance
- garden-cni
- iptables-logger
- netmon
- policy-server
- policy-server-internal
- silk-cni
- silk-controller
- silk-daemon
- vxlan-policy-agent