Changes from v1.11.0 to v1.12.0
- Verified with garden-runc-release v1.4.0.
- Verified with garden-windows-bosh-release v0.4.0.
- Verified with etcd-release v99.
- Verified with cf-mysql-release v34.
- Verified with cflinuxfs2-rootfs-release v1.60.0.
IMPORTANT: In advance of their use in the forthcoming v1.26.0 of capi-release, the manifest-generation script and templates require three new values in the property-overrides stub,
client_key, for the CC-Uploader component to use when communicating to Cloud Controller. Please consult the TLS documentation in capi-release for more information.
IMPORTANT: As of this Diego release, we consider the route-emitter job in local mode to be ready for use in production environments for HTTP route registrations. Work is also nearly complete to enable the local route-emitter to register TCP routes, but some of the BOSH properties that configure that mode will change in the next Diego release with the conclusion of story #142885525, and the manifest-generation script will extract more values from the CF manifest automatically.
- cloudfoundry/diego-ssh #30: SSH appears to hang with OpenSSH 7.3p1 from ubuntu yaketty
- cloudfoundry/diego-release #288: Update golang crypto library
- operator should be able use BBS client to verify that when a desired LRP is created with an http route and router group guid, that only gorouters configured with this guid add the route to their table (in flight)
Local Route Emitters
- As a Diego operator, I expect the route-emitter not to fetch the DesiredLRP if it has routing information for at least one of its ports
Local Route Emitters: TCP (Experimental)
- As a Diego operator, I expect to be able to opt the cell-local route-emitters into registering TCP routes with the routing API when UAA authentication is required
Instance Identity Credentials (Experimental)
- As a CF app developer, I expect the instance-identity certificates presented to a Linux app container always to be valid
- As an app developer, I expect the instance-identity credential files to be replaced atomically in the Linux container filesystem on rotation
- Fix ifrit panics
v2 Loggregator API Adoption (Experimental)
- As a Diego operator, I expect the cell reps to emit rep component metrics via the v2 loggregator API if so configured
- Use the gogo proto backend to generate loggregator pb.go files
- cloudfoundry/diego-release #289: Use InstanceId field instead of source_instance tag
Test Suites and Tooling
- As a CF operator, I expect the examples/aws documentation and templates to contain information about configuring the CC-Uploader with required TLS credentials
BOSH job changes
BOSH property changes
uaa.ca_cert: CA certificate bundle to trust when verifying the UAA server’s certificate.
uaa.client_name: Name of the UAA client for the route-emitter to use. Defaults to
uaa.client_secret: Secret for the route-emitter UAA client.
uaa.port: Port on which to communicate with the UAA. Defaults to
8443 for direct internal communication.
uaa.skip_cert_verify: Whether the route-emitter should skip verification of the UAA server’s certificate.
uaa.url: URL at which to communicate with the UAA. Defaults to
https://uaa.service.cf.internal for direct internal communication.
BOSH link changes
Upload this release version to the Director:
$ bosh upload-release https://bosh.io/d/github.com/cloudfoundry/diego-release?v=1.12.0 --sha1 6fe4073431ac2dcb7072493fae0f6c22f780e8a2
Modify deployment manifest to use this release in addition to any other used releases:
releases: - name: diego version: "1.12.0"
Finally add needed deployment jobs and specify values for required properties.
Optionally download sha1: 6fe4073431ac2dcb7072493fae0f6c22f780e8a2 release tarball locally:
# ...or download it directly using curl $ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/diego-release?v=1.12.0 # or with wget... $ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/diego-release?v=1.12.0