0.10.0

Key changes include manifest changes related to policy server DB configuration, logging enhancements and testing related to data plane security.

We do not recommend using netman-release in production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.

Verified with the following:

• CF deployment

Significant Changes

Manifest Changes

• Policy server database can be configured through individual properties instead of an opaque string

Logging

• Log levels for vxlan-policy-agent are reconfigurable at runtime
• Logging for c2c iptables is reconfigurable at runtime
• Log levels for policy-server are reconfigurable at runtime

Security

• Move flannel state dir to something under /var/vcap
• As an attacker my containers can reach local addresses on the host VM
• Redact tokens/passwords in policy server log messages

Miscellaneous

• netman-release has a NOTICE file with license information
• Containers can be created while policy server is down and receive traffic when the policy-server comes back up
• Masquerade rule should be written by something other than vxlan-policy-agent
• SPIKE: Containers can connect to an IP address on the host