Releases: cloudfoundry/cf-networking-release
2.15.1
This patch is a safe upgrade path to 2.16.0+
This patch disables dynamic egress policies.
Dynamic egress is an experimental feature that will break cf push during the upgrade to 2.16.0+, unless this version is deployed first.
Tested with silk-release v2.15.0
2.16.0
WARNING: DEPLOY 2.15.1 BEFORE UPGRADING TO THIS RELEASE
This release includes migrations that cause cf push downtime while upgrading. The length of this downtime depends on the size of your deployment, and the number of VMs running policy-server-internal. This bug does not affect running apps.
To prevent this bug from happening, you can upgrade to cf-networking-release 2.15.1 first, before upgrading to 2.16.0+. If you upgrade through 2.15.1 you will not encounter this downtime.
This release includes the following features
- Support for dynamic egress policy configuration using a destination object has begun. For more information, read our feature narrative. Note: We no longer support the experimental dynamic egress configuration with in-line destination
- Added defaults for max_open_connections, max_idle_connections and connections_max_lifetime_seconds for policy server and policy server internal.
Tested with silk-release v2.16.0
Significant Changes
Dynamic Egress
- Github: Remove instructions about experimental dynamic egress APIs
- As an operator, I want to add a new destination object in order to configure an egress policy - Happy path
- As an operator, I want to add a new destination object in order to configure an egress policy - No permission
- As an operator with network.admin, I can add an egress policy from an app/space to a destination object - Happy path
- As an operator with network.admin, I can add an egress policy from an app/space to a destination object - No Permission
- Dynamic Egress - Switch ids to guids for destinations
- Dynamic Egress - Switch ids to guids for egress policies
DB Connection defaults
2.15.0
This release includes the following feature
Policy server now connects to CAPI via a TLS connection
Tested with silk-release v2.15.0
Significant Changes
Miscellaneous
2.14.0
This release includes the following feature
- You can now configure egress policies without having to restart the app. This release contains an experimental feature with updates to the network policy APIs that would allow you to manage egress policies to an IP address range at the app and space levels (Currently done through Application Security Groups). You can find more instructions on our Github page.
Tested with silk-release v2.14.0
Significant Changes
Dynamic configuration of egress policies
2.13.0
This release includes the following feature
- Polyglot Service Discovery is now Generally Available . Note that you will need CAPI-release version 1.63.0. We made an enhancement to this feature to allow you to configure custom internal domains. Optionally you can still continue to use 'apps.internal' if you wish to. You can find instructions on our Github page.
Tested with silk-release v2.13.0
Significant Changes
Polyglot Service Discovery
2.12.0
This release includes the following feature
- Added mitigation to resolve the DB migration issue
Tested with silk-release v2.12.0
Significant Changes
Bugs
2.11.0
This release includes no new features
Tested with silk-release v2.11.0
Significant Changes
Enhancements
Bugs
2.10.0
2.9.0
WARNING: This version of cf-networking-release has a dependency on bosh-dns (silk-release has always had this dependency). This dependency will be removed in the next version.
This release includes the following new feature:
- Moved policy server start to pre-start to give it more time to start and for migration since pre-start doesn’t have a hard time-out unlike the 60 second timeframe in start
Tested with silk-release v2.9.0
Significant Changes
Bugs
2.8.0
This release includes the following new feature:
- Added support for a few CF components in BPM. Using BPM for iptables logger requires BPM version 0.8.0
Tested with silk-release v2.8.0