2.7.0

This release includes the following new features:

• Leverage an existing configurable database timeout ‘database.connect_timeout_seconds’ to fix the policy-server and policy-server-internal jobs failing in the post-start due to previously auto-configured 25 seconds timeout limit.

Tested with silk-release v2.7.0

Significant Changes

Bugs

• Make policy server and policy server internal post start timeout configurable

2.6.0

This release includes the following new features:

• The route-populater job is deleted. (We do not use this job and if you tried to export cf-networking release 2.5.0, it would not have worked. This issue has been fixed in this release by eliminating this job.)

Tested with silk-release v2.6.0

Significant Changes

Leverage BPM for CF components

• Use bpm for policy-server
• Use bpm for route_populator
• Use bpm for bosh-dns-adapter
• Use bpm for service-discovery-controller
• Use bpm for policy-server-internal

Istio router on the overlay

• Policy Server Internal can create a policy for routing to overlay app

2.5.0

This release includes the following new features:

• Ability to create internal shared domains. You need the latest release of CAPI (CAPI 1.60.0) in order to leverage the service discovery enhancements.
• The route-populater job is broken. We do not use this job. But if you try to export this release, it will not work. We plan to fix this issue in the future release by eliminating this job. The other jobs in this release work just fine.

Tested with silk-release v2.5.0

Significant Changes

Manifest Changes

New Properties

• An optional paramater has been added to the bosh-dns-adapter job to configure custom internal domains. Defaults to [apps.internal.]
  • internal_domains

Leverage BPM for CF components

• Use bpm for policy-server

Move to credhub

• Move cf-networking ci environments vars-store to credhub
• Use credhub for concourse pipelines

Experimental service discovery enhancement

• An operator can configure a BOSH property for internal domains

Bugs

• cloudfoundry/cf-networking-examples #4: Docs are incorrect now the repo moved
• Fix build-release-notes

2.4.0

This release includes the following new features:

• New Ops file to move SDC instance groups to the scheduler without downtime
• Bandwidth limiting is supported through CNI chaining

Tested with silk-release v2.4.0

Significant Changes

Service Discovery enhancement

• An operator has an ops file to help move SDC instance groups without downtime

Timeout Stories

• cloudfoundry/silk #4: Too many open connections error

CNI Enhancements

• Silk release should provide bandwidth shaping via chaining to upstream CNI plugin

Bugs

• Send Metrics on Subscriber for Service Discovery Controller should call SendDuration

2.3.0

This release includes the following new features:

• New policy API endpoints to filter by source or destination ID
• Fixes to database and Consul timeout configurations
• For third party plugin authors - we removed support for multiple CNI configs

This release moves the SDC to the scheduler and will involve downtime. To avoid downtime, use this ops file

Tested with silk-release v2.3.0

Significant Changes

Manifest Changes

New Properties

• An optional parameter has been added to the policy-server and policy-server-internal jobs to configure the max number of
  open and idle connections to the policy-server database.
  • max_open_connections
  • max_idle_connections
• An optional parameter has been added to the policy-server-internal job to configure the consul dns health check timeout.
  Defaults to 5 seconds.
  • health_check_timeout_seconds

Changed Properties

• Namespaced the connect_timeout_seconds under database in the policy-server and policy-server-internal jobs.

API enhancements

• Policy Server API provides filtering by source app guid
• Policy Server API provides filtering by dest app guid

Timeout Stories

• An operator can limit the number of open and idle connections from policy server to the database
• Consul DNS healthcheck timeout should be independently configurable from the database connection timeout
• cloudfoundry/silk #4: Too many open connections error

Co-location

• Service Discovery should be co-located
• policy server internal should not require co-location with policy server

CNI Enhancements

• Only one CNI config is executed

Logging

• Iptables logging should work for apps on the same cell

Chores

• Remove sombrero from the pipeline

2.2.0

With this release silk controller and policy server can connect to mySQL database with TLS.

Tested with silk-release v2.2.0

Significant Changes

TLS

• Network policy server can connect to MySQL with TLS
• Silk controller can connect to MySQL with TLS

Chores

• Unpause Toque and verify it works
• We have an acceptance test for search domains
• resurrect our docs for the Policy Server Internal API
• Update pipeline to use upstream cf-deployment
• delete our papertrail account
• do we need to downgrade to Go 1.9?

2.1.0

Significant Changes

• The functionality in cf-app-sd-release is part of cf-networking-release. Since service discovery is a core component, it didn't make sense to keep it as it's own release. We have ported over all of the jobs to cf-networking-release.

Small Changes

• Consul DNS healthcheck timeout should be hardcoded back to 5 seconds

• iptables logging should work correctly with recent versions of syslog release

• Tested with silk-release v2.1.0

2.0.0

CF Networking Release 2.0.0 does not contain major new features, but does include breaking changes for how the Cloud Foundry container networking system is packaged, versioned and deployed.

The biggest change is that the Silk container networking fabric, which may be swapped out for other CNI-compatible network integrations, is now provided in a dedicated BOSH release, silk-release. That leaves cf-networking-release with only those "core" components (Network Policy API and CNI compatibility layer) that serve as extension points for network integrations. The split is intended to simplify the development and deployment of 3rd party network integrations in Cloud Foundry Application Runtime.

More detail:

• To maintain existing container networking features in Cloud Foundry, operators will need to deploy both cf-networking-release and silk-release. This is a breaking change for operators.
• We've "de-namespaced" many of the BOSH manifest properties and renamed some bosh jobs. For manifest authors, these are breaking changes. See the manifest changelog for details.
• Starting now and going forward, we plan to release both cf-networking-release and silk-release at the same time, with the same version numbers. Operators using silk-release should plan to deploy both releases together; we won't support mixed-version deployments.
• We continue to provide upgrade guarantees from cf-networking-release 1.x to the 2.x versions.
• To deploy these releases with cf-deployment, we recommend using the use-cf-networking-2.yml experimental ops-file. Longer term, we're intending for the 2.x versions to become default in CF Deployment.

Silk will no longer be the default cni plugin. To continue using it, you will have to set the following properties in your bosh manifest for the garden-cni job:

cni_plugin_dir: /var/vcap/packages/silk-cni/bin
cni_config_dir: /var/vcap/jobs/silk-cni/config/cni

Be sure to read the manifest changelog for CF Networking Release and the manifest changelog for Silk Release for details about all manifest changes that this release contains.

As always, we welcome your questions and feedback in our Cloud Foundry Slack channel #container-networking or in reply to this message.

---

Features

• cf-networking-release no longer includes swappable components
• ASGs are applied to multiple interfaces
• cf-networking-release has de-namespaced spec properties
• Audit and fix database timeout configuration for cf-networking
• CF Networking Release and Silk Release have the same version numbers
• Rename cni job to silk-cni in silk-release

Bug Fix

• Request's source IP is a cell's IP instead of a VXLAN one.

Manifest Changes
There are a lot of manifest changes, you can see them all at the manifest changelog.

Tested with silk-release v2.0.0

1.13.0

This release has the following new features:

• Multi-homing

• CORS support

• Initial support for CNI plugin chaining

• Tested with silk-release v0.3.0

Significant Changes

Manifest Changes

New Properties

• An optional parameter has been added to the garden-cni job to
  specify search domains. These domains will be configured in containers' /etc/resolv.conf.
  • cf_networking.search_domains
• An optional parameter has been added to the silk-daemon job to configure which network
  container traffic should be sent over based on network interface name. This property is
  not recommended for use and is temporary. If empty, the default network is used.
  • cf_networking.silk_daemon.temporary_vxlan_interface
• An optional parameter has been added to the silk-daemon job to configure which network
  container traffic should be sent over based on bosh network name. If empty, the default
  gateway network is used.
  • cf_networking.silk_daemon.vxlan_network
• An optional parameter has been added to list domains from which Cross-Origin
  requests will be accepted.
  • cf_networking.policy_server.allowed_cors_domains

Multiple Interfaces

• An operator can configure a BOSH property to indicate which interface name to use for VXLAN traffic
• Underlay network can be specified in job properties by bosh network name

DNS Features

• BOSH property for search domains are returned to Garden

CORS

• Support CORS on policy-server /networking endpoints

CNI

• Garden External Networker supports CNI Chaining

Tests

• CAT for ASGs applying to tasks

Chores

• Update to go 1.10
• use cloudfoundry/filelock repo
• Add fast fail to shipit cf-app-sd release
• Update the manifest change log for cf-networking-release 1.13.0
• ship-it publishes releases as drafts

1.12.0

This release includes a few enhancements and partial support for splitting cf-networking-release into core and swappable parts.

Give us feedback in the #container-networking channel on cloudfoundry.slack.com. Take a look at known issues for current limitations and known issues.

• Tested with silk-release v0.2.0

Significant Changes

Silk Release

• Create silk-release with swappable parts of cf-networking-release
• An operator can upgrade to using silk-release and cf-networking-release
• Properties in silk-release are not name spaced to cf-networking
• Update cf-networking-release and silk-release db timeout connection defaults
• finish shipping silk 0.1.0

Chores

• create new images in ci on timer
• Set up CI for silk-release
• Fix in silk pipeline
• Investigate ginkgo + golang 1.10 + silk
• Stop using the cats-concourse-task repo

Service Discovery

• Enhance Cats & Dogs to demo service discovery with phase 1 of service discovery
• Cat& Dogs example apps are in their own github repo

Bugs

• cloudfoundry/cf-networking-release #33: CustomIPTablesCompatibilityTest should be skipped by default

Documentation

• The team understands and documents the interfaces available to 3rd party network integrators