Release Highlights
- ✨ [New Feature] cf-networking + silk-release now support dynamically updating ASG data for app containers without needing a restart!
- A new job
policy-server-asg-syncer
queries CAPI for ASG data periodically and updates the policy-server database- A new endpoint on
policy-server-internal
is exposed to allowvxlan-policy-agent
to query for ASG data - When disabled, everything behaves as it did previously.
- To disable, set the
disable
property ofpolicy-server-asg-syncer
to true
- A new endpoint on
- 🐛 [Bug Fix] The
log-level
parameter forpolicy-server
, andpolicy-server-internal
is now propagated from bosh release to agent properly.
Compatibility Notes
It is recommended to use this in conjunction with capi-release v1.126.0 or later for improved performance on the /v3/security_groups APIs.
Tested with silk-release v3.0.0
Manifest Property Changes
Job | Property | 2.43.0 | 3.0.0 |
---|---|---|---|
policy-server-asg-syncer
| disable
| didn't exist | false |
policy-server-asg-syncer
| asg_poll_interval_seconds
| didn't exist | 60 |
policy-server-asg-syncer
| cc_hostname
| didn't exist | no default (uses the cloud_controller_https_endpoint link if not specified) |
policy-server-asg-syncer
| cc_port
| didn't exist | no default (uses the cloud_controller_https_endpoint link if not specified) |
policy-server-asg-syncer
| database.connect_timeout_seconds
| didn't exist | 120 |
policy-server-asg-syncer
| locket.address
| didn't exist | locket.service.cf.internal:8891 |
policy-server-asg-syncer
| locket.ca_cert
| didn't exist | required - no default |
policy-server-asg-syncer
| locket.client_cert
| didn't exist | required - no default |
policy-server-asg-syncer
| locket.client_key
| didn't exist | required - no default |
policy-server-asg-syncer
| log_level
| didn't exist | info |
policy-server-asg-syncer
| metron_port
| didn't exist | 3457 |
policy-server-asg-syncer
| skip_ssl_validation
| didn't exist | false |
policy-server-asg-syncer
| uaa_client
| didn't exist | network-policy |
policy-server-asg-syncer
| uaa_client_secret
| didn't exist | required - no default |
policy-server-asg-syncer
| uaa_ca
| didn't exist | required - no default |
policy-server-asg-syncer
| uaa_hostname
| didn't exist | uaa.service.cf.internal |
policy-server-asg-syncer
| uaa_port
| didn't exist | 8443 |