Primary changes include stability related fixes and changes to policy enforcement to make container networking policy independent of ASG configuration.
We also tested and documented how to detect problems with overlapping overlay network and underlay network ranges.
We do not recommend using cf-networking-release in production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com. Take a look at known issues for current limitations and known issues.
Verified with the following:
Manifest Changes
New Properties
The optional parameter cf_networking.lease_poll_interval_seconds has been added to allow operators to override the default polling interval between silk-daemon and silk-controller.
Changed Properties
The value for cf_networking.garden_external_networker.cni_config_dir now defaults to /var/vcap/jobs/silk-cni/config/cni We recommend that you remove any overrides for this property, unless you are intending to use a 3rd party CNI plugin.
Other Changes
Since silk is now deployed by default, there is no more silk.yml ops file. Deploying with flannel is no longer supported.
Significant Changes
iptables
Stability
- vxlan-policy-agent fails when policy server is not reachable on start-up
- Validate behavior when the overlay network configuration overlaps with the underlay IP range