This release supports all features required to enable direct, policy-driven communication between containers on Cloud Foundry. We do not recommend using this is production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Known issues are documented here.
Verified with the following:
- CF release v246
- Diego release v0.1488.0
- garden-runc-release v1.0.3
- flannel v0.6.2
- etcd-release v80
- AWS stemcell 3263.7
Significant Changes
Security
- Fix protection masks for all files used by container networking
- ASGs for running apps continue to work after upgrading to garden-runc and netman
- As a bosh operator, I expect Netman release should not write files outside of /var/vcap
Performance and Scalability
- Reduce latency in application of policies observed in scalability tests
- App metadata is available on each cell without polling garden
- Use the wrapper plugin