cloudfoundry/cf-networking-release v0.7.0

0.7.0

on GitHub

This release includes security fixes, performance enhancements and a minor CLI change.

We do not recommend using netman-release in production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.

Verified with the following:

• CF release v246
• Diego release v0.1490.0
• garden-runc-release v1.0.3
• flannel v0.6.2
• etcd-release v85
• AWS stemcell 3309

Significant Changes

Manifest changes

This release introduced a manifest change. Details for these changes are here.

• When I hit an endpoint I see policy server logs for deleted apps that have policies configured

CLI changes

• Rename the cf deny-access

Security

• As an attacker, I would like to force a mutual tls connection with the policy server to use a weak cipher
• As an operator I can configure an ASG with logging turned on
• flannel-watchdog runs as non-root user
• policy-server runs as non-root user

Performance

• Reduce iptables enforce time metric

Bug Fixes

• When app metadata is missing required keys, provide a useful error message in the logs

Documentation

• As an operator I would like to know API options available to me
• As an operator I would like to know CLI options available to me