Changes from v1.10.1 to v1.11.0
- Verified with garden-runc-release v1.3.0.
- Verified with garden-windows-bosh-release v0.4.0.
- Verified with etcd-release v99.
- Verified with cf-mysql-release v34.
- Verified with cflinuxfs2-rootfs-release v1.60.0.
IMPORTANT: The cc_uploader job on the cc_bridge VMs will soon require TLS credentials to communicate with Cloud Controller. If using the manifest-generation script in diego-release, these properties must now be configured via the property_overrides.cc_uploader.cc.ca_cert, client_cert, and client_key properties. The generate-cc-uploader-certs script will generate these credentials via certstrap.
Significant changes
BBS Relational Datastore
Local Route Emitters
Dependencies
Test Suites and Tooling
- Monitor vizzini flakiness after removing the test in vizzini that creates too many processes
- Fix a race condition in executor
Security
- CC-Uploader: uploading droplets and polling happens over an endpoint using mtls
- As a Diego operator, I expect that the cell rep can participate in mutual TLS exchanges for HTTPS downloads and uploads
BOSH job changes
None.
BOSH property changes
- Deprecated
diego.executor.ca_certs_for_downloadsin favor of rep-scopedtls.ca_certproperty.
rep and rep_windows
- Added
tls.ca_cert: CA certificates for rep server to trust for downloads and uploads. - Added
tls.cert: Certificate for rep client to present in downloads and uploads. - Added
tls.key: Private key for rep client to use in downloads and uploads.
route_emitter and route_emitter_windows
- Added
tcp.enabled: Whether to enable emission of TCP routes through the routing API. - Added
routing_api.uri: URI of the Routing API. - Added
routing_api.port: Port of the Routing API. - Added
routing_api.auth_disabled: Whether to use UAA authentication to communicate with the Routing API.
BOSH link changes
None.