Changes from v1.6.0 to v1.6.1
- Verified with garden-runc-release v1.1.1.
- Verified with garden-windows-bosh-release v0.2.0.
- Verified with etcd-release v90.
- Verified with cf-mysql-release v32.
- Verified with cflinuxfs2-rootfs-release v1.47.0.
IMPORTANT: To accommodate security improvements on Cloud Controller's internal APIs, the Diego manifest-generation script now requires TLS credentials for the TPS-Listener component on the cc_bridge VMs. Follow documentation in capi-release to generate these certificates, and add the following entries to the property-overrides stub:
property_overrides:
tps:
cc:
ca_cert: CONTENTS_OF_CA_CERT_FILE
client_cert: CONTENTS_OF_TPS_CLIENT_CERT_FILE
client_key: CONTENTS_OF_TPS_CLIENT_KEY_FILE
The AWS example documentation also has instructions for generating these certificates.
Significant changes
Container Execution
Local Route Emitters (Experimental)
- In local route-emitter mode, the registered endpoints for an evacuating LRP instance should switch over with minimal overlap without causing a performance regression
- Remove ActualLRP instance/evacuating resolution logic from route-emitter
- Look into this local route emitter test suite flake
- The local route-emitter should not fetch all of the desired lrp scheduling infos when there are no instances running.
Windows Support
CC-Bridge Transfer
Manifest Generation
- As a CF operator, I expect the cf-deployment manifest to secure the auctioneer API
- cloudfoundry/diego-release #260: TPS-watcher uses mTLS to talk to CC
- cloudfoundry/diego-release #262: Tps watcher cert generation
Test Suites and Tooling
BOSH job changes
None.
BOSH property changes
None.