Changes from v2.0.0 to v2.1.0
- Verified with cloudfoundry/cf-deployment @
01fe35738e8b3e1f719b66bd0b79f1a535beeadf
- Verified with garden-runc-release v1.11.1.
- Verified with garden-windows-bosh-release v0.13.0.
- Verified with cflinuxfs2-release v1.189.0.
Significant changes
BBS API
Container Execution
- As a CF operator, I expect to see cell and instance identifiers in the container lifecycle messages so that I can easily identify from app log-stream output the cells on which instances were placed
- As a Diego operator, I expect the state endpoint on the cell rep API to report container state so that I can assess instance state and health on a particular cell
Custom CAs
- As a CF contributor, I expect cloudfoundry/systemcerts to be deprecated in favor of x509.SystemCertPool (in flight, to be reversed)
SSH
De-Consuling Locks
- As a Diego operator, I expect locket to report errors with its config file gracefully instead of panicking (in flight)
v2 Loggregator API Adoption
Per-Instance Proxy (Experimental)
Component Logging and Metrics
Dependencies
- As a Diego operator, I expect diego-release to update to Golang 1.10.0+ so that I am up-to-date with the Golang dependency
- cloudfoundry/systemcerts #1: Fix compilation on Darwin with go1.10
Test Suites and Tooling
- Refactor cfdot tests to avoid global Config data race
- Flaky lager chug test
- Decide what to do about vizzini assertions that are marked as no longer necessary after #89463754
- cfdot aftereach can sometimes fail if locket doesn't exit within 1 second
Security
- As a Diego operator, I expect the BBS, auctioneer, and rep components all to require mutual TLS to secure their API servers so that I can ensure their security against remote clients
- As a Diego operator, I expect no longer to be able to configure the cell rep API separation properties so that I can simplify my manifest configuration
Documentation
Cleanup
- Remove unused versioner/format code from bbs.
- cloudfoundry/bbs #27: Remove formatter versioner
- As a Diego operator, I expect no longer to be able to configure the BOSH properties deprecated before Diego v2 so that I can simplify my deployment manifest
BOSH job changes
None.
BOSH property changes
auctioneer
- Removed
diego.auctioneer.dropsonde_port
. - Deprecated
diego.auctioneer.rep.require_tls
.
bbs
- Deprecated
diego.bbs.auctioneer.require_tls
. - Deprecated
diego.bbs.rep.require_tls
. - Removed
diego.bbs.auctioneer.api_url
in favor ofdiego.bbs.auctioneer.api_location
. - Removed
diego.bbs.dropsonde_port
. - Removed
diego.bbs.sql.db_connection_string
.
cfdot
- Removed
diego.cfdot.bbs.ca_cert
in favor oftls.ca_certificate
. - Removed
diego.cfdot.bbs.client_cert
in favor oftls.certificate
. - Removed
diego.cfdot.bbs.client_key
in favor oftls.private_key
.
file_server
- Removed
diego.file_server.dropsonde_port
.
locket
- Removed
dropsonde_port
.
rep
and rep_windows
- Removed
diego.executor.ca_certs_for_downloads
. - Removed
diego.executor.export_network_env_vars
. - Removed
diego.rep.dropsonde_port
. - Removed
diego.rep.enable_legacy_api_endpoints
. - Removed
diego.rep.listen_addr
. - Removed
diego.rep.trusted_certs
.
route_emitter
and route_emitter_windows
- Removed
diego.route_emitter.dropsonde_port
.
ssh_proxy
- Removed
diego.ssh_proxy.dropsonde_port
. - Removed
diego.ssh_proxy.uaa_token_url
in favor ofdiego.ssh_proxy.uaa.url
anddiego.ssh_proxy.uaa.port
.
BOSH link changes
None.