1.4.0
·
2670 commits
to develop
since this release
CF networking policies now support port ranges in addition to a single port in policy configuration. In addition, the silk controller provides a link for the silk daemon to configure the overlay network for cf-networking.
Try it out and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Take a look at known issues for current limitations and known issues. Verified with the following:
Manifest Changes
Links Enabled
The silk-controller job now provides two properties via links which the silk-daemon job consumes:
cf_networking.networkcf_networking.subnet_prefix_length
** This means you are able to remove the properties (listed above) from thesilk-daemonjob. **
If your deployment contains more than a single instance group that has the silk-controller job,
then you will need to explicitly name the cf_network link. For more information,
see the documentation.
New Properties
- An optional parameter has been added to configure the port of the metron agent for
the iptables_logger. This port will be used to forward metrics. Previously, no such
port existed.cf_networking.iptables_logger.metron_port
Significant Changes
Port Ranges
- As an operator I would like to specify a range of ports in policy configuration APIs
- As an operator I would like to specify a range of ports in policy configuration CLI
- As an operator I would like to see a range of ports in policy configuration CLI
- As an operator I would like to remove access for a range of ports in policy configuration CLI
Optimizations
- Operators can configure a single property to change the overlay network
- policy-server and silk-controller work with MySQL 5.6
- Operators should see info on resource consumption of log forwarder in github
Logging Enhancemetns
- Iptables-logger logs a metric for uptime
- fix flaky iptables logger tests
- iptables logger is running in a cf-release deployment