Releases: cloudfoundry/cf-networking-release
0.9.0
Key changes include using BulkNetOut for Garden external networker, logging and security enhancements and validation of policy server high availability.
We do not recommend using netman-release in production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Verified with the following:
Follow the link above to get information about individual releases.
Significant Changes
Important fixes
Scalability and Performance
- BulkNetOut should be fast while using the external networker
- Handle a bulkNetOut call from Garden to the external networker
Security
- Internal components should not rely on external load-balancer & DNS in order to boot - fix UAA
- Internal components should not rely on external load-balancer & DNS in order to boot - fix CC
High Availability
Logging
- vxlan policy agent log level should be configurable via bosh spec property
- Cats & Dogs Backend App should log requests
- policy server log level should be configurable via bosh spec property
Application Security Groups
0.8.0
This release is the first release of netman that is validated against cf-deployment. Key changes include a fix for flannel watchdog not being stopped correctly and miscellaneous security fixes.
We do not recommend using netman-release in production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Verified with the following:
- CF deployment
Follow the link to get information about individual releases.
Significant Changes
- Fixes flannel watchdog not being stopped correctly.
Security
Logging
0.7.0
This release includes security fixes, performance enhancements and a minor CLI change.
We do not recommend using netman-release in production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Verified with the following:
- CF release v246
- Diego release v0.1490.0
- garden-runc-release v1.0.3
- flannel v0.6.2
- etcd-release v85
- AWS stemcell 3309
Significant Changes
Manifest changes
This release introduced a manifest change. Details for these changes are here.
CLI changes
Security
- As an attacker, I would like to force a mutual tls connection with the policy server to use a weak cipher
- As an operator I can configure an ASG with logging turned on
- flannel-watchdog runs as non-root user
- policy-server runs as non-root user
Performance
Bug Fixes
Documentation
0.6.0
This release supports all features required to enable direct, policy-driven communication between containers on Cloud Foundry. We do not recommend using this is production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Known issues are documented here.
Verified with the following:
- CF release v246
- Diego release v0.1488.0
- garden-runc-release v1.0.3
- flannel v0.6.2
- etcd-release v80
- AWS stemcell 3263.7
Significant Changes
Security
- Fix protection masks for all files used by container networking
- ASGs for running apps continue to work after upgrading to garden-runc and netman
- As a bosh operator, I expect Netman release should not write files outside of /var/vcap
Performance and Scalability
- Reduce latency in application of policies observed in scalability tests
- App metadata is available on each cell without polling garden
- Use the wrapper plugin
Documentation
0.5.0
This is pre-release software. Features are still under active development and may change at any time. Please kick the tires and give us your feedback in the #container-networking channel on cloudfoundry.slack.com!
Verified with the following:
- CF release v245
- Diego release develop
- garden-runc-release v1.0.1
- flannel v0.6.2
- etcd-release v78
- AWS stemcell 3263.7
Significant Changes
CLI
Metrics
Netman 0.4.0
This is pre-release software. Features are still under active development and may change at any time. Please kick the tires and give us your feedback in the #container-networking channel on cloudfoundry.slack.com! Verified with the following:
- CF release v245
- Diego release develop
- garden-runc-release v0.9.2
- flannel v0.6.2
- etcd-release v74
- AWS stemcell 3263.7
Significant Changes
Security
- Internal API endpoint is secured via mutual TLS
- Enabling TLS for flannel communication with etcd is configurable
Manifest Generation
Netman 0.3.0
This is pre-release software. Features are still under active development and may change at any time. Please kick the tires and give us your feedback in the #container-networking channel on cloudfoundry.slack.com! Release notes will be updated when there are breaking changes.
Verified with the following:
- CF release develop
- Diego release v0.1487.0
- garden-runc-release v0.9.0
- flannel v0.6.2
- etcd-release v72
- AWS stemcell 3263.5
Significant Changes
Security
Enable TLS for flannel communication to CF etcd
Enabling TLS for flannel communication with etcd is configurable
Manifest Generation
Simplify manifest generation, integrate into Diego templates
CLI
cli plugin shows an error when policy server cannot be reached
0.2.0
Verified with the following:
0.1.0
Verified with Diego release v0.1484.0
Verified with garden-runc-release develop@6a387a8