diff --git a/cf-deployment/cf-deployment.yml b/cf-deployment/cf-deployment.yml index b95660d5..5582c793 100644 --- a/cf-deployment/cf-deployment.yml +++ b/cf-deployment/cf-deployment.yml @@ -1,6 +1,6 @@ --- name: cf -manifest_version: v40.12.0 +manifest_version: v44.4.0 update: canaries: 1 canary_watch_time: 30000-1200000 @@ -328,7 +328,7 @@ instance_groups: - z1 - z2 instances: 2 - vm_type: minimal + vm_type: medium stemcell: default networks: - name: default @@ -841,7 +841,7 @@ instance_groups: networks: - name: default jobs: - - name: redis + - name: valkey release: capi - name: cloud_controller_ng release: capi @@ -849,8 +849,8 @@ instance_groups: cloud_controller: {as: cloud_controller, shared: true} properties: name: cf-deployment - build: v40.12.0 # AUTO-POPULATED; DO NOT EDIT - version: 40 # AUTO-POPULATED; DO NOT EDIT + build: v44.4.0 # AUTO-POPULATED; DO NOT EDIT + version: 44 # AUTO-POPULATED; DO NOT EDIT router: route_services_secret: "((router_route_services_secret))" system_domain: "((system_domain))" @@ -888,6 +888,7 @@ instance_groups: buildpack/cflinuxfs4: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz + cnb/cflinuxfs4: cnb_app_lifecycle/cnb_app_lifecycle.tgz default_stack: cflinuxfs4 stacks: - name: cflinuxfs4 @@ -898,6 +899,8 @@ instance_groups: default_staging_security_groups: - public_networks - dns + security_groups: + enable_comma_delimited_destinations: true security_group_definitions: - name: public_networks rules: @@ -950,7 +953,6 @@ instance_groups: encryption_key_0: "((cc_db_encryption_key))" staging_upload_user: staging_user staging_upload_password: "((cc_staging_upload_password))" - legacy_md5_buildpack_paths_enabled: false temporary_use_logcache: true logcache: host: log-cache.service.cf.internal @@ -1175,6 +1177,7 @@ instance_groups: buildpack/cflinuxfs4: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz + cnb/cflinuxfs4: cnb_app_lifecycle/cnb_app_lifecycle.tgz database_encryption: *cc-database-encryption staging_upload_user: staging_user staging_upload_password: "((cc_staging_upload_password))" @@ -1257,6 +1260,7 @@ instance_groups: buildpack/cflinuxfs4: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz + cnb/cflinuxfs4: cnb_app_lifecycle/cnb_app_lifecycle.tgz staging_upload_user: staging_user staging_upload_password: "((cc_staging_upload_password))" resource_pool: *blobstore-properties @@ -1292,6 +1296,7 @@ instance_groups: buildpack/cflinuxfs4: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz + cnb/cflinuxfs4: cnb_app_lifecycle/cnb_app_lifecycle.tgz mutual_tls: ca_cert: "((cc_tls.ca))" private_key: "((cc_tls.private_key))" @@ -1445,6 +1450,8 @@ instance_groups: instances: 2 vm_type: minimal stemcell: default + update: + serial: true vm_extensions: - cf-tcp-router-network-properties networks: @@ -1458,6 +1465,11 @@ instance_groups: router_group: default-tcp tls_health_check_cert: ((tcp_router_lb_health_tls.certificate)) tls_health_check_key: ((tcp_router_lb_health_tls.private_key)) + backend_tls: + enabled: true + client_cert: ((tcp_router_backend_tls.certificate)) + client_key: ((tcp_router_backend_tls.private_key)) + ca_cert: ((diego_instance_identity_ca.ca)) uaa: ca_cert: "((uaa_ssl.ca))" tls_port: 8443 @@ -1632,13 +1644,16 @@ instance_groups: containers: proxy: enabled: true + enable_unproxied_port_mappings: false require_and_verify_client_certificates: true trusted_ca_certificates: - ((gorouter_backend_tls.ca)) - ((ssh_proxy_backends_tls.ca)) + - ((tcp_router_backend_tls.ca)) verify_subject_alt_name: - gorouter.service.cf.internal - ssh-proxy.service.cf.internal + - tcp-router.service.cf.internal trusted_ca_certificates: - ((diego_instance_identity_ca.ca)) - ((credhub_tls.ca)) @@ -1677,6 +1692,7 @@ instance_groups: client_key: "((nats_client_cert.private_key))" tcp: enabled: true + enable_tls: true uaa: ca_cert: "((uaa_ssl.ca))" client_secret: "((uaa_clients_tcp_emitter_secret))" @@ -2481,6 +2497,15 @@ variables: common_name: gorouter_lb_health_tls alternative_names: - gorouter.service.cf.internal +- name: tcp_router_backend_tls + type: certificate + options: + ca: service_cf_internal_ca + common_name: tcp-router_backend_tls + alternative_names: + - tcp-router.service.cf.internal + extended_key_usage: + - client_auth - name: tcp_router_lb_health_tls type: certificate options: @@ -2792,126 +2817,126 @@ variables: releases: - name: binary-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/binary-buildpack-release?v=1.1.11 - version: 1.1.11 - sha1: dc680a771bad6c9205797ac6bba6ef4d1aa7b18e + url: https://bosh.io/d/github.com/cloudfoundry/binary-buildpack-release?v=1.1.14 + version: 1.1.14 + sha1: f9e6145b2b9e2c71a59cbf0572fcb25a99b98c59 - name: bpm - url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.2.19 - version: 1.2.19 - sha1: 8052def173f1e1d87dcbbce353dd2e6d1df96177 + url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.4.1 + version: 1.4.1 + sha1: 1d2f22a5d024cb34f6d7d2da3f1ee95e4a8cdd61 - name: capi - url: https://bosh.io/d/github.com/cloudfoundry/capi-release?v=1.181.0 - version: 1.181.0 - sha1: c369c5290d922fdfda7177bd747435633285515c + url: https://bosh.io/d/github.com/cloudfoundry/capi-release?v=1.195.0 + version: 1.195.0 + sha1: 92baa45ee839bf5a5a763c54696b841ef8024528 - name: cf-networking - url: https://bosh.io/d/github.com/cloudfoundry/cf-networking-release?v=3.46.0 - version: 3.46.0 - sha1: 28ae3c49a0509d0899353273059d122529e632dc + url: https://bosh.io/d/github.com/cloudfoundry/cf-networking-release?v=3.52.0 + version: 3.52.0 + sha1: b67b8673e687d4dc1b00b098192d5b5c14ae681a - name: cf-smoke-tests - url: https://bosh.io/d/github.com/cloudfoundry/cf-smoke-tests-release?v=42.0.146 - version: 42.0.146 - sha1: 0718da741dcc81e7290c04bcab25205b69566b97 + url: https://bosh.io/d/github.com/cloudfoundry/cf-smoke-tests-release?v=42.0.171 + version: 42.0.171 + sha1: dcc2c329ccd5cd3c1ae7e5ff06a6704c3de70603 - name: cflinuxfs4 - url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs4-release?v=1.95.0 - version: 1.95.0 - sha1: 299639ae2e6d50920b6d3bb22e88e1bcfbce95d4 + url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs4-release?v=1.174.0 + version: 1.174.0 + sha1: 0034c23d813f0f433c3296c6f2a89a96d4c422c3 - name: credhub - url: https://bosh.io/d/github.com/pivotal-cf/credhub-release?v=2.12.74 - version: 2.12.74 - sha1: 2f1b40d6035fa600ba770bf51c39e16f88461497 + url: https://bosh.io/d/github.com/pivotal-cf/credhub-release?v=2.12.93 + version: 2.12.93 + sha1: 839113e27736a71972f8c44362ed3f1cbc0f5720 - name: diego - url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=2.99.0 - version: 2.99.0 - sha1: b0f6b9f60d441d80a45a4dcec5f90224b315704e + url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=2.105.0 + version: 2.105.0 + sha1: 2b859378fc80cc983fbc875ebf934d7a3eab66f1 - name: dotnet-core-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/dotnet-core-buildpack-release?v=2.4.27 - version: 2.4.27 - sha1: 2dafeb8390835f71aaeab3bb6bd3b2df1fa23a33 + url: https://bosh.io/d/github.com/cloudfoundry/dotnet-core-buildpack-release?v=2.4.33 + version: 2.4.33 + sha1: 2b0f1b44aecdf1fad688329b8e1ffdcc451b8991 - name: garden-runc - url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.53.0 - version: 1.53.0 - sha1: 727479842888aa9752b0f556702d987424ef7254 + url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.57.0 + version: 1.57.0 + sha1: 56cb4687e28cfbb6ed90e0b5afe28c118b7e9c6e - name: go-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/go-buildpack-release?v=1.10.18 - version: 1.10.18 - sha1: 810ca15c34e2d38abc025aca6941f3c2dce92c40 + url: https://bosh.io/d/github.com/cloudfoundry/go-buildpack-release?v=1.10.23 + version: 1.10.23 + sha1: c6dbd9573fc51ab92cb2f631e9b848e5bb990eec - name: java-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/java-buildpack-release?v=4.69.0 - version: 4.69.0 - sha1: 114c678a042a89cb293db912c13915b5ef1009a8 + url: https://bosh.io/d/github.com/cloudfoundry/java-buildpack-release?v=4.71.0 + version: 4.71.0 + sha1: 82356fa16049c360e9287adbe1c82098264dc1fe - name: loggregator - url: https://bosh.io/d/github.com/cloudfoundry/loggregator-release?v=107.0.14 - version: 107.0.14 - sha1: 6a41e9642d8e3cd6191c0b54e7678719800b2826 + url: https://bosh.io/d/github.com/cloudfoundry/loggregator-release?v=107.0.17 + version: 107.0.17 + sha1: bba6ece58f146d822a37894c1bdc14b601964ba6 - name: nats - url: https://bosh.io/d/github.com/cloudfoundry/nats-release?v=56.19.0 - version: 56.19.0 - sha1: 945d4fe29150cb8091a21f295a6a163b735b5dd4 + url: https://bosh.io/d/github.com/cloudfoundry/nats-release?v=56.25.0 + version: 56.25.0 + sha1: 2702d51f44e6798191d916e801cbccfbecafde83 - name: nginx-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/nginx-buildpack-release?v=1.2.13 - version: 1.2.13 - sha1: b40f90f64d559436e187b21b836fb2d3c84eab35 + url: https://bosh.io/d/github.com/cloudfoundry/nginx-buildpack-release?v=1.2.19 + version: 1.2.19 + sha1: f9c83865ba934c4f232cd97e234dd07577b5b26e - name: r-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/r-buildpack-release?v=1.2.11 - version: 1.2.11 - sha1: d4f1ac487955a3ce49f198a0a919d194b847cdbc + url: https://bosh.io/d/github.com/cloudfoundry/r-buildpack-release?v=1.2.15 + version: 1.2.15 + sha1: eb7862d246dd85e9d9027d5d3f9e90fe1664345c - name: nodejs-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/nodejs-buildpack-release?v=1.8.24 - version: 1.8.24 - sha1: f915df715dc47be62116c5f319808b4a91b7b4bb + url: https://bosh.io/d/github.com/cloudfoundry/nodejs-buildpack-release?v=1.8.29 + version: 1.8.29 + sha1: b9da829e7ee0ac1210c70860a6f17ebed172afd9 - name: php-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/php-buildpack-release?v=4.6.18 - version: 4.6.18 - sha1: 6152d00052556cdeb7327b14edd2734ecf1a15ea + url: https://bosh.io/d/github.com/cloudfoundry/php-buildpack-release?v=4.6.23 + version: 4.6.23 + sha1: f8b0b367923a23225dd318b0c405ac264d782b89 - name: pxc - url: https://bosh.io/d/github.com/cloudfoundry/pxc-release?v=1.0.28 - version: 1.0.28 - sha1: f80440917c86a6c3fc96dbdb2dccb2c6c3439e1d + url: https://bosh.io/d/github.com/cloudfoundry/pxc-release?v=1.0.31 + version: 1.0.31 + sha1: e2e951dfe9e374d3715d3156bf1132a4e0ffb2a5 - name: python-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/python-buildpack-release?v=1.8.23 - version: 1.8.23 - sha1: fc2fa861b2af95ba118e63eebac24df1ffbfb29d + url: https://bosh.io/d/github.com/cloudfoundry/python-buildpack-release?v=1.8.29 + version: 1.8.29 + sha1: e9bf6abc64e54ab9143861ab5f8798680389e062 - name: routing - url: https://bosh.io/d/github.com/cloudfoundry/routing-release?v=0.297.0 - version: 0.297.0 - sha1: 41d9ea3c5ef61e4170e0261c27c22651f7055f33 + url: https://bosh.io/d/github.com/cloudfoundry/routing-release?v=0.316.0 + version: 0.316.0 + sha1: 506465f7f457312a074ac127466e21a2268a7019 - name: ruby-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/ruby-buildpack-release?v=1.10.13 - version: 1.10.13 - sha1: 94bb7b5c71076fdc0e22275319eadef8a3d66241 + url: https://bosh.io/d/github.com/cloudfoundry/ruby-buildpack-release?v=1.10.18 + version: 1.10.18 + sha1: 6bbe14f8f374a42e2220ddc49957b213d1d3d1db - name: silk - url: https://bosh.io/d/github.com/cloudfoundry/silk-release?v=3.46.0 - version: 3.46.0 - sha1: 868ed3c5f61e9ffb2d2b4bd044e8eeddcc1bfd1d + url: https://bosh.io/d/github.com/cloudfoundry/silk-release?v=3.52.0 + version: 3.52.0 + sha1: e5e2aa65a28a4f9d9db1539e7cb533c34d0f7684 - name: staticfile-buildpack - url: https://bosh.io/d/github.com/cloudfoundry/staticfile-buildpack-release?v=1.6.12 - version: 1.6.12 - sha1: e2610a5de94538bf83b0f85161faa951d3cbb76a + url: https://bosh.io/d/github.com/cloudfoundry/staticfile-buildpack-release?v=1.6.17 + version: 1.6.17 + sha1: 9e9f49090ee388e9ad34246c82b80ad412280937 - name: statsd-injector - url: https://bosh.io/d/github.com/cloudfoundry/statsd-injector-release?v=1.11.40 - version: 1.11.40 - sha1: eaa5e465d8310113ae90bc9b7d956319f1315d14 + url: https://bosh.io/d/github.com/cloudfoundry/statsd-injector-release?v=1.11.43 + version: 1.11.43 + sha1: 351aedae5cd3a2279428e1429388f8ad415f99ba - name: uaa - url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=77.9.0 - version: 77.9.0 - sha1: 2880e700842c87d6ae615a9b41e152d0091fc3bd + url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=77.17.0 + version: 77.17.0 + sha1: b617ba847bbe05c5c3e31f3f3a5cb50e732992c7 - name: loggregator-agent - url: https://bosh.io/d/github.com/cloudfoundry/loggregator-agent-release?v=8.1.1 - version: 8.1.1 - sha1: 4a65bd6a4e5585025fb1c24d7698057a091e1b50 + url: https://bosh.io/d/github.com/cloudfoundry/loggregator-agent-release?v=8.3.0 + version: 8.3.0 + sha1: a425e43b561f9df3fed255786424885ae12a5f80 - name: log-cache - url: https://bosh.io/d/github.com/cloudfoundry/log-cache-release?v=3.0.11 - version: 3.0.11 - sha1: 49e40454c467ac76224565cce7d51739af9a96d1 + url: https://bosh.io/d/github.com/cloudfoundry/log-cache-release?v=3.1.5 + version: 3.1.5 + sha1: d095f5965f5dda9e80d9ea6feba39e51a93e7dcf - name: bosh-dns-aliases url: https://bosh.io/d/github.com/cloudfoundry/bosh-dns-aliases-release?v=0.0.4 version: 0.0.4 sha1: 55b3dced813ff9ed92a05cda02156e4b5604b273 - name: cf-cli - url: https://bosh.io/d/github.com/bosh-packages/cf-cli-release?v=1.63.0 - version: 1.63.0 - sha1: 19fc1dcd4cb5dcc4df42e42317afd175dcb91903 + url: https://bosh.io/d/github.com/bosh-packages/cf-cli-release?v=1.67.0 + version: 1.67.0 + sha1: 1cb37275a9ee65f69521fc889d5c561ff878a0b4 stemcells: - alias: default os: ubuntu-jammy - version: "1.445" + version: "1.621" diff --git a/cf-deployment/iaas-support/bosh-lite/cloud-config.yml b/cf-deployment/iaas-support/bosh-lite/cloud-config.yml index c9874054..fc42a749 100644 --- a/cf-deployment/iaas-support/bosh-lite/cloud-config.yml +++ b/cf-deployment/iaas-support/bosh-lite/cloud-config.yml @@ -58,6 +58,7 @@ vm_types: - name: minimal - name: small - name: small-highmem +- name: medium # Note: the "default" vm type is not used in cf-deployment. # it is included for compatibility with the bosh-deployment # cloud-config. diff --git a/cf-deployment/operations/README.md b/cf-deployment/operations/README.md index 79ea334c..672d3164 100644 --- a/cf-deployment/operations/README.md +++ b/cf-deployment/operations/README.md @@ -39,6 +39,10 @@ This is the README for Ops-files. To learn more about `cf-deployment`, go to the | [`disable-router-tls-termination.yml`](disable-router-tls-termination.yml) | Eliminates keys related to performing TLS termination within the gorouter job. | Useful for deployments where TLS termination is performed prior to the gorouter - for instance, on AWS, such termination is commonly done at the ELB. This also eliminates the need to specify `((router_ssl.certificate))` and `((router_ssl.private_key))` in the var files. | **NO** | | [`disable-http2.yml`](disable-http2.yml) | Prevent gorouter from accepting and forwarding HTTP/2 requests. | | **NO** | | [`disable-dynamic-asgs.yml`](disable-dynamic-asgs.yml) | Disable dynamic updates for security groups. | | **NO** | +| [`disable-tls-tcp-routing-stage-1-unproxied-ports.yml`](disable-tls-tcp-routing-stage-1-unproxied-ports.yml) | Stage 1 deployment for disabling TLS for TCP Routes on. See [configuring TCP routes](https://docs.cloudfoundry.org/adminguide/enabling-tcp-routing.html#tls-tcp-routes) for more info. | | **NO ** | +| [`disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml`](disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml) | Stage 2 deployment for disabling TLS for TCP Routes on. See [configuring TCP routes](https://docs.cloudfoundry.org/adminguide/enabling-tcp-routing.html#tls-tcp-routes) for more info. | | **NO ** | +| [`disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml`](disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml) | Stage 1 deployment for disabling TLS for TCP Routes on isolation segments. See [configuring TCP routes](https://docs.cloudfoundry.org/adminguide/enabling-tcp-routing.html#tls-tcp-routes) for more info. | | **NO ** | +| [`disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml`](disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml) | Stage 2 deployment for disabling TLS for TCP Routes on isolation segments. See [configuring TCP routes](https://docs.cloudfoundry.org/adminguide/enabling-tcp-routing.html#tls-tcp-routes) for more info. | | **NO ** | | [`enable-cc-rate-limiting.yml`](enable-cc-rate-limiting.yml) | Enable rate limiting for UAA-authenticated endpoints. | Introduces variables `cc_rate_limiter_general_limit` and `cc_rate_limiter_unauthenticated_limit` | **NO** | | [`enable-cc-v2-rate-limiting.yml`](enable-cc-rate-limiting.yml) | Enable V2 API rate limiting for UAA-authenticated endpoints. | Introduces variables `cc_v2_rate_limiter_general_limit`, `cc_v2_rate_limiter_admin_limit` and `cc_v2_rate_limiter_reset_interval_in_minutes` | **NO** | | [`enable-cpu-throttling.yml`](enable-cpu-throttling.yml) | Configure Garden containers with CPU entitlement. | This ops file requires `set-cpu-weight.yml`. | **YES** | diff --git a/cf-deployment/operations/add-persistent-isolation-segment-diego-cell.yml b/cf-deployment/operations/add-persistent-isolation-segment-diego-cell.yml index 33b9cc37..b8a8ab70 100644 --- a/cf-deployment/operations/add-persistent-isolation-segment-diego-cell.yml +++ b/cf-deployment/operations/add-persistent-isolation-segment-diego-cell.yml @@ -70,13 +70,16 @@ containers: proxy: enabled: true + enable_unproxied_port_mappings: false require_and_verify_client_certificates: true trusted_ca_certificates: - ((gorouter_backend_tls.ca)) - ((ssh_proxy_backends_tls.ca)) + - ((tcp_router_backend_tls.ca)) verify_subject_alt_name: - gorouter.service.cf.internal - ssh-proxy.service.cf.internal + - tcp-router.service.cf.internal trusted_ca_certificates: - ((diego_instance_identity_ca.ca)) - ((credhub_tls.ca)) @@ -134,6 +137,7 @@ timestamp: "rfc3339" tcp: enabled: true + enable_tls: true uaa: ca_cert: "((uaa_ssl.ca))" client_secret: "((uaa_clients_tcp_emitter_secret))" diff --git a/cf-deployment/operations/addons/add-system-metrics-agent.yml b/cf-deployment/operations/addons/add-system-metrics-agent.yml index 27899e93..3d8e35b5 100644 --- a/cf-deployment/operations/addons/add-system-metrics-agent.yml +++ b/cf-deployment/operations/addons/add-system-metrics-agent.yml @@ -81,16 +81,16 @@ path: /releases/name=system-metrics? value: name: system-metrics - sha1: 89b966f573bd02c611d6499b9cbd7888d09e62af - url: https://bosh.io/d/github.com/cloudfoundry/system-metrics-release?v=3.0.7 - version: 3.0.7 + sha1: 30ae3f4f0df1d30a0a1c7433c3bc54852fdd9e2c + url: https://bosh.io/d/github.com/cloudfoundry/system-metrics-release?v=3.0.8 + version: 3.0.8 - type: replace path: /releases/name=system-metrics-scraper? value: name: system-metrics-scraper - sha1: 59aa1c2a79bea13f4aa8931119ce19663d5e2b51 - url: https://bosh.io/d/github.com/cloudfoundry/system-metrics-scraper-release?v=4.0.8 - version: 4.0.8 + sha1: 1a311672b0c74ac16536b189c044181dca333456 + url: https://bosh.io/d/github.com/cloudfoundry/system-metrics-scraper-release?v=4.0.11 + version: 4.0.11 - type: replace path: /variables/name=leadership_election_tls? value: diff --git a/cf-deployment/operations/addons/enable-component-syslog.yml b/cf-deployment/operations/addons/enable-component-syslog.yml index 719b1c7e..581626b6 100644 --- a/cf-deployment/operations/addons/enable-component-syslog.yml +++ b/cf-deployment/operations/addons/enable-component-syslog.yml @@ -24,6 +24,6 @@ path: /releases/- value: name: syslog - sha1: 34173899e9bc5f2ad1c37ea7c9cdcdb5e36c2e21 - url: https://bosh.io/d/github.com/cloudfoundry/syslog-release?v=12.2.5 - version: 12.2.5 + sha1: 17dcdf7b4c65ea59dd7f8aa845171c80f950ade0 + url: https://bosh.io/d/github.com/cloudfoundry/syslog-release?v=12.3.3 + version: 12.3.3 diff --git a/cf-deployment/operations/backup-and-restore/enable-backup-restore.yml b/cf-deployment/operations/backup-and-restore/enable-backup-restore.yml index d60b8250..6b5822d2 100644 --- a/cf-deployment/operations/backup-and-restore/enable-backup-restore.yml +++ b/cf-deployment/operations/backup-and-restore/enable-backup-restore.yml @@ -2,9 +2,9 @@ path: /releases/- value: name: backup-and-restore-sdk - sha1: 9750be87e6d2b85e720aea72db42612ad6615b03 - url: https://bosh.io/d/github.com/cloudfoundry-incubator/backup-and-restore-sdk-release?v=1.19.16 - version: 1.19.16 + sha1: 817a1c6ad5d23a5adea1ada52bfa13543392a11b + url: https://bosh.io/d/github.com/cloudfoundry-incubator/backup-and-restore-sdk-release?v=1.19.36 + version: 1.19.36 - type: replace path: /instance_groups/- value: @@ -30,7 +30,7 @@ properties: release_level_backup: true release: credhub - - name: cf-cli-6-linux + - name: cf-cli-8-linux release: cf-cli name: backup-restore networks: diff --git a/cf-deployment/operations/bosh-lite.yml b/cf-deployment/operations/bosh-lite.yml index 2a5dc198..2079443b 100644 --- a/cf-deployment/operations/bosh-lite.yml +++ b/cf-deployment/operations/bosh-lite.yml @@ -106,6 +106,11 @@ path: /instance_groups/name=credhub/instances value: 1 +# ----- Change VM type "medium" to "small" ------ +- type: replace + path: /instance_groups/name=nats/vm_type? + value: small + # ----- Reduce default app memory to 256M ------ - type: replace path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_app_memory? diff --git a/cf-deployment/operations/community/README.md b/cf-deployment/operations/community/README.md index e89f0d77..c8d755eb 100644 --- a/cf-deployment/operations/community/README.md +++ b/cf-deployment/operations/community/README.md @@ -15,5 +15,3 @@ Included in this directory is a collection of ops files submitted by the CF comm | --- | --- | --- | | [`change-metron-agent-deployment.yml`](change-metron-agent-deployment.yml) | [SAP SE](https://www.sap.com/) - submitted by [jsievers](https://github.com/jsievers) | Adds an ops file for changing the metron agent deployment property in all jobs | | [`use-haproxy.yml`](use-haproxy.yml) | [Stark & Wayne](https://www.starkandwayne.com/) - submitted by [rkoster](https://github.com/rkoster) | Adds https://github.com/cloudfoundry-incubator/haproxy-boshrelease as a load balancer for environments without IaaS provided load blancers. | -| [`use-community-postgres.yml`](use-community-postgres.yml) | [Stark & Wayne](https://www.starkandwayne.com/) - submitted by [rkoster](https://github.com/rkoster) | Uses https://github.com/cloudfoundry-community/postgres-boshrelease as sql database, this release allows upgrading to HA mode. This file depends on [use-postgres.yml](../use-postgres.yml) | -| [`use-community-postgres-ha.yml`](use-community-postgres.yml) | [Stark & Wayne](https://www.starkandwayne.com/) - submitted by [rkoster](https://github.com/rkoster) | Enables HA mode for community-postgres, depends on [use-community-postgres.yml](./use-community-postgres.yml). | diff --git a/cf-deployment/operations/community/use-community-postgres-ha.yml b/cf-deployment/operations/community/use-community-postgres-ha.yml deleted file mode 100644 index 3e99e1d5..00000000 --- a/cf-deployment/operations/community/use-community-postgres-ha.yml +++ /dev/null @@ -1,24 +0,0 @@ -- type: replace - path: /instance_groups/name=database/instances - value: 2 - -- type: replace - path: /instance_groups/name=database/jobs/- - value: - name: vip - release: community-postgres - properties: - port: 5524 - backend_port: 6432 - readonly_port: 7432 - keepalived: - enabled: false - vip: "not used but required" - -- type: replace - path: /instance_groups/name=database/jobs/name=postgres/properties/postgres/config/port - value: 6432 - -- type: replace - path: /instance_groups/name=database/jobs/name=postgres/properties/postgres/replication?/enabled - value: true diff --git a/cf-deployment/operations/community/use-community-postgres.yml b/cf-deployment/operations/community/use-community-postgres.yml deleted file mode 100644 index 8bb88b80..00000000 --- a/cf-deployment/operations/community/use-community-postgres.yml +++ /dev/null @@ -1,95 +0,0 @@ -- type: replace - path: /releases/name=postgres - value: - name: community-postgres - version: "3.2.0" - url: https://github.com/cloudfoundry-community/postgres-boshrelease/releases/download/v3.2.0/postgres-3.2.0.tgz - sha1: 470c2b6d98d988ad9dc36dedcd8133e247de63f7 - -- type: remove - path: /instance_groups/name=database/migrated_from - -- type: replace - path: /instance_groups/name=database/instances - value: 1 - -- type: replace - path: /instance_groups/name=database/jobs - value: - - name: postgres - release: community-postgres - properties: - postgres: - config: - port: 5524 - listen_addresses: '*' - max_connections: 100 - replication: - enabled: false - hba: - - host all all 0.0.0.0/0 md5 - - host all all ::/0 md5 - - users: - - username: cloud_controller - password: ((cc_database_password)) - - username: uaa - password: ((uaa_database_password)) - - username: diego - password: ((diego_database_password)) - - username: routing-api - password: ((routing_api_database_password)) - - username: network_policy - password: ((network_policy_database_password)) - - username: network_connectivity - password: ((network_connectivity_database_password)) - - username: locket - password: ((locket_database_password)) - - username: credhub - password: ((credhub_database_password)) - - databases: - - name: cloud_controller - users: [cloud_controller] - extensions: [citext, pgcrypto] - - name: uaa - users: [uaa] - extensions: [citext, pgcrypto] - - name: diego - users: [diego] - extensions: [citext, pgcrypto] - - name: routing-api - users: [routing-api] - extensions: [citext, pgcrypto] - - name: network_policy - users: [network_policy] - extensions: [citext, pgcrypto] - - name: network_connectivity - users: [network_connectivity] - extensions: [citext, pgcrypto] - - name: locket - users: [locket] - extensions: [citext, pgcrypto] - - name: credhub - users: [credhub] - extensions: [citext, pgcrypto] - -- type: replace - path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaadb/address? - value: sql-db.service.cf.internal - -- type: replace - path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/ccdb/address? - value: sql-db.service.cf.internal - -- type: replace - path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/ccdb/address? - value: sql-db.service.cf.internal - -- type: replace - path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/ccdb/address? - value: sql-db.service.cf.internal - -- type: replace - path: /instance_groups/name=scheduler/jobs/name=cc_deployment_updater/properties/ccdb/address? - value: sql-db.service.cf.internal diff --git a/cf-deployment/operations/community/use-haproxy.yml b/cf-deployment/operations/community/use-haproxy.yml index bb35c3fd..77dac5f3 100644 --- a/cf-deployment/operations/community/use-haproxy.yml +++ b/cf-deployment/operations/community/use-haproxy.yml @@ -2,9 +2,9 @@ path: /releases/- value: name: haproxy - sha1: 01ea55b2fc40f2085d90484886c8d11950232dbb - url: https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=14.0.0%2B2.8.9 - version: 14.0.0+2.8.9 + sha1: ec3c14969efbe9dc2c0360191217fb34dc6727c1 + url: https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=14.3.0%2B2.8.10 + version: 14.3.0+2.8.10 - type: replace path: /instance_groups/name=smoke-tests value: diff --git a/cf-deployment/operations/disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml b/cf-deployment/operations/disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml new file mode 100644 index 00000000..bc1da4fe --- /dev/null +++ b/cf-deployment/operations/disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml @@ -0,0 +1,4 @@ +--- +- type: replace + path: /instance_groups/name=isolated-diego-cell/jobs/name=rep/properties/containers/proxy/enable_unproxied_port_mappings? + value: true diff --git a/cf-deployment/operations/disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml b/cf-deployment/operations/disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml new file mode 100644 index 00000000..482e87e5 --- /dev/null +++ b/cf-deployment/operations/disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml @@ -0,0 +1,4 @@ +--- +- type: replace + path: /instance_groups/name=isolated-diego-cell/jobs/name=route_emitter/properties/tcp/enable_tls? + value: false diff --git a/cf-deployment/operations/disable-tls-tcp-routing-stage-1-unproxied-ports.yml b/cf-deployment/operations/disable-tls-tcp-routing-stage-1-unproxied-ports.yml new file mode 100644 index 00000000..f7ecdc78 --- /dev/null +++ b/cf-deployment/operations/disable-tls-tcp-routing-stage-1-unproxied-ports.yml @@ -0,0 +1,4 @@ +--- +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/proxy/enable_unproxied_port_mappings? + value: true diff --git a/cf-deployment/operations/disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml b/cf-deployment/operations/disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml new file mode 100644 index 00000000..7c87c771 --- /dev/null +++ b/cf-deployment/operations/disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml @@ -0,0 +1,8 @@ +--- +- type: replace + path: /instance_groups/name=tcp-router/jobs/name=tcp_router/properties/tcp_router/backend_tls?/enabled + value: false + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/tcp/enable_tls? + value: false diff --git a/cf-deployment/operations/enable-nfs-ldap.yml b/cf-deployment/operations/enable-nfs-ldap.yml index 64ca59b4..414fedd0 100644 --- a/cf-deployment/operations/enable-nfs-ldap.yml +++ b/cf-deployment/operations/enable-nfs-ldap.yml @@ -20,6 +20,9 @@ - type: replace path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/allowed-in-source? value: "" +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_ca_cert? + value: ((ldap_server_ssl.ca)) - type: replace path: /instance_groups/name=nfs-broker-push/jobs/name=nfsbrokerpush/properties/nfsbrokerpush/ldap_enabled? value: true diff --git a/cf-deployment/operations/enable-nfs-volume-service.yml b/cf-deployment/operations/enable-nfs-volume-service.yml index 82a4bb43..d6576c3d 100644 --- a/cf-deployment/operations/enable-nfs-volume-service.yml +++ b/cf-deployment/operations/enable-nfs-volume-service.yml @@ -64,7 +64,7 @@ nfsbrokerpush: as: ignore-me release: nfs-volume - - name: cf-cli-7-linux + - name: cf-cli-8-linux release: cf-cli lifecycle: errand name: nfs-broker-push @@ -147,13 +147,13 @@ path: /releases/- value: name: nfs-volume - sha1: 17b321ae8fd82d4c383915033f53a3963c4505ac - url: https://bosh.io/d/github.com/cloudfoundry/nfs-volume-release?v=7.1.66 - version: 7.1.66 + sha1: eb323c4732558405a699861eff4e241bc226bac0 + url: https://bosh.io/d/github.com/cloudfoundry/nfs-volume-release?v=7.5.0 + version: 7.5.0 - type: replace path: /releases/name=mapfs? value: name: mapfs - sha1: e814d97f941dd588c10939a915a2ed6ae55607f8 - url: https://bosh.io/d/github.com/cloudfoundry/mapfs-release?v=1.2.71 - version: 1.2.71 + sha1: dc17a8963ad9b9771a90d5c260102ecd0e14175d + url: https://bosh.io/d/github.com/cloudfoundry/mapfs-release?v=1.4.0 + version: 1.4.0 diff --git a/cf-deployment/operations/enable-smb-volume-service.yml b/cf-deployment/operations/enable-smb-volume-service.yml index 1573343f..0e74f847 100644 --- a/cf-deployment/operations/enable-smb-volume-service.yml +++ b/cf-deployment/operations/enable-smb-volume-service.yml @@ -57,7 +57,7 @@ syslog_url: "" username: smb-broker release: smb-volume - - name: cf-cli-7-linux + - name: cf-cli-8-linux release: cf-cli lifecycle: errand name: smb-broker-push @@ -129,6 +129,6 @@ path: /releases/- value: name: smb-volume - sha1: 75f1f8d4af235192bb231a42d3549f8fe27dd6c8 - url: https://bosh.io/d/github.com/cloudfoundry/smb-volume-release?v=3.1.69 - version: 3.1.69 + sha1: a9401517310a73f5a4aec4839d31749ae5eccbd9 + url: https://bosh.io/d/github.com/cloudfoundry/smb-volume-release?v=3.5.0 + version: 3.5.0 diff --git a/cf-deployment/operations/example-vars-files/vars-enable-nfs-ldap.yml b/cf-deployment/operations/example-vars-files/vars-enable-nfs-ldap.yml index 5f1315b6..376023e9 100644 --- a/cf-deployment/operations/example-vars-files/vars-enable-nfs-ldap.yml +++ b/cf-deployment/operations/example-vars-files/vars-enable-nfs-ldap.yml @@ -4,4 +4,9 @@ nfs-ldap-service-password: password nfs-ldap-host: host nfs-ldap-port: port nfs-ldap-proto: proto -nfs-ldap-fqdn: fqdn \ No newline at end of file +nfs-ldap-fqdn: fqdn +ldap_server_ssl: + ca: | + -----BEGIN CERTIFICATE----- + meow + -----END CERTIFICATE----- diff --git a/cf-deployment/operations/experimental/README.md b/cf-deployment/operations/experimental/README.md index a0b8644a..a3188ca1 100644 --- a/cf-deployment/operations/experimental/README.md +++ b/cf-deployment/operations/experimental/README.md @@ -15,12 +15,15 @@ This is the README for Experimental Ops-files. To learn more about `cf-deploymen |:--- |:--- |:--- |:--- | | [`add-cflinuxfs4.yml`](add-cflinuxfs4.yml) | Add [cflinuxfs4](https://github.com/cloudfoundry/cflinuxfs4) stack. | ***Deprecated as we integrate cflinuxfs4 directly into cf-deployment.yml*** | **NO** | | [`add-metric-store.yml`](add-metric-store.yml) | **PROMOTED: use `../use-metric-store.yml`** | | **NO** | -| [`add-otel-collector.yml`](add-otel-collector.yml) | Adds an OTel Collector to all Linux VMs to egress metrics through the provided exporters. | `metric_exporters` must be filled in with valid OTel Collector Exporter configuration. | **NO** | -| [`add-otel-collector-windows.yml`](add-otel-collector-windows.yml) | Adds an OTel Collector to all Windows 2019 VMs to egress metrics through the provided exporters. | `metric_exporters` must be filled in with valid OTel Collector Exporter configuration.. Requires `./add-otel-collector.yml` and `../windows2019-cell.yml`. | **NO** | +| [`add-otel-collector.yml`](add-otel-collector.yml) | Adds an [OpenTelemetry Collector](https://opentelemetry.io/docs/collector/) to all Linux VMs to egress metrics and traces. | `otel_collector_config` must be filled in with valid OTel Collector configuration. | **NO** | +| [`add-otel-collector-windows.yml`](add-otel-collector-windows.yml) | Adds an [OpenTelemetry Collector](https://opentelemetry.io/docs/collector/) to all Windows 2019 VMs to egress metrics and traces. | `otel_collector_config` must be filled in with valid OTel Collector configuration. Requires `./add-otel-collector.yml` and `../windows2019-cell.yml`. | **NO** | | [`add-system-metrics-agent.yml`](add-system-metrics-agent.yml) | **PROMOTED: use `../addons/add-system-metrics-agent.yml`** | | **NO** | | [`add-system-metrics-agent-windows2019.yml`](add-system-metrics-agent-windows2019.yml) | **PROMOTED: use `../addons/add-system-metrics-agent-windows2019.yml`** | | **NO** | | [`colocate-smoke-tests-on-cc-worker.yml`](colocate-smoke-tests-on-cc-worker.yml) | Colocate the smoke_tests job on the cc-worker instance | A number of other operations files reference this instance group and may be incompatible with this operations file. Use `find ./operations/ -name "*.yml" | xargs grep "/instance_groups/name=smoke-tests"` to locate said files. | **YES** | -| [`disable-interpolate-service-bindings.yml`](disable-interpolate-service-bindings.yml) | Disables the interpolation of CredHub service credentials by Cloud Controller. | | **NO** | +| [`disable-interpolate-service-bindings.yml`](disable-interpolate-service-bindings.yml) | Disables the interpolation of CredHub service credentials by Cloud Controller. | | **YES** | +| [`disable-cf-credhub.yml`](disable-cf-credhub.yml) | Completely removes the CF CredHub instances, UAA clients, credentials and certificates. Can be used to save cost if you don't use CredHub to store service credentials. | | **YES** | +| [`disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml`](disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml) | Stage 1 deployment for disabling TLS for TCP Routes on Windows Diego Cells. See [configuring TCP routes](https://docs.cloudfoundry.org/adminguide/enabling-tcp-routing.html#tls-tcp-routes) for more info. | | **NO ** | +| [`disable-tls-tcp-routing-windows-stage-2-route-emitter.yml`](disable-tls-tcp-routing-windows-stage-2-route-emitter.yml) | Stage 2 deployment for disabling TLS for TCP Routes on Windows Diego Cells. See [configuring TCP routes](https://docs.cloudfoundry.org/adminguide/enabling-tcp-routing.html#tls-tcp-routes) for more info. | | **NO ** | | [`enable-app-log-rate-limiting.yml`](enable-app-log-rate-limiting.yml) | Enable rate limiting for number of logs generated by the application. | Introduces variable `app_log_rate_limit`. | **NO** | | [`enable-app-log-rate-limiting-windows2019.yml`](enable-app-log-rate-limiting-windows2019.yml) | Enable rate limiting for number of logs generated by the application. | Introduces variable `app_log_rate_limit`. Requires `../windows2019-cell.yml` | **NO** | | [`enable-bpm-garden.yml`](enable-bpm-garden.yml) | Enables the [BOSH Process Manager](https://github.com/cloudfoundry-incubator/bpm-release) for Garden. | This ops file **cannot** be deployed in conjunction with `enable-oci-phase-1.yml`. | **NO** | diff --git a/cf-deployment/operations/experimental/add-otel-collector-windows.yml b/cf-deployment/operations/experimental/add-otel-collector-windows.yml index 8c690cd3..629e8439 100644 --- a/cf-deployment/operations/experimental/add-otel-collector-windows.yml +++ b/cf-deployment/operations/experimental/add-otel-collector-windows.yml @@ -9,12 +9,8 @@ - name: otel-collector-windows release: otel-collector properties: - # Insert OTel Collector Exporter configuration - # See https://opentelemetry.io/docs/collector/configuration/#exporters - # For example: - # otlp: - # endpoint: otelcol2:4317 - metric_exporters: ((otel_collector_metric_exporters)) + # https://opentelemetry.io/docs/collector/configuration/ + config: ((otel_collector_config)) ingress: grpc: tls: diff --git a/cf-deployment/operations/experimental/add-otel-collector.yml b/cf-deployment/operations/experimental/add-otel-collector.yml index a7f827b0..3c8ef8ec 100644 --- a/cf-deployment/operations/experimental/add-otel-collector.yml +++ b/cf-deployment/operations/experimental/add-otel-collector.yml @@ -11,13 +11,13 @@ jobs: - name: otel-collector properties: + config: ((otel_collector_config)) ingress: grpc: tls: ca_cert: ((otel_collector_tls.ca)) cert: ((otel_collector_tls.certificate)) key: ((otel_collector_tls.private_key)) - metric_exporters: ((otel_collector_metric_exporters)) release: otel-collector name: otel-collector - type: replace @@ -38,6 +38,6 @@ path: /releases/name=otel-collector? value: name: otel-collector - sha1: f785398b733bfd555710534320f1a7694ae1e344 - url: https://bosh.io/d/github.com/cloudfoundry/otel-collector-release?v=0.4.1 - version: 0.4.1 + sha1: 7b534dbe5a8cdf6c7cefa94fc2ca22f077fb2be8 + url: https://bosh.io/d/github.com/cloudfoundry/otel-collector-release?v=0.11.0 + version: 0.11.0 diff --git a/cf-deployment/operations/experimental/disable-cf-credhub.yml b/cf-deployment/operations/experimental/disable-cf-credhub.yml new file mode 100644 index 00000000..0fc97b4f --- /dev/null +++ b/cf-deployment/operations/experimental/disable-cf-credhub.yml @@ -0,0 +1,36 @@ +# Instance Group +- type: remove + path: /instance_groups/name=credhub + +# Release +- type: remove + path: /releases/name=credhub + +# UAA clients +- type: remove + path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cc_service_key_client? +- type: remove + path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/credhub_admin_client +- type: replace + path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/uaa/clients/cc_service_key_client/secret + value: x + +# Properties +- type: remove + path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/credhub_api +- type: remove + path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs/1 +- type: remove + path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates/1 + +# Vars +- type: remove + path: /variables/name=credhub_encryption_password +- type: remove + path: /variables/name=credhub_admin_client_secret +- type: remove + path: /variables/name=credhub_ca +- type: remove + path: /variables/name=credhub_tls +- type: remove + path: /variables/name=uaa_clients_cc_service_key_client_secret \ No newline at end of file diff --git a/cf-deployment/operations/experimental/disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml b/cf-deployment/operations/experimental/disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml new file mode 100644 index 00000000..fffa15a3 --- /dev/null +++ b/cf-deployment/operations/experimental/disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml @@ -0,0 +1,4 @@ +--- +- type: replace + path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers/proxy/enable_unproxied_port_mappings? + value: true diff --git a/cf-deployment/operations/experimental/disable-tls-tcp-routing-windows-stage-2-route-emitter.yml b/cf-deployment/operations/experimental/disable-tls-tcp-routing-windows-stage-2-route-emitter.yml new file mode 100644 index 00000000..b39d40f2 --- /dev/null +++ b/cf-deployment/operations/experimental/disable-tls-tcp-routing-windows-stage-2-route-emitter.yml @@ -0,0 +1,4 @@ +--- +- type: replace + path: /instance_groups/name=windows2019-cell/jobs/name=route_emitter_windows/properties/tcp/enable_tls? + value: false diff --git a/cf-deployment/operations/experimental/enable-nginx-routing-integrity-windows2019.yml b/cf-deployment/operations/experimental/enable-nginx-routing-integrity-windows2019.yml index d0a70905..d8c74eca 100644 --- a/cf-deployment/operations/experimental/enable-nginx-routing-integrity-windows2019.yml +++ b/cf-deployment/operations/experimental/enable-nginx-routing-integrity-windows2019.yml @@ -1,6 +1,9 @@ - type: replace path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/enabled value: true +- type: replace + path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/enable_unproxied_port_mappings + value: false - type: replace path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/require_and_verify_client_certificates value: true @@ -9,11 +12,16 @@ value: - ((gorouter_backend_tls.ca)) - ((ssh_proxy_backends_tls.ca)) + ((tcp_router_backend_tls.ca)) - type: replace path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/verify_subject_alt_name value: - gorouter.service.cf.internal - ssh-proxy.service.cf.internal + - tcp-router.service.cf.internal +- type: replace + path: /instance_groups/name=windows2019-cell/jobs/name=route_emitter_windows/properties/tcp?/enable_tls + value: true - type: replace path: /instance_groups/name=windows2019-cell/jobs/- value: @@ -23,6 +31,6 @@ path: /releases/name=envoy-nginx? value: name: envoy-nginx - sha1: 60a3a8b13938856f1ada7efbf7ae2d4134e465f2 - url: https://bosh.io/d/github.com/cloudfoundry-incubator/envoy-nginx-release?v=0.25.0 - version: 0.25.0 + sha1: 7a4a575262b1a7cbf582302ee8e1f11d6e31fc21 + url: https://bosh.io/d/github.com/cloudfoundry-incubator/envoy-nginx-release?v=0.29.0 + version: 0.29.0 diff --git a/cf-deployment/operations/experimental/example-vars-files/vars-override-otel-collector-exporters.yml b/cf-deployment/operations/experimental/example-vars-files/vars-override-otel-collector-exporters.yml index d13585ca..0953d2e8 100644 --- a/cf-deployment/operations/experimental/example-vars-files/vars-override-otel-collector-exporters.yml +++ b/cf-deployment/operations/experimental/example-vars-files/vars-override-otel-collector-exporters.yml @@ -1,6 +1,38 @@ --- -otel_collector_metric_exporters: - file/test: - path: /tmp/otel-collector-file.log - otlp/test: - endpoint: otelcol:4317 +otel_collector_config: + receivers: + otlp/placeholder: # no need to change, receivers are filled in automatically by the release + + processors: + batch: + + exporters: + file/traces: + path: /tmp/otel-collector-traces.log + file/metrics: + path: /tmp/otel-collector-metrics.log + file/logs: + path: /tmp/otel-collector-logs.log + # otlp/test: + # endpoint: otelcol:4317 + + service: + pipelines: + traces: + receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release + processors: [batch] + exporters: + - file/traces + # - otlp/test + metrics: + receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release + processors: [batch] + exporters: + - file/metrics + # - otlp/test + logs: + receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release + processors: [batch] + exporters: + - file/logs + # - otlp/test diff --git a/cf-deployment/operations/experimental/use-compiled-releases-windows.yml b/cf-deployment/operations/experimental/use-compiled-releases-windows.yml index 85979a1f..9c9b49fd 100644 --- a/cf-deployment/operations/experimental/use-compiled-releases-windows.yml +++ b/cf-deployment/operations/experimental/use-compiled-releases-windows.yml @@ -2,20 +2,20 @@ path: /releases/name=diego value: name: diego - sha1: b0f6b9f60d441d80a45a4dcec5f90224b315704e - url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=2.99.0 - version: 2.99.0 + sha1: 2b859378fc80cc983fbc875ebf934d7a3eab66f1 + url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=2.105.0 + version: 2.105.0 - type: replace path: /releases/name=garden-runc value: name: garden-runc - sha1: 727479842888aa9752b0f556702d987424ef7254 - url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.53.0 - version: 1.53.0 + sha1: 56cb4687e28cfbb6ed90e0b5afe28c118b7e9c6e + url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.57.0 + version: 1.57.0 - type: replace path: /releases/name=loggregator-agent value: name: loggregator-agent - sha1: 4a65bd6a4e5585025fb1c24d7698057a091e1b50 - url: https://bosh.io/d/github.com/cloudfoundry/loggregator-agent-release?v=8.1.1 - version: 8.1.1 + sha1: a425e43b561f9df3fed255786424885ae12a5f80 + url: https://bosh.io/d/github.com/cloudfoundry/loggregator-agent-release?v=8.3.0 + version: 8.3.0 diff --git a/cf-deployment/operations/test/enable-nfs-test-ldapserver.yml b/cf-deployment/operations/test/enable-nfs-test-ldapserver.yml index 8719b1ed..4105509a 100644 --- a/cf-deployment/operations/test/enable-nfs-test-ldapserver.yml +++ b/cf-deployment/operations/test/enable-nfs-test-ldapserver.yml @@ -7,9 +7,9 @@ ldap: ssl: active: true - ca_cert: ((ldap_test_server_ssl.ca)) - server_cert: ((ldap_test_server_ssl.certificate)) - server_key: ((ldap_test_server_ssl.private_key)) + ca_cert: ((ldap_server_ssl.ca)) + server_cert: ((ldap_server_ssl.certificate)) + server_key: ((ldap_server_ssl.private_key)) - type: replace path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=nfstestldapserver.service.cf.internal? @@ -24,7 +24,7 @@ - type: replace path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_ca_cert? - value: ((ldap_test_server_ssl.ca)) + value: ((ldap_server_ssl.ca)) - type: replace path: /variables/- @@ -38,7 +38,7 @@ - type: replace path: /variables/- value: - name: ldap_test_server_ssl + name: ldap_server_ssl type: certificate update_mode: converge options: diff --git a/cf-deployment/operations/test/fips-stemcell.yml b/cf-deployment/operations/test/fips-stemcell.yml index 60ec3f79..20032605 100644 --- a/cf-deployment/operations/test/fips-stemcell.yml +++ b/cf-deployment/operations/test/fips-stemcell.yml @@ -3,4 +3,4 @@ value: alias: default os: ubuntu-jammy - version: "1.445" + version: "1.613" diff --git a/cf-deployment/operations/use-cflinuxfs4-compat.yml b/cf-deployment/operations/use-cflinuxfs4-compat.yml index d182aaeb..0f920869 100644 --- a/cf-deployment/operations/use-cflinuxfs4-compat.yml +++ b/cf-deployment/operations/use-cflinuxfs4-compat.yml @@ -13,6 +13,6 @@ path: /releases/name=cflinuxfs4 value: name: cflinuxfs4-compat - sha1: 811eeb1b8832159d90997e9c0134f8e6cea0b164 - url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs4-compat-release?v=1.95.0 - version: 1.95.0 + sha1: 2eee4fee54404c8a7965ec1bdd9d9517ff3993d4 + url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs4-compat-release?v=1.174.0 + version: 1.174.0 diff --git a/cf-deployment/operations/use-compiled-releases.yml b/cf-deployment/operations/use-compiled-releases.yml index f34108a2..af91a6f8 100644 --- a/cf-deployment/operations/use-compiled-releases.yml +++ b/cf-deployment/operations/use-compiled-releases.yml @@ -2,12 +2,12 @@ path: /releases/name=binary-buildpack value: name: binary-buildpack - sha1: 222ee842c72e6df82106f300868a0b688a137b34 + sha1: 1557903df162610192c8ee0a4f5b3f9a1e7040b7 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/binary-buildpack-1.1.11-ubuntu-jammy-1.423-20240417-182614-993178277.tgz - version: 1.1.11 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/binary-buildpack-1.1.14-ubuntu-jammy-1.423-20240924-143448-104461011.tgz + version: 1.1.14 - type: replace path: /releases/name=bosh-dns-aliases value: @@ -22,279 +22,279 @@ path: /releases/name=bpm value: name: bpm - sha1: d4a2b680f9c4f3aa6dd6fa84498599a402efd0fc + sha1: 6f08e0c196357f586c7470e226850da5b5ab2b60 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/bpm-1.2.19-ubuntu-jammy-1.423-20240507-202357-343501521.tgz - version: 1.2.19 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/bpm-1.4.1-ubuntu-jammy-1.423-20241011-205840-081445412.tgz + version: 1.4.1 - type: replace path: /releases/name=capi value: name: capi - sha1: 170bebd99b2a75834252aa34e5e5558668ea757d + sha1: bbd9fa3c438e74dc68fc6f78c269d5f04c9a0cc2 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/capi-1.181.0-ubuntu-jammy-1.423-20240517-102150-738255687.tgz - version: 1.181.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/capi-1.195.0-ubuntu-jammy-1.423-20241017-164419-782544834.tgz + version: 1.195.0 - type: replace path: /releases/name=cf-cli value: name: cf-cli - sha1: 073b364d94fd5f06e7d9622be03dd90f2b2928c2 + sha1: 22f5d44f38adba3e88d13a02364fe273963882db stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/cf-cli-1.63.0-ubuntu-jammy-1.423-20240411-190633-624363411.tgz - version: 1.63.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/cf-cli-1.67.0-ubuntu-jammy-1.423-20240920-173853-266809208.tgz + version: 1.67.0 - type: replace path: /releases/name=cf-networking value: name: cf-networking - sha1: 925b46b39c0603c12898c82d52bb5aa957e0c62e + sha1: 2e3edeb586d9e3ff6cff69329ee143cbbd40b5e5 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/cf-networking-3.46.0-ubuntu-jammy-1.423-20240416-181910-293726708.tgz - version: 3.46.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/cf-networking-3.52.0-ubuntu-jammy-1.423-20241003-142956-103077961.tgz + version: 3.52.0 - type: replace path: /releases/name=cf-smoke-tests value: name: cf-smoke-tests - sha1: 72a09164a4485781762e5073a372d17885cb04a7 + sha1: 23dae4f8923aaa916c9e278867649d3fd4d67145 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/cf-smoke-tests-42.0.146-ubuntu-jammy-1.423-20240507-222102-228538374.tgz - version: 42.0.146 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/cf-smoke-tests-42.0.171-ubuntu-jammy-1.423-20241007-204123-263207866.tgz + version: 42.0.171 - type: replace path: /releases/name=cflinuxfs4 value: name: cflinuxfs4 - sha1: 2dfc636bf3db86c0fd2b018aea6652b4416f2ec2 + sha1: 46455ce0e19bfd86ec8b4ce3f5695c796954bb97 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/cflinuxfs4-1.95.0-ubuntu-jammy-1.423-20240426-063257-686570687.tgz - version: 1.95.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/cflinuxfs4-1.174.0-ubuntu-jammy-1.423-20241018-173154-598225814.tgz + version: 1.174.0 - type: replace path: /releases/name=credhub value: name: credhub - sha1: d65bb458df17456886999003bdebb42d5134e618 + sha1: 6db4a1a3ca7709da6b52fc35f3138572d77206b1 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/credhub-2.12.74-ubuntu-jammy-1.423-20240517-105456-533627002.tgz - version: 2.12.74 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/credhub-2.12.93-ubuntu-jammy-1.423-20241003-210254-935829183.tgz + version: 2.12.93 - type: replace path: /releases/name=diego value: name: diego - sha1: d3710226f8ac7439d7f51709234c16616b5526bf + sha1: 749b6b488fad45ece10334c3dd014617d380a5da stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/diego-2.99.0-ubuntu-jammy-1.423-20240510-010338-130487686.tgz - version: 2.99.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/diego-2.105.0-ubuntu-jammy-1.423-20241001-143658-374723772.tgz + version: 2.105.0 - type: replace path: /releases/name=dotnet-core-buildpack value: name: dotnet-core-buildpack - sha1: 7ac618107c7487eb8d30c96eae2a67e62eb81506 + sha1: 19fbb9d702fa2b4923300d0a0861777e8fdf0489 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/dotnet-core-buildpack-2.4.27-ubuntu-jammy-1.423-20240417-182825-107321702.tgz - version: 2.4.27 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/dotnet-core-buildpack-2.4.33-ubuntu-jammy-1.423-20240923-160912-844487009.tgz + version: 2.4.33 - type: replace path: /releases/name=garden-runc value: name: garden-runc - sha1: 1d4fa93c304a9d198f423a89a24075e1c1aa9c22 + sha1: 22401cac1b01ada1bdfe1a3bd6829141080a1f93 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/garden-runc-1.53.0-ubuntu-jammy-1.423-20240517-102300-392121496.tgz - version: 1.53.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/garden-runc-1.57.0-ubuntu-jammy-1.423-20241002-140324-792373103.tgz + version: 1.57.0 - type: replace path: /releases/name=go-buildpack value: name: go-buildpack - sha1: ae99a5fe202e3c3893ec7e194420517237f47f2f + sha1: ca06297dd7314ebcd23d3cca1a7aae0335873a91 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/go-buildpack-1.10.18-ubuntu-jammy-1.423-20240417-165336-715962331.tgz - version: 1.10.18 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/go-buildpack-1.10.23-ubuntu-jammy-1.423-20240923-160953-24373462.tgz + version: 1.10.23 - type: replace path: /releases/name=java-buildpack value: name: java-buildpack - sha1: d0efb471b55645b0997f9406dd9f110f8294f4a3 + sha1: 2220207615b4815f5df9da0511f28f064b29b9d3 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/java-buildpack-4.69.0-ubuntu-jammy-1.423-20240517-090105-805555195.tgz - version: 4.69.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/java-buildpack-4.71.0-ubuntu-jammy-1.423-20240722-175326-038686651.tgz + version: 4.71.0 - type: replace path: /releases/name=log-cache value: name: log-cache - sha1: 34c6e875eb8346093699cc2f8153ff3ee2d7aca5 + sha1: 7046402ad120b1d9ab10289ff98d5d67f94e1f0d stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/log-cache-3.0.11-ubuntu-jammy-1.423-20240411-190816-297051135.tgz - version: 3.0.11 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/log-cache-3.1.5-ubuntu-jammy-1.423-20240918-013021-94116952.tgz + version: 3.1.5 - type: replace path: /releases/name=loggregator value: name: loggregator - sha1: 24570f9d1ff60d3631b7e207442293ed84b8ec84 + sha1: 610be8e033174ed032424fd97a112a3886b795c5 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/loggregator-107.0.14-ubuntu-jammy-1.423-20240412-090658-444667843.tgz - version: 107.0.14 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/loggregator-107.0.17-ubuntu-jammy-1.423-20240917-043855-457394598.tgz + version: 107.0.17 - type: replace path: /releases/name=loggregator-agent value: name: loggregator-agent - sha1: c81aff83717bfdc38b54adef5679b65a171e7692 + sha1: 0c90fee9fbf72db7370134fd644179d419feda40 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/loggregator-agent-8.1.1-ubuntu-jammy-1.423-20240501-210159-981658284.tgz - version: 8.1.1 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/loggregator-agent-8.3.0-ubuntu-jammy-1.423-20241003-204713-514601219.tgz + version: 8.3.0 - type: replace path: /releases/name=nats value: name: nats - sha1: 1fafc800c68ec2c298f54727dd78cfc03e4280f3 + sha1: a5ac49d0ab500280f2c39f2880f6ca3dc7a4bf43 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/nats-56.19.0-ubuntu-jammy-1.423-20240415-233255-266701048.tgz - version: 56.19.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/nats-56.25.0-ubuntu-jammy-1.423-20240925-182032-04386671.tgz + version: 56.25.0 - type: replace path: /releases/name=nginx-buildpack value: name: nginx-buildpack - sha1: 9699ce2cb1c36a983e1a01a78c29584d3fe14e85 + sha1: 3ac9d7c95db26fdccdc624a325064651e16d422e stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/nginx-buildpack-1.2.13-ubuntu-jammy-1.423-20240417-164947-213711733.tgz - version: 1.2.13 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/nginx-buildpack-1.2.19-ubuntu-jammy-1.423-20240918-160436-455322642.tgz + version: 1.2.19 - type: replace path: /releases/name=nodejs-buildpack value: name: nodejs-buildpack - sha1: 150eaddf1906c734712f96ae8edb2392d4d85582 + sha1: 31676aa8b256a5b77a4cf98b0b9cdcc6e9a20f18 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/nodejs-buildpack-1.8.24-ubuntu-jammy-1.423-20240419-170922-757682216.tgz - version: 1.8.24 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/nodejs-buildpack-1.8.29-ubuntu-jammy-1.423-20240923-160937-328963388.tgz + version: 1.8.29 - type: replace path: /releases/name=php-buildpack value: name: php-buildpack - sha1: f372d809130cee616295ad69aa8b46e47345e86b + sha1: 72896ebe202025c308a3f1363c877ea696ec04ba stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/php-buildpack-4.6.18-ubuntu-jammy-1.423-20240419-171123-005795859.tgz - version: 4.6.18 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/php-buildpack-4.6.23-ubuntu-jammy-1.423-20240826-193918-66216562.tgz + version: 4.6.23 - type: replace path: /releases/name=pxc value: name: pxc - sha1: 1f2c522593f3ebc8a06d0c25937c7ce975fef8bb + sha1: 18724fe0553e107829ee71008bdbb2ae1808ccf1 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/pxc-1.0.28-ubuntu-jammy-1.423-20240508-185438-781049396.tgz - version: 1.0.28 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/pxc-1.0.31-ubuntu-jammy-1.423-20240828-192151-386084543.tgz + version: 1.0.31 - type: replace path: /releases/name=python-buildpack value: name: python-buildpack - sha1: de47f5a31d39ad449e25cf5efa624f9af418e608 + sha1: cb6434a245db0ddf00f48fa7d840a063e844725a stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/python-buildpack-1.8.23-ubuntu-jammy-1.423-20240419-171223-520229223.tgz - version: 1.8.23 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/python-buildpack-1.8.29-ubuntu-jammy-1.423-20240918-155451-195922855.tgz + version: 1.8.29 - type: replace path: /releases/name=r-buildpack value: name: r-buildpack - sha1: 45b45a2841f55593823ea6578540e23a227d92af + sha1: 6149e871037c02c553ca783e5ddc4ff509cd5a7e stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/r-buildpack-1.2.11-ubuntu-jammy-1.423-20240419-170846-368509494.tgz - version: 1.2.11 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/r-buildpack-1.2.15-ubuntu-jammy-1.423-20240924-143308-784463763.tgz + version: 1.2.15 - type: replace path: /releases/name=routing value: name: routing - sha1: eeaf359e6b176615c97dbced057200c8dfe565ef + sha1: b043f098ddc59b6dc295b0a09e8deb450afa761e stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/routing-0.297.0-ubuntu-jammy-1.423-20240517-084828-832112583.tgz - version: 0.297.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/routing-0.316.0-ubuntu-jammy-1.423-20241017-230129-488485005.tgz + version: 0.316.0 - type: replace path: /releases/name=ruby-buildpack value: name: ruby-buildpack - sha1: b7229840d7dd36a75cfee5e05dc9858df7704339 + sha1: b69df4e4505bdc8cd64c1696f5e6e5e1dfdb5e03 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/ruby-buildpack-1.10.13-ubuntu-jammy-1.423-20240417-141929-452187355.tgz - version: 1.10.13 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/ruby-buildpack-1.10.18-ubuntu-jammy-1.423-20240923-160526-983584244.tgz + version: 1.10.18 - type: replace path: /releases/name=silk value: name: silk - sha1: c421f375b96363cd9a154e1886240f319a3ef435 + sha1: 586491e770b988e238346d3753a45f7ec71bcf28 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/silk-3.46.0-ubuntu-jammy-1.423-20240416-184337-835935404.tgz - version: 3.46.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/silk-3.52.0-ubuntu-jammy-1.423-20241003-144125-184557844.tgz + version: 3.52.0 - type: replace path: /releases/name=staticfile-buildpack value: name: staticfile-buildpack - sha1: 87de7303623b56bea5a5da6071b7cdfce8d138e9 + sha1: 93b7a09c72dfb39303d6061d1f28d7802f987359 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/staticfile-buildpack-1.6.12-ubuntu-jammy-1.423-20240417-142218-956244975.tgz - version: 1.6.12 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/staticfile-buildpack-1.6.17-ubuntu-jammy-1.423-20240924-143646-814724586.tgz + version: 1.6.17 - type: replace path: /releases/name=statsd-injector value: name: statsd-injector - sha1: 62574a2db79351515437d8a33bcd33b2a90bf3e8 + sha1: 938cb03d7116e2e671718c87051e8d830d1dbc08 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/statsd-injector-1.11.40-ubuntu-jammy-1.423-20240412-020943-572675899.tgz - version: 1.11.40 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/statsd-injector-1.11.43-ubuntu-jammy-1.423-20240918-185740-680612392.tgz + version: 1.11.43 - type: replace path: /releases/name=uaa value: name: uaa - sha1: 302afc695722126c75eff37846f51bb3e15bdca7 + sha1: 3740c997dc67cadba828d788c1146db30c708292 stemcell: os: ubuntu-jammy version: "1.423" - url: https://storage.googleapis.com/cf-deployment-compiled-releases/uaa-77.9.0-ubuntu-jammy-1.423-20240508-201350-68520791.tgz - version: 77.9.0 + url: https://storage.googleapis.com/cf-deployment-compiled-releases/uaa-77.17.0-ubuntu-jammy-1.423-20241008-154204-261373459.tgz + version: 77.17.0 diff --git a/cf-deployment/operations/use-haproxy.yml b/cf-deployment/operations/use-haproxy.yml index 57b59c10..4d22b680 100644 --- a/cf-deployment/operations/use-haproxy.yml +++ b/cf-deployment/operations/use-haproxy.yml @@ -2,9 +2,9 @@ path: /releases/- value: name: haproxy - sha1: 01ea55b2fc40f2085d90484886c8d11950232dbb - url: https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=14.0.0%2B2.8.9 - version: 14.0.0+2.8.9 + sha1: ec3c14969efbe9dc2c0360191217fb34dc6727c1 + url: https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=14.3.0%2B2.8.10 + version: 14.3.0+2.8.10 - type: remove path: /instance_groups/name=router/vm_extensions - type: remove diff --git a/cf-deployment/operations/use-metric-store.yml b/cf-deployment/operations/use-metric-store.yml index 20ec1adc..e9389f23 100644 --- a/cf-deployment/operations/use-metric-store.yml +++ b/cf-deployment/operations/use-metric-store.yml @@ -2,9 +2,9 @@ path: /releases/name=metric-store? value: name: metric-store - sha1: b088bc721842f3d607d23486e2d441d21d61b0d1 - url: https://bosh.io/d/github.com/cloudfoundry/metric-store-release?v=1.6.1 - version: 1.6.1 + sha1: 476413ba8645c4fd28ea02dcbbe6291d2b485c7f + url: https://bosh.io/d/github.com/cloudfoundry/metric-store-release?v=1.7.0 + version: 1.7.0 - type: replace path: /instance_groups/name=metric-store? value: @@ -60,6 +60,11 @@ from: reverse_log_proxy name: metric-store-nozzle properties: + otel_provider: + tls: + ca_cert: ((metric_store_otel_provider.ca)) + cert: ((metric_store_otel_provider.certificate)) + key: ((metric_store_otel_provider.private_key)) logs_provider: tls: ca_cert: ((metric_store_to_logs_provider.ca)) @@ -151,6 +156,21 @@ - client_auth - server_auth type: certificate +- type: replace + path: /variables/name=metric_store_otel_provider? + value: + name: metric_store_otel_provider + options: + alternative_names: + - metric-store + - metric-store.service.internal + - localhost + ca: loggregator_ca + common_name: metric-store + extended_key_usage: + - client_auth + - server_auth + type: certificate - type: replace path: /variables/name=metric_store_ca? value: diff --git a/cf-deployment/operations/use-offline-windows2019fs.yml b/cf-deployment/operations/use-offline-windows2019fs.yml index 930de25d..410dacc8 100644 --- a/cf-deployment/operations/use-offline-windows2019fs.yml +++ b/cf-deployment/operations/use-offline-windows2019fs.yml @@ -13,4 +13,4 @@ path: /releases/name=windows2019fs? value: name: windows2019fs - version: 2.66.0 + version: 2.73.0 diff --git a/cf-deployment/operations/use-online-windows2019fs.yml b/cf-deployment/operations/use-online-windows2019fs.yml index a1c476d6..d9f41bc1 100644 --- a/cf-deployment/operations/use-online-windows2019fs.yml +++ b/cf-deployment/operations/use-online-windows2019fs.yml @@ -13,6 +13,6 @@ path: /releases/name=windowsfs? value: name: windowsfs - sha1: 3ea4003e42a5e433f1a93e44aa24a4b83c798218 - url: https://bosh.io/d/github.com/cloudfoundry/windowsfs-online-release?v=2.66.0 - version: 2.66.0 + sha1: 71e1dc4dcd1427a9d422f41b4f9f220d5f685fbe + url: https://bosh.io/d/github.com/cloudfoundry/windowsfs-online-release?v=2.73.0 + version: 2.73.0 diff --git a/cf-deployment/operations/use-postgres.yml b/cf-deployment/operations/use-postgres.yml index fcd82eed..e29e9b10 100644 --- a/cf-deployment/operations/use-postgres.yml +++ b/cf-deployment/operations/use-postgres.yml @@ -2,9 +2,9 @@ path: /releases/- value: name: postgres - sha1: 84ca2cd0773d2bcb92872773a330a5c087d9eebb - url: https://bosh.io/d/github.com/cloudfoundry/postgres-release?v=51 - version: "51" + sha1: c00282991b51ca0b3a7399c1c96fb18eff907659 + url: https://bosh.io/d/github.com/cloudfoundry/postgres-release?v=52 + version: "52" - type: remove path: /instance_groups/name=database/jobs/name=route_registrar - type: remove diff --git a/cf-deployment/operations/windows2019-cell.yml b/cf-deployment/operations/windows2019-cell.yml index 6ccedd80..da10cd30 100644 --- a/cf-deployment/operations/windows2019-cell.yml +++ b/cf-deployment/operations/windows2019-cell.yml @@ -86,6 +86,8 @@ client_cert: ((nats_client_cert.certificate)) client_key: ((nats_client_cert.private_key)) enabled: true + internal_routes: + enabled: true logging: format: timestamp: rfc3339 @@ -94,6 +96,11 @@ cert: ((loggregator_tls_agent.certificate)) key: ((loggregator_tls_agent.private_key)) use_v2_api: true + tcp: + enabled: true + uaa: + ca_cert: ((uaa_ssl.ca)) + client_secret: ((uaa_clients_tcp_emitter_secret)) release: diego - name: loggregator_agent_windows properties: @@ -175,7 +182,7 @@ value: alias: windows2019 os: windows2019 - version: "2019.73" + version: "2019.78" - path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/stacks/name=windows? type: replace value: @@ -200,16 +207,16 @@ type: replace value: name: hwc-buildpack - sha1: d79dc46ba0b69bfc900ee8d2f96c7e42aa44dd4c - url: https://bosh.io/d/github.com/cloudfoundry-incubator/hwc-buildpack-release?v=3.1.36 - version: 3.1.36 + sha1: f8c9ada22af7f5b0f22f4315fd90ac3fea6dbf92 + url: https://bosh.io/d/github.com/cloudfoundry-incubator/hwc-buildpack-release?v=3.1.38 + version: 3.1.38 - path: /releases/name=winc? type: replace value: name: winc - sha1: 5268822fa6b283463a51caba3c03f6a9dbda5543 - url: https://bosh.io/d/github.com/cloudfoundry-incubator/winc-release?v=2.24.0 - version: 2.24.0 + sha1: 0b217a694f1b8b39112b14442befe20d17afad6c + url: https://bosh.io/d/github.com/cloudfoundry-incubator/winc-release?v=2.29.0 + version: 2.29.0 - path: /releases/name=windows-utilities? type: replace value: diff --git a/overlay/upstream_version.yml b/overlay/upstream_version.yml index be1b8baf..0644184e 100644 --- a/overlay/upstream_version.yml +++ b/overlay/upstream_version.yml @@ -1,4 +1,4 @@ exodus: - cf-deployment-version: 40.12.0 - cf-deployment-date: 2024-Jul-08 16:15:51 UTC - cf-deployment-url: https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.12.0 + cf-deployment-version: 44.4.0 + cf-deployment-date: 2024-Nov-11 15:24:29 UTC + cf-deployment-url: https://github.com/cloudfoundry/cf-deployment/releases/tag/v44.4.0