Skip to content

Releases: cloudfoundry/cf-deployment

0.7.0

13 Jun 17:10
@dsabeti dsabeti
v0.7.0
8f6aa08
Compare
Choose a tag to compare
0.7.0

Manifest changes

  • UAA clients for TCP routing moved from cf-deployment.yml into tcp-routing-gcp.yml

Ops-files

New operations

  • use-external-cf-networking-dbs.yml allows use of external databases as the datastore for cf-networking.
  • configure-default-router-group.yml allows users to override the default reservable port range for the default-tcp router group.

Ops-file updates

  • use-cf-networking.yml
    • Updated to use silk stack (rather than flannel)
    • Removed unnecessary datadog UAA client
  • Locket ops-files seed databases with new locket database
  • tcp-routing-gcp.yml uses local TCP route emitters

Release & stemcell updates

Release/stemcell New version Old version
ubuntu-trusty 3421.6 3421.3
binary-buildpack-release 1.0.13 1.0.12
cflinuxfs2-release 1.130.0 1.127.0
dotnet-core-buildpack-release 1.0.19 1.0.18
garden-runc-release 1.8.0 1.7.0
go-buildpack-release 1.8.4 1.8.2
nodejs-buildpack-release 1.5.36 1.5.24
php-buildpack-release 4.3.34 4.3.33
python-buildpack-release 1.5.19 1.5.18
cf-routing-release 0.157.0 0.156.0
ruby-buildpack-release 1.6.40 1.6.39
java-buildpack-release 3.17 3.16
statsd-injector-release 1.0.28 1.0.27
cf-smoke-tests-release 26 23
diego-release 1.18.1 1.18.0
uaa-release 41 40
etcd-release 112 111

For releases introduced by ops files:

Release/stemcell New version Old version
cf-networking-release 1.0.0 0.25.0
Assets 2
Loading

0.5.0

06 Jun 21:10
@dsabeti dsabeti
v0.5.0
20cccb8
Compare
Choose a tag to compare
0.5.0

Manifest changes

  • Remove static IPs from NATS jobs
  • Remove reference to monolithic consul link
  • Disable TLS validation on cc-worker jobs
  • Clean up unnecessary vm_extensions

Ops-files

New operations

  • use-cf-networking-postgres.yml allows use of postgre-release as the datastore for cf-networking

Ops-file updates

  • use-cf-networking.yml
    • Updated to use silk stack (rather than flannel)
    • Removed unnecessary datadog UAA client
  • Locket ops-files seed databases with new locket database
  • tcp-routing-gcp.yml uses local TCP route emitters

Release & stemcell updates

Release/stemcell New version Old version
ubuntu-trusty 3421.3 3363.22
capi-release 1.30.0 1.28.0
cflinuxfs2-release 1.127.0 1.123.0
consul-release 170 167
diego-release 1.18.0 1.16.1
etcd-release 111 108
loggregator 89 88
nats-release 17 16
cf-routing-release 0.156.0 0.155.0
statsd-injector-release 1.0.27 1.0.25
uaa-release 40 38

For releases introduced by ops files:

Release/stemcell New version Old version
cf-networking-release 0.25.0 0.24.0
Assets 2
Loading

0.4.0

22 May 21:13
@dsabeti dsabeti
v0.4.0
b4da575
Compare
Choose a tag to compare
0.4.0

Manifest changes

  • Uses new consul link structure
  • Cloud Controller and UAA consume the database link via the mysql proxy. This should allow scaling of the mysql nodes and use of the proxy logic.
  • Privileged container support is turned off by default.
  • Updated redirect_uri for OAuth Clients to be complete URIs, in accordance with client validations introduced in uaa-release v36.
  • The variable uaa_scim_users_admin_password has been renamed to cf_admin_password. If you don't want your admin password to get rotated, you'll need to update your vars-store to include both values temporarily.

Ops-files

New operations

  • use-s3-blobstore.yml allows the deployer to use s3 as their Cloud Controller blobstore and eschews deploying WebDAV.
  • use-external-dbs.yml allows deployer to use external databases (e.g. RDS) for all SQL databases. That includes databases for CC, UAA, BBS, and the Routing API.
  • enable-privileged-container-support.yml enables support for privileged containers.
  • Experimental: use-grootfs.yml deploys GrootFS with Diego cells.
  • Experimental: use-cf-networking.yml deploys cf-networking-release and colocates the necessary jobs with Diego cells.

Ops-file updates

  • use-postgres.yml uses a link for sharing IP configuration with other jobs.
  • tcp-routing-gcp.yml uses default port 80 for TCP router healthchecks.
Assets 2
Loading

0.3.0

08 May 19:15
@dsabeti dsabeti
v0.3.0
171fede
Compare
Choose a tag to compare
0.3.0

Manifest Updates:

  • Routing API now gets deployed by default in cf-deployment. This should allow deployers to take advantage of other routing features (like routing isolation segments) without also needing to deploy the TCP router. This also removes the need for operations/use-postgres-tcp-routing.yml.
  • HTTP Route Emitters are deployed in local mode by default in cf-deployment. The experimental ops-files for enabling local HTTP Route Emitters are now no-ops, and will soon be removed.
  • Remove unnecessary scopes from UAA Clients
  • Garden is configured with cleanup_process_dirs_on-wait to true.

Ops-files:

  • locket.yml deploys Diego jobs with locket and uses it for distributed locking (instead of using consul).
  • scale-to-single-az.yml properly scales down the NATS static IPs.
  • use-latest-stemcell.yml allows deployers to use the latest stemcell version instead of the version encoded in the manifest.
  • bypass-cc-bridge.yml allows deployers to bypass the CC Bridge for most workflows. This will eventually be inlined to cf-deployment.yml.
  • The experimental enable-local-route-emitter-tcp.yml allows deployers to deploy with local TCP Route Emitters. This is still being verified, but will eventually be inlined to cf-deployment.yml.
  • The experimental enable-loggregator-v2-diego-cell.yml allows deployers to opt-in to the v2 API for the Metron Agent. This will eventually be inlined to cf-deployment.yml.
  • The experimental disable-etcd.yml allows deployers to deploy without an etcd cluster and use links for loggregator components instead. This will eventually be inlined to cf-deployment.yml.

Transition from cf-release: You might have noticed a transition directory in cf-deployment. This is where we're keeping our experimental tooling for migrating cf-release to cf-deployment.

  • Currently, the primary tool there is transition.sh, which builds a vars-store from an existing CF and Diego manifest. You must also provide a file with the private keys use by the internal CAs for your deployment.
  • We also have a ops-file, test/cfr-to-cfd-transition.yml, for testing the migration process. When we're ready for people to use this ops-file to migrate to cf-deployment, we'll move it out of the test directory.
Assets 2
Loading

0.2.2

10 May 04:06
@dsabeti dsabeti
v0.2.2
7394e88
Compare
Choose a tag to compare
0.2.2

Manifest updates:

  • Network has been renamed from private to default
  • Garden debug server enabled.

Ops files updates:

  • operations/experimental/locket.yml
    • Configures cells to use locket instead of consul
    • Configures TPS watcher to use locket instead of consul
  • New: operations/test/add-datadog-firehose-nozzle.yml
    • Deploys a datadog firehose nozzle for shipping metrics to datadog. Mostly used for metrics in a test environment, and we don't recommend this ops file for general consumption yet. We'll move this out of the test directory if we decide to support this ops file long-term.

Fixes:

  • operations/scale-to-one-az.yml
    • Removes an extraneous IP address from nats.machines on the mysql proxy job.
  • UAA Clients
    • gorouter, tcp_emitter, and tcp_router no longer have the unnecessary refresh_token grant type.
    • cf client has an explicit, empty-string password
  • Anchors moved so that manifest is valid yaml.
Assets 2
Loading

0.2.0

15 Apr 01:33
@dsabeti dsabeti
v0.2.0
496b3a8
Compare
Choose a tag to compare
0.2.0

Release updates:

  • cflinuxfs2-release is the new name (changed from cflinuxfs-rootfs-release).

Manifest updates:

  • The network name for instance groups in cf-deployment have been renamed to default. Versions of bbl newer than 2.1.1 support this.
  • HTTP Router has routing.router_groups.read scope
  • consul_server link can be shared across deployments
  • etcd job does not consume its own link. This change should be temporary.

Ops files updates:

  • New operations/experimental/locket*.yml allows a deployer to opt in to the high experimental use of Locket.
  • operations/tcp-routing-gcp.yml explicitly names a router group for the TCP router.
  • operations/tcp-routing-gcp.yml sets routing_api.enabled to true for the Cloud Controller worker.

Manifest fixes:

  • Mutual TLS certificates for the cc_uploader job have been moved to the correct location in the manifest.
  • Deprecated UAA jwt properties have been removed.
  • Unused diego_consul_client certificate has been removed.
  • Unused blobstore TLS properties have been removed.
Assets 2
Loading

0.1.0

04 Apr 18:51
@dsabeti dsabeti
v0.1.0
1475d8d
Compare
Choose a tag to compare
0.1.0

Ops Files:

  • use-compiled-releases.yml allows the deployer to use a pre-compiled release for cf-mysql-release. This should speed up deploy times.

Configuration changes:

  • diego-brain deploys with 10GB ephemeral disk
  • bosh-lite is configured with a smaller default for app memory (256MB)
  • diego-cell instance group does not start updating until diego-brain finished.
  • Default quota allows for 100 route ports
Assets 2
Loading

0.0.2

25 Mar 17:54
@dsabeti dsabeti
v0.0.2
2ded833
Compare
Choose a tag to compare
0.0.2

Changes:

  • New ops-file for scaling to single AZ
  • Enable Zipkin on routers
  • Split Cloud Controller workers into a separate instance group
  • cfdot added to diego-bbs and diego-brain jobs
Assets 2
Loading