Cloud Foundry Release Notes Report: April – June 2019
Hi again Cloud Foundry community! This is our second installment in our public release notes series. As mentioned in the Q1 blog, there are many project teams doing incredible work across Cloud Foundry, and we thought it would be useful to centralize and publicize that work here for the community.
These notes outline major impacts to the developer experience and the operator experience, and will be useful as well to platform engineers working on Cloud Foundry.
Read on for release notes from April, May and June of 2019.
Cloud Foundry Application Runtime
Bits Service
- The project team has announced the discontinuation of the bits-service project; the team will only provide basic maintenance support for the Eirini team until Eirini moves away from bits-services as well. More information can be found here.
Bits Service Releases:
Cloud Foundry API
Platform Engineer Experience:
- Added Sidecar support for processes.
- Updated revisions to work with V2 push, restage and restart workflows.
- Finished removing cflinuxfs2 defaults from capi-release.
- Ability to upgrade an individual service instance.
- V3 domains, droplets, async service bindings, and service instance parameter fetching are generally available.
Operator Experience:
- Initial support for staging apps on Eirini.
- Buildpacks available on v3 API.
Developer Experience:
- Cancel the creation of an asynchronous service instance to avoid waiting for creation to finish.
- See the service broker name, providing each service instance when fetching a space summary.
CAPI Releases:
Cloud Foundry CLI
- Changed workflow for cf auth –client-credentials to address security concerns.
- Adds support for using client credentials with the cf oauth-token command.
- Multiservice registration: Multiple service brokers can offer services with the same name and or have the same catalogs. (However, brokers themselves must still be given a unique name.)
Note: Multi-service registration is only supported on CC API version 2.125.0 or greater.
CLI Releases:
Networking
Operator Experience:
- Addresses a vulnerability in releases prior to 0.188.0 that can hijack the traffic to route services hosted outside the platform.
Networking Releases:
Diego
Developer Experience:
- App logs now include org and space information to which the app belongs, enabling app developers to filter/analyze logs for the app by org/space in downstream systems.
Operator Experience:
- Windows Diego cell reps deployed to Azure can now configure their zone based on the assigned Azure Fault Domain or Azure Availability zone (when opted to do so), so that the auctioneer can make appropriate LRP instance placements.
- Locket releases idle database connections to prevent using extra resources from the shared Cloud Foundry resources.
Platform Engineer Experience:
- Adds the ability to distinguish the http stop/start metrics associated with different versions of the app to make scaling decisions.
Diego Releases:
Eirini
The Eirini team now hosts a virtual office hours call on the first Monday of every month. Anyone can join the call to get in touch with the project team or ask them specific questions.
Platform Engineer Experience:
- RootFS now gets automatically patched when rolling out new versions.
- Release is now updated to cflinuxfs3.
- Improved “native” (non-diego) staging.
Eirini Releases:
Garden
Operator Experience:
- Limit the size of the sparse file to avoid encroaching on the reserved_space_for_other_jobs, as sparse files do not reclaim free space.
Garden Releases:
Garden Windows
Garden Windows Releases:
HAProxy BOSH Release
Operator Experience:
- Custom HTTP responses can be configured using ha_proxy.custom_http_error_files. It takes a map of status codes to raw http responses to send, enabling operators to customize 502/503 errors returned by HAProxy.
HAProxy BOSH Releases:
Infrastructure
Platform Engineer Experience:
- The 8.1.0 release reverts a change that limited the number of AWS AZs to 3.
- The 8.0.0 release reverts the change on BBL AWS so that the network load balancer is no longer used and the elastic load balancer is used instead to mitigate an upgrade issue.
- Cloud Foundry Load Balancer on AWS no longer allows ingress on port 4443.
Infrastructure Releases:
Postgres Release
Platform Engineer Experience:
- Releases upgrade PostgreSQL to versions 11.3 and 11.4.
Postgres Release Releases:
Release Integration
Platform Engineer Experience:
- v9.0.0
- Addresses the security vulnerability identified in the Cloud Foundry GORouter.
- v8.0.0
- Removes cflinuxfs2 and operations/legacy from cf-deployment.
- Disables ssh-proxy HTTP health-check server by default.
Rel-Int Releases:
User Account & Authentication
Operator Experience:
- Operators can configure UAA to ignore hostnames in server certificates for TLS connection to database.
Platform Engineer Experience:
- Configure Cloud Foundry to only use BPM to manage the UAA process.
UAA Releases:
BOSH PMC
Bosh team announced the end of support of trusty stemcells as a result of Canonical ending security updates to Trusty (Ubuntu 14.04) and removed support for v1 manifests.
BOSH
Operator Experience:
- Fixes an issue where commands that only update DNS changes, like bosh recreate would cause templating failures on subsequent commands.
- Removes support for v1 manifests. Operators must upgrade any v1 manifests to use v2 manifest syntax prior to using this version of the BOSH Director.
BOSH Releases:
Extensions PMC
App-Autoscaler
Operator Experience:
- Uses UAA token endpoint for client ID validation.
- Adds caching of app metrics in event generator.
- Enables https/TLS support when connecting to Postgres SQLDB (except API server).
App-Autoscaler Releases:
BOSH Backup and Restore
Operator Experience:
- Now has the ability to gracefully skip BOSH jobs.
Backup and Restore Releases:
CF Buildpacks
Operator Experience:
- Effective May 11, 2019, buildpacks team announced the end of support for Ruby versions 2.2.x and 2.3.x (read here)
- Effective May 18, 2019, buildpacks team announced the end of support for Go versions 1.10.x (read here).
- Effective May 30, 2019, buildpacks team announced the end of support for Nginx versions 1.14.x (read here).
- Buildpacks team also announced the end of support for cflinuxfs2 on all new dependency version lines within buildpacks.
- Effective June 05, 2019, buildpacks team announced the end of support for nodejs versions 11.x (read here).
- Buildpacks also announced the end of support for cflinuxfs2 buildpacks effective Aug 31, 2019.
Cloud Foundry Container Runtime
Operator Experience:
- Supports Kubernetes 1.14.1
- Adds flannel etcd certs to Windows
CFCR Releases:
CF-Dev
Developer Experience:
- Now with added support for Linux platform.
cf-dev Releases:
Credhub
Platform Engineer Experience:
- Permissions can now be defined in the manifest at deploy time, can be defined for namespaces as well as on explicit credential names, are additive (if any rule exists authorizing a user to take an action, then the action will be permitted), and can be managed via a new RESTful resource.
- CredHub can now be configured to skip hostname verification for database TLS connections to MariaDB databases.
- Adds the ability to have certificate authorities concatenated when getting a certificate that has a transitional cert authority.
Credhub Releases:
Stratos
The latest release of Stratos (v2.4.0) packs a slew of features and UI updates. From cosmetic updates to the ability to autoscale users and app instances right from the user interface, the latest Stratos update definitely warrants a look!
Open Service Broker API (OSB API)
The OSB API team announced the latest release v2.15 of the project on June 21, 2019. The team wrote a blog post highlighting some features with a link to the release notes.
