Releases: genesis-community/cf-genesis-kit
v1.1.1
v1.1.0
Overview
This release updates CF components to more recent versions. Most
notably, this version brings the following related CF changes:
- Diego now uses mTLS for communication.
- CAPI now supports IAM Service Accounts when authenticating with
Google Cloud Storage - Scalable Syslog is now used, allowing multiple VMs to handle log
output.
To accommodate these changes, the following kit-related changes were
made:
- 3 new databases are necessary:
silkdb,locketdb, and
policyserverdb - The
repinternal certificate needs to be signed for127.0.0.1
for mTLS reasons. This Genesis kit now has apre-deployhook
that will automatically delete and generate a newrep
certificate with the appropriate alternative names if the prior
repcertificate was not signed for127.0.0.1
Various configuration parameters were added, and are detailed below.
New Parameters
Scalable Syslog
-
syslogger_instances- How many scalable syslog VMs to deploy. -
syslogger_vm_type- What type of VM to deploy for the scalable
syslog. Defaults tosmall.
UAA
-
uaa_lockout_failure_count- Amount of failed UAA login attempts
before lockout. -
uaa_lockout_failure_time_between_failures- How much time
(in seconds) in whichuaa_lockout_failure_countmust occur in
order for account to be locked. Defaults to1200. -
uaa_lockout_punishment_time- How long (in seconds) the account
is locked out for violatinguaa_lock_failure_countwithin
uaa_lockout_failure_time_between_failures. Defaults to300. -
uaa_refresh_token_validity- How long (in seconds) a CF refresh
is valid for. Defaults to2592000. -
cf_branding_product_logo- A base64 encoded image to display on
the web UI login prompt. Defaults tonil. -
cf_branding_square_logo- A base64 encoded image to display
in areas where a smaller logo is necessary. Defaults tonil. -
cf_footer_legal_text- A string to display in the footer,
typically used for compliance text. Defaults tonil. -
cf_footer_links- A YAML list of links to enumerate in the footer
of the web UI. Defaults tonil
Upgrade Instructions
From 1.0.0, the following actions need to be made:
If CF was deployed with local-db or local-ha-db feature flags
No changes need to be performed for an in-situ upgrade of
cf-genesis-kit 1.0.0 to 1.1
If CF was deployed with mysql-db or postgres-db feature flags
- Create 3 databases with the following names:
silkdb,locketdb, and
policyserverdb.
Core Components
| Release | Version | Release Date |
|---|---|---|
| bpm (new) | 0.6.0 | 2 May 2018 |
| capi | 1.60.0 | 15 Jun 2018 |
| cf-smoke-tests | 40.0.5 | 17 May 2018 |
| cf-networking (new) | 1.9.0 | 15 Dec 2017 |
| cflinuxfs2 | 1.212.0 | 4 Jun 2018 |
| cf-syslog-drain (new) | 6.5 | 3 May 2018 |
| consul | 193 | 29 May 2018 |
| diego | 2.8.0 | 28 May 2018 |
| garden-runc | 1.14.0 | 4 Jun 2018 |
| loggregator | 102.2 | 25 May 2018 |
| nats | 24 | 16 May 2018 |
| cf-routing | 0.178.0 | 17 May 2018 |
| statsd-injector | 1.3.0 | 23 Mar 2018 |
| uaa | 59 | 22 May 2018 |
Buildpacks
| Buildpack | Version | Release Date |
|---|---|---|
| binary | 1.0.19 | 5 Jun 2018 |
| dotnet-core | 2.0.7 | 5 Jun 2018 |
| go | 1.8.23 | 5 Jun 2018 |
| java | 4.12 | 11 May 2018 |
| nodejs | 1.6.25 | 5 Jun 2018 |
| php | 4.3.56 | 5 Jun 2018 |
| python | 1.6.17 | 5 Jun 2018 |
| ruby | 1.7.19 | 5 Jun 2018 |
| staticfile | 1.4.28 | 5 Jun 2018 |
Cloud Foundry Kit v1.0.0
Improvements
The Cloud Foundry Genesis Kit now leverages some exciting new
features in Genesis v2.6.0+, notably blueprints and feature flags.
Existing environments should be able to update to this version
without any undue stress of churn, but a few "refreshes" are desirable.
- The
shieldsubkit is now gone. BOSH Add-ons are a great way
to co-locate the SHIELD agent on your CF database and blobstore
instance groups.
v0.3.1
v0.3.0
This is basically 0.1.16, except for that the smoke_tests vm has been renamed to smoke-tests so that the bosh CLI stops complaining.
Hooray for 0.3.0 - we made it. 🎊
Buildpacks
| Buildpack | Version | Release Date |
|---|---|---|
| binary-buildpack | 1.0.15 | 6 Nov 2017 |
| dotnet-core-buildpack | 2.0.1 | 29 Jan 2018 |
| go-buildpack | 1.8.18 | 8 Feb 2018 |
| java-buildpack | 4.7.1 | 12 Dec 2017 |
| nodejs-buildpack | 1.6.15 | 29 Jan 2018 |
| php-buildpack | 4.3.48 | 29 Jan 2018 |
| python-buildpack | 1.6.7 | 29 Jan 2018 |
| ruby-buildpack | 1.7.11 | 29 Jan 2018 |
| staticfile-buildpack | 1.4.21 | 12 Jan 2018 |
Core Components
| Buildpack | Version | Release Date |
|---|---|---|
| capi | 1.48.0 | 26 Jan 2018 |
| cf-smoke-tests | 40 | no release information available from upstream |
| cflinuxfs2 | 1.185.0 | 25 Jan 2018 |
| consul | 181 | 11 Oct 2017 |
| diego | 1.34.0 | 29 Jan 2018 |
| etcd | 104 | 9 May 2017 |
| garden-runc | 1.11.1 | Jan 30 2018 |
| loggregator | 99 | 29 Sep 2017 |
| nats | 22 | 1 Aug 2017 |
| routing | 0.171.0 | 19 Jan 2018 |
| statsd-injector | 1.0.30 | 14 Aug 2017 |
| uaa | 53.3 | 31 Jan 2018 |
v0.1.16
v0.1.15
v0.1.14
This adds properties to the base manifest of v0.1.13 that enable mTLS for cc_uploader and droplet downloads. No change is required on the operators part.
NOTICE: Volume services don't work in this version of CF.
v0.1.13
This bumps the kit to cf-release v270ish. Upgrading to this from a previous version will result in an inability to stage apps for some duration of the deployment.
This releases contains a change for how consul handles links. If you have custom jobs with consul_agent links like
jobs:
- name: consul_agent
release: consul
consumes:
consul: { from: consul_server }
You'll want to change it to something like
jobs:
- name: consul_agent
release: consul
consumes:
consul_common: {from: consul_common_link}
consul_server: nil
consul_client: {from: consul_client_link}
NOTICE: Volume services don't work in this version of CF.
For a list of release changes, check out this commit 4a780d0