- Support for eirini SSH feature
- Bumped cflinuxfs3 release to 0.141.0
- Bumped eirini release to 0.0.23
- Bumped go-buildpack release to 1.9.2
- Bumped nodejs-buildpack release to 1.7.1
- Bumped java-buildpack release to 4.24.0
- Bumped SLE12 and SLE15 stack
- Fixed apiVersion in Chart yaml(s) to point to Helm API version (v1)
- Turned binlog on for pxc config to enable transaction recovery
- Support for external CF-related databases, including CCDB & UAA when embedded in SCF
- Support for eirini to run on GKE and EKS
- Support for eirini to run on CRI-O-based Kubernetes environments
- Ingress controller now available for UAA embedded in SCF
- AUDIT_WRITE capabilities added for CRI-O
- Eirini will use SLE15 as its default stack
- Moved to stack-associated (or stackful) buildpacks, away from multi-stack
- Enabled BPM for bits-service for reliability
- garden.disable_swap_limit set to "true" to remove the need for swap accounting
- Bumped binary-buildpack release to 1.0.35
- Bumped cf-acceptance-tests to 9.5
- Bumped cflinuxfs3 to 0.135.0
- Bumped dotnetcore-buildpack release to 2.3.0
- Bumped eirini release to 0.0.21
- Bumped go-buildpack release to 1.9.1
- Bumped java-buildpack release to 4.23.0
- Bumped nginx-buildpack release to 1.1.0
- Bumped nodejs-buildpack release to 1.7.0
- Bumped php-buildpack release to 4.4.0
- Bumped python-buildpack release to 1.6.37
- Bumped ruby-buildpack release to 1.8.1
- Bumped scf-helper release to 1.0.7
- Bumped staticfile-buildpack release to 1.5.0
- Bumped SLE12 & SLE15 stacks
- Enforced odd number of mysql replicas for HA scenarios to improve consistency with PXC
- eirini-cert-copier no longer appears when scheduler is diego
- Improved mysql-proxy active/passive handling
- Added a config.HA_strict flag to allow role size overrides on top of config.HA
- Bumped binary-buildpack release to 1.0.33
- Bumped cf-deployment to 9.5
- Bumped cflinuxfs3 to 0.118.0
- Bumped dotnet-core-buildpack release to 2.2.13
- Bumped eirini release to 0.0.15
- Bumped go-buildpack release to 1.8.42
- Bumped groot-btrfs release to 1.0.5
- Bumped java-buildpack release to 4.20.0
- Bumped nginx-buildpack release to 1.0.15
- Bump nodejs-buildpack release to 1.6.53
- Bumped PHP buildpack release to 4.3.80
- Bumped python-buildpack release to 1.6.36
- Bumped ruby-buildpack release to 1.7.42
- Bumped scf-helper release to 1.0.3
- Bumped SLE12 and SLE15 stacks
- Removed the cluster-admin role binding for the eirini service account
- Switched SCF over to PXC from cf-mysql for database management
- Set the default value of AZ_LABEL_NAME to failure-domain.beta.kubernetes.io/zone
- Bumped cflinuxfs3 to 0.108.0
- Bumped go-builpack to 1.8.41
- Bumped nginx-buildpack to 1.0.14
- eirini release is reverted back to 0.0.4
- eirini-extensions and eirini-persi-broker jobs are removed
- Bumped SLE15 stack
- Switched back from pxc-release to cf-mysql-release
- Implemented a patch to squash Cloud Controller database migrations
- Added eirini-persi and eirini-persi-broker jobs
- Added PXC release
- Added support for embedded UAA
- Bumped app-autoscaler to 1.2.1
- Bumped cf-deployment to 7.11
- Bumped cflinuxfs3 to 0.101.0
- Bumped CATS to 7.11
- Bumped dotnet-core-buildpack to 2.2.12
- Bumped go-buildpack to 1.8.40
- Bumped nginx-buildpack to 1.0.13
- Bumped nodejs-buildpack to 1.6.51
- Bumped php-buildpack to 4.3.77
- Bumped python-buildpack to 1.6.34
- Bumped ruby-buildpack to 1.7.40
- Bumped staticfile-buildpack to 1.4.43
- Bumped SLE15 stack
- Simplified service accounts and pod security policies
- Switched to log-cache for container metrics
- Switched from cf-mysql-release to pxc-release
- Fixed version and SHA1 of cf-mysql-release 36.15.0
- Fixed TLS issues in log-cache
- Reverted cf-mysql-release to 36.15.0 to avoid intermittent database connectivity errors in HA setup
- Reverted the incompatible changes in statefulsets
- Changed app autoscaler-postgres to a non-HA setup
- Bumped binary-buildpack to 1.0.32
- Bumped CAPI to 1.79.0
- Bumped dotnet-core-buildpack to 2.2.10
- Bumped Eirini release to 0.0.4
- Bumped nginx-buildpack to 1.0.11
- Bumped nodejs-buildpack to 1.6.49
- Bumped php-buildpack to 4.3.75
- Bumped python-buildpack to 1.6.32
- Bumped ruby-buildpack to 1.7.38
- Bumped SLE12 stack
- Bumped SLE15 stack
- Bumped staticfile-buildpack to 1.4.42
- Cleaned up role readiness probe outputs
- Fix nfs-persi brain failures when running on NFS
- Added support for user supplied annotations for Ingress
- Added Helm labels to Ingress templates
- Bumped SLE15 stack
- Bumped nodejs buildpack to 1.6.48
- Bumped Eirini to 0.0.3
- Bumped cflinuxfs2 to 1.281.0
- Bumped cflinuxfs3 to 0.81.0
- Bumped Ruby buildpack to 1.7.36
- Bumped PHP buildpack to 4.3.74
- Bumped Python buildpack to 1.6.31
- Bumped Java buildpack to 4.19.1
- Fixed the diego-api readiness probe
- Fixed autoscaler to not skip SSL validation
- Reduced autoscaler database disk size
- Fixed autoscaler to listen to cluster internal CF API endpoint
- Added Eirini Tech Preview
- Added SLE15 stack
- Added feature flags to enable roles such as autoscaler, credhub, cf-usb, eirini
- Added SITS (Sync Integration Test Suite)
- Added support for Ingress Controller
- Added .net-core-buildpack (2.2.7)
- Bumped to cf-deployment 6.10
- Bumped cflinuxfs3 to 0.76.0
- Bumped cflinuxfs2 to 1.278.0
- Bumped binary-buildpack-release to 1.0.31
- Bumped cf-cli to 6.42.0
- Bumped go-buildpack to 1.8.36
- Bumped java-buildpack to 4.19.0
- Bumped nfs-volume-release to 1.7.6
- Bumped nginx-buildpack to 1.0.10
- Bumped nodejs-buildpack to 1.6.47
- Bumped php-buildpack to 4.3.70
- Bumped python-buildpack to 1.6.30
- Bumped ruby-buildpack to 1.7.35
- Bumped staticfile-buildpack to 1.4.41
- Bumped up the nproc limits for vcap user
- Doppler is communicating on port 443
- Enabled mutual TLS between cloud controller and GoRouter
- Changed cloud controller ports to be non-configurable
- Converted the cc-clock's wait-for-api functionality from a patch to a pre-start script
- Fixed the test for an insecure docker registry (uses tcpdomain for the route)
- cflinuxfs3 now available
- Support added for placement zones & isolation segments
- Bumped cflinuxfs2 to 1.266.0
- Bumped binary-buildpack to 1.0.30.1
- Bumped go-buildpack to 1.8.33.1
- Bumped java-buildpack to 4.17.2.1
- Bumped nginx-buildpack to 1.0.8.1
- Bumped nodejs-buildpack to 1.6.43.1
- Bumped php-buildpack to 4.3.70.1
- Bumped python-buildpack to 1.6.27.1
- Bumped ruby-buildpack to 1.7.31.1
- Bumped staticfile-buildpack to 1.4.39.1
- Bumped SLE12 & openSUSE stacks
- Certificates rely on correct UAA FQDN
- Removed obsolete key from role-manifest.yml
- Removed diego-cell readiness probe from role-manifest.yml
- Enabled Ingress Controller
- Added nginx buildpack
- Set up default PSPs
- Specify SYS_RESOURCE capabilities for roles that need it
- Bumped SLE12 & openSUSE stacks
- Bumped nodejs buildpack to 1.6.41.1
- Bumped Go buildpack to 1.8.31.1
- Bumped Ruby buildpack to 1.7.30.1
- Bumped staticfile buildpack to 1.4.38.1
- v3 API now uses HTTPS instead of HTTP
- Bumped java-buildpack to 4.17.1.1
- Restored DEFAULT_STACK to cflinuxfs2
- Bumped php-buildpack to 4.3.68.2
- Bumped binary-buildpack to 1.0.29.1
- klog.sh now supports multi-container pods
- Fixed stemcell to include latest pre start scripts
- New variable appVersion available in Helm
- Bumped cf-deployment to 3.6.0
- Bumped staticfile buildpack to 1.4.36.1
- Bumped nodejs buildpack to 1.6.37.1
- Bumped php buildpack to 4.3.66.1
- Bumped binary buildpack to 1.0.28.1
- Bumped Java buildpack to 4.16.1.1
- Bumped python buildpack to 1.6.24.1
- Bumped Ruby buildpack to 1.7.27.1
- Bumped SLE12 & openSUSE stacks
- App-autoscaler no longer dependent on hairpin
- Using upstream credhub instead of our own fork
- Metron replaces loggregator as a new sidecar for those pods where loggregator ran as a service internally before
- External URL for USB fixed whereby job name doesn't appear in service name anymore
- Bumped SLE12 stack
- Bumped java buildpack to 4.16.1
- Bumped binary buildpack to 1.0.27.1
- Bumped nodejs buildpack to 1.6.34.1
- Corrected service name to work with syslog drains
- Bumped SLE12 stack
- Bumped configgin to 0.18.3
- IP mappings are refreshed when pods are restarted in HA
- UAA charts now have affinity/antiaffinity logic
- Bumped ruby buildpack to 1.7.26.1
- Bumped SLE12 stack
- Bumped fissile to 0.0.1-321-g6c32268
- Renaming of api DNS internally to address apps not coming up in a timely fashion post-upgrade
- Use app.kubernetes.io/component instead of skiff-role-name label
- Bumped app-autoscaler to 1.0.0
- Bumped SLE12 & openSUSE stacks
- Bumped go buildpack to 1.8.28.1
- Bumped php buildpack to 4.3.62.1
- Bumped python buildpack to 1.6.23.1
- Bumped ruby buildpack to 1.7.25.1
- Bumped fissile to 0.0.1-318-g00f1932
- diego.file_server_url preserved from previous releases to maintain communication after upgrade
- Fixed stateful set clustering references for HA deployments
- Removed no longer needed consul & postgres roles
- Bumped SLE12 & openSUSE stacks
- Updated cluster role names to ensure no namespace conflicts in Kubernetes
- Credhub introduced as a user-accessible component (independent of future cf-deployment requirements)
- Exposed SMTP_HOST & SMTP_FROM_ADDRESS variables to allow for account creation & password reset
- One Kubernetes service per job now, whereby the service names will include both the instance group (previously the role) and job name, which impacts the role manifest YAML
- Bumped python & Ruby buildpacks
- Bumped SLE12 & openSUSE stacks
- Kubernetes readiness check no longer looks for hyperkube explicitly
- Error in configgin update
- Bumped configgin
- configgin can now find lower-numbered role pods to help with upgrades
- Bumped go & Ruby buildpacks
- Bumped SLE12 & openSUSE stacks
- fissile now uses port numbers for exposed services, addressing a Kubernetes behaviour spotted during upgrades
- Provide warnings when HA UAA relies on SSO lifecycle tests
- broker_client_timeout_seconds variable exposed
- Bumped app-autoscaler-release to 8d6cb15
- Bumped openSUSE stack
- Reverted changes to database role rename based on issue with volumes during upgrade
- CF version number in filename properly updated
- Allow HA for cc-clock and syslog-scheduler roles (2 default/3 max)
- Changed internal ports to avoid privileged ports in Kubernetes, though diego-cell and nfs-broker containers still rely on privileged access
- Bumped cf-deployment to 2.7.0
- Bumped capi-release to 1.61.0
- Bumped cf-syslog-drain-release to 7.0
- Bumped cflinuxfs2-release to 1.227.0
- Bumped consule-release to 195
- Bumped diego-release to 2.12.1
- Bumped routing-release to 0.179.0
- Bumped uaa-release to 60.2
- Bumped loggregator to 103
- Bumped SLE12 & openSUSE stacks
- syslog-adapter added to syslog adapter cert
- Bumped SLE12 & openSUSE stacks
- Bumped SLE12 & openSUSE stacks
- App-autoscaler included (off by default)
- Groot-btrfs now available
- Enabled cloud controller security events
- nfs-broker can now be HA
- Realigned cf role composition more inline with upstream
- mysql-proxy role has been merged into the mysql role
- diego-locket role merged into diego-api
- log-api role combines loggregator and syslog-rlp roles
- Renamed syslog-adapter role to adapter
- Removed processes list from all roles
- Removed duplicate routing_api.locket.api_location property
- Bumped garden-runc-release to 1.15.1 to rely on go-nats
- Bumped ruby-buildpack to 1.7.21.1
- Bumped SLE12 & openSUSE stacks
- Bumped kubectl to 1.9.6
- Bumped cf-cli to 6.37.0
- INTERNAL_CA_KEY not included in every pod by default
- Better mechanism for waiting on MySQL
- Certificate expiration now configurable
- Added support for manual rotation of cloud controller database keys
- New active/passive role management for pods
- Exposed router.client_cert_validation property
- Bumped cf-deployment to 1.36
- Bumped UAA to v59
- Bumped diego-release to 2.8.0
- Bumped SLE12 & openSUSE stacks
- Bumped ruby-buildpack to 1.7.18.2
- Bumped go-buildpack to 1.8.22.1
- Bumped kubectl to 1.8.2
- Use namespace for helm install name
- Load balancer for Azure now usable
- Updated role manifest validation to let secrets generator use KUBE_SERVICE_DOMAIN_SUFFIX without configuring HA itself
- SCF_LOG_PORT now set to default of 514
- Fixed issue during upgrade whereby USB did not receive updated password info
- Patched monit_rsyslogd timestamp
- Disabled optional consul role
- Immutable config variables will not be regenerated
- cfdot added to all diego roles
- Bumped SLE12 & openSUSE stacks
- Rotateable secrets are now immutable
- Upgrades for legacy versions that were using an older secrets generation model
- Upgrades will handle certificates better by having the required SAN metadata
- Apps will come back up and run after upgrade
- The previous CF/UAA bumps should be considered minor updates, not patch releases, so we will bump this verison in light of the changes in 2.8.1 and rely on this as part of future semver
- Bump PHP buildpack to v4.3.53.1 to address MS-ISAC ADVISORY NUMBER 2018-046
- Fixed string interpolation issue
- Enabled router.forwarded_client_cert variable for router
- New syslog roles can have anti-affinity
- mysql-proxy healthcheck timeouts are configurable
- Bumped UAA to v56.0
- Bumped cf-deployment to v1.21
- Bumped SLE12 & openSUSE stacks
- Removed time stamp check for rsyslog
- MySQL HA scaling up works better
- Added mysql-proxy for UAA
- Exposed more log variables for UAA
- Bumped SLE12 stack
- Bumped fissile to 5.2.0+6
- Variable kube.external_ip now changed to kube.external_ips
- Addressed issue with how pods were indexed with invalid formatting
- TCP routing ports are now configurable and can be templatized
- CPU limits can now be set
- Kubernetes annotations enabled so operators can specify which nodes particular roles can run on
- Bumped fissile to 5.1.0+128
- Changed how secrets are generated for rotation after 2.7.1 and 2.7.2 ran into problems during upgrades
- Bumped fissile to 5.1.0+89
- Allow more than one IP address for external IPs
- MySQL now a clustered role
- More configurations for UAA logging level
- To address CVE-2018-1221, bumped CF Deployment to 1.15 and routing-release to 0.172.0
- Bumped UAA to v55.0
- Bumped SLE12 & openSUSE stacks
- Bumped buildpack versions to latest
- Make the cloud controller clock role wait until the API is ready
- Add ability to rename immutable secrets
- Bump to CF Deployment (1.9.0), using CF Deployment not CF Release from now on
- Bump UAA to v53.3
- Update CATS to be closer to what upstream is using
- Make RBAC the default in the values.yaml (no need to specify anymore)
- Increase test brain timeouts to stop randomly failing tests
- Remove unused SANs from the generated TLS certificates
- Remove the dependency on jq from stemcells
- Fix duplicate buildpack ids when starting Cloud Foundry
- Fix an issue in the vagrant box where compilation would fail due to old versions of docker.
- Fix an issue where diego cell could not mount nfs in persi
- Fix many problems reported with the syslog forwarding implementation
- Helm charts now are published by ci with the correct registry.
- Combine variables controlling openSUSE vs SLES builds.
- Helm versions no longer include the build information in the semver
- Which stemcell is used is no longer governed by CI but by make files
- Jenkins now prevents overwriting of artifacts
- Prevent use of unconfigured stacks
- Fix mutual TLS when HA mode is true (fixes HA deployment problems)
- Fix ruby app deployment problem (missing libmysqlclient in stack)
- Fix configgin having insufficient permissions to configure HA deploy
- Fix issue where buildpacks couldn't upload because blobstore size limits