Skip to content
This repository has been archived by the owner on Jan 21, 2022. It is now read-only.

CF 253
Compare
Choose a tag to compare
@dsabeti dsabeti released this 28 Feb 23:45
· 713 commits to master since this release
v253
36a8a24

Contents

Notices

  • Preparatory manifest changes: Both CF 253 and Diego 1.8.1 include changes to the manifest generation scripts that introduce the following line in a number of places:

    consumes: { consul: nil }

    This will allow the consul job to start providing a bosh link without having that link be consumed by the various consul jobs in the deployment. CF 254 will introduce a version of consul that requires these changes to the manifest, so please ensure that you deploy CF 253 and Diego 1.8.1 first before moving on to CF 254.

Job Spec Changes

  • cf-networking-release: If you are deploying cf-networking-release (which is still experimental), there will be some necessary changes to your manifest.

  • statsd-injector: To successfully deploy statsd-injector (part of loggregator), you'll need to generate the following properties:

    • loggregator.tls.statsd_injector.cert
    • loggregator.tls.statsd_injector.key

    You can generate this keypair using this script. You'll need to provide the certificate and key for the CA that was used to sign the other loggregator certs. The certificate for that CA can also be found in loggregator.tls.ca. Deployers should have the private key stored securely.

  • The included version of Loggregator restricts ciphers to use only the following 4 ciphers. This is a breaking change for some operators and a configurable property for opting into more cipher suites was introduced in Loggregator 85
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

CVEs

  • None

Subcomponent Updates

Compatible Releases and Stemcells

Assets 2
Loading