[cf-dev] routing-release 0.189.0

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] routing-release 0.189.0

Aidan Obley
Hello cf-dev!

We have cut routing-release 0.189.0.

This release includes several fixes and improvements. Notably, this release encrypts the control plane interactions with the routing-api.

Release Highlights

  • Gorouter is configurable to prune with TTL when using TLS to validate backend identity. This is a temporary mitigation of an issue where a route deregistration message is lost details
  • gorouter_ctl runs correctly on Xenial stemcells details
  • Operator can configure routing-api to support mTLS connections details
  • Routing API provides a bosh link that route registrar consumes to enable mTLS with the routing api details
  • Operator can configure route-registrar to communicate over mTLS to routing-api details
  • gorouter consumes Routing-API Link for mtls properties details
  • Operator can configure gorouter to fetch routes over mTLS from routing-api details
  • TCP Router consumes Routing-API Link for mtls properties details
  • Operator can configure tcp-router to communicate over mTLS to routing-api details
  • Route registrar route_registrar.routing_api.skip_ssl_validation property is now correctly applied details
  • Operator can to configure gorouter with client certs for route services details
  • cloudfoundry/routing-release #146: Deploy does not fail when required property server_cert_domain_san is not configured details

Manifest Property Changes

Job Property 0.188.0 Default 0.189.0 Default
gorouter router.route_services.cert_chain did not exist undefined
gorouter router.route_services.private_key did not exist undefined
gorouter routing_api.uri http://routing-api.service.cf.internal https://routing-api.service.cf.internal
gorouter routing_api.port 3000 from routing_api link
gorouter routing_api.ca_certs did not exist from routing_api link
gorouter routing_api.cert_chain did not exist from routing_api link
gorouter routing_api.private_key did not exist from routing_api link
gorouter router.prune_all_stale_routes did not exist false
gorouter router.set_kernel_parameters did not exist true
route_registrar route_registrar.logging_level did not exist info
route_registrar route_registrar.routing_api.api_url http://routing-api.service.cf.internal:3000 https://routing-api.service.cf.internal:3001
route_registrar route_registrar.routing_api.client_cert did not exist from routing_api link
route_registrar route_registrar.routing_api.client_private_key did not exist from routing_api link
route_registrar route_registrar.routing_api.server_ca_cert did not exist from routing_api link
routing-api routing_api.enabled_api_endpoints did not exist “both”
routing-api routing_api.mtls_port did not exist 3001
routing-api routing_api.mtls_ca did not exist generated by credhub
routing-api routing_api.mtls_server_cert did not exist generated by credhub
routing-api routing_api.mtls_server_key did not exist generated by credhub
routing-api routing_api.mtls_client_cert did not exist generated by credhub
routing-api routing_api.mtls_client_key did not exist generated by credhub
routing-api consul.servers http://127.0.0.1:8500 removed property
routing-api routing_api.skip_consul_lock false removed property
tcp_router routing_api.uri http://routing-api.service.cf.internal https://routing-api.service.cf.internal
tcp_router routing_api.port 3000 from routing_api link
tcp_router routing_api.client_cert did not exist from routing_api link
tcp_router routing_api.client_private_key did not exist from routing_api link
tcp_router routing_api.ca_cert did not exist from routing_api link

Regards,
The Networking Program
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8681) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_