Skip to content
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.

Releases: SUSE/scf

2.13.3

20 Sep 21:27
@thardeck thardeck
2.13.3
f95d9ae
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
2.13.3

Changed

  • Bumped configgin
  • Bumped go & Ruby buildpacks
  • Bumped SLE12 & openSUSE stacks

Fixed

  • configgin can now find lower-numbered role pods to help with upgrades
  • fissile now uses port numbers for exposed services, addressing a Kubernetes behaviour spotted during upgrades
  • Provide warnings when HA UAA relies on SSO lifecycle tests
Assets 3
Loading

2.12.3: RC in QA

22 Aug 23:41
@gaktive gaktive
2.12.3
33a6357
Compare
Choose a tag to compare
2.12.3: RC in QA Pre-release
Pre-release

QA is testing this release.

Added

  • Allow HA for cc-clock and syslog-scheduler roles (2 default/3 max)

Changed

  • Changed internal ports to avoid privileged ports in Kubernetes, though diego-cell and nfs-broker containers still rely on privileged access
  • Bumped cf-deployment to 2.7.0
  • Bumped capi-release to 1.61.0
  • Bumped cf-syslog-drain-release to 7.0
  • Bumped cflinuxfs2-release to 1.227.0
  • Bumped consule-release to 195
  • Bumped diego-release to 2.12.1
  • Bumped routing-release to 0.179.0
  • Bumped uaa-release to 60.2
  • Bumped loggregator to 103
  • Bumped SLE12 & openSUSE stacks

Fixed

  • syslog-adapter added to syslog adapter cert
Assets 2
Loading

2.12.2: Do not use

16 Aug 22:11
@gaktive gaktive
2.12.2
89bb4e0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
2.12.2: Do not use Pre-release
Pre-release

Added

  • App-autoscaler included (off by default)
  • groot-btrfs now available
  • Enabled cloud controller security events
  • nfs-broker can now be HA

Changed

  • Realigned cf role composition more inline with upstream
  • database role combines previous mysql and mysql-proxy roles
  • diego-locket role merged into diego-api
  • log-api role combines loggregator and syslog-rlp roles
  • Renamed syslog-adapter role to adapter
  • Removed processes list from all roles
  • Removed duplicate routing_api.locket.api_location property
  • Bumped garden-runc-release to 1.15.1 to rely on go-nats
  • Bumped ruby-buildpack to 1.7.21.1
  • Bumped SLE12 & openSUSE stacks
  • Bumped kubectl to 1.9.6
  • Bumped cf-cli to 6.37.0

Fixed

  • INTERNAL_CA_KEY not included in every pod by default
  • Better mechanism for waiting on MySQL
Assets 2
Loading

2.12.1: Do not use

16 Aug 22:11
@gaktive gaktive
2.12.1
6c0df3f
Compare
Choose a tag to compare
2.12.1: Do not use Pre-release
Pre-release 
Update changelog
Assets 2
Loading

2.12.0: Do not use

16 Aug 22:11
@gaktive gaktive
2.12.0
5070f11
Compare
Choose a tag to compare
2.12.0: Do not use Pre-release
Pre-release 
Update changelog
Assets 2
Loading

2.11.0

27 Jun 23:39
@gaktive gaktive
2.11.0
4c9e9ae
Compare
Choose a tag to compare
2.11.0

Added

  • Certificate expiration now configurable
  • Added support for manual rotation of cloud controller database keys
  • New active/passive role management for pods
  • Exposed router.client_cert_validation property

Changed

  • Bumped cf-deployment to 1.36
  • Bumped UAA to v59
  • Bumped diego-release to 2.8.0
  • Bumped SLE12 & openSUSE stacks
  • Bumped ruby-buildpack to 1.7.18.2
  • Bumped go-buildpack to 1.8.22.1
  • Bumped kubectl to 1.8.2
  • Use namespace for helm install name

Fixed

  • Load balancer for Azure now usable
  • Updated role manifest validation to let secrets generator use KUBE_SERVICE_DOMAIN_SUFFIX without configuring HA itself
  • SCF_LOG_PORT now set to default of 514
  • Fixed issue during upgrade whereby USB did not receive updated password info
  • Patched monit_rsyslogd timestamp
Assets 3
Loading

2.10.1

04 Jun 07:53
@mook-as mook-as
2.10.1
647b227
Compare
Choose a tag to compare
2.10.1

Added

  • Enabled router.forwarded_client_cert variable for router
  • New syslog roles can have anti-affinity
  • mysql-proxy healthcheck timeouts are configurable
  • cfdot added to all diego roles

Changed

  • Bumped UAA to v56.0
  • Bumped cf-deployment to v1.21
  • Bump PHP buildpack to v4.3.53.1 to address MS-ISAC ADVISORY NUMBER 2018-046
  • Bumped SLE12 & openSUSE stacks
  • Rotateable secrets are now immutable
  • Removed time stamp check for rsyslog

Fixed

  • Immutable config variables will not be regenerated
  • Upgrades for legacy versions that were using an older secrets generation model
  • Upgrades will handle certificates better by having the required SAN metadata
  • Apps will come back up and run after upgrade
  • MySQL HA scaling up works better

Important Notes

  • Upgrading now rotates all internal passwords and certificates which may cause some downtime (e.g. users will be unable to push applications) as the roles are restarted. This should not impact the availability of hosted applications running multiple instances.
  • If you are using the bundled UAA release, upgrade this first and pass the new certificate to the SCF upgrade command as per the upgrade instructions below.
Assets 3
Loading

2.9.0: Do not use

14 May 18:13
@mook-as mook-as
2.9.0
49b86b1
Compare
Choose a tag to compare
2.9.0: Do not use Pre-release
Pre-release

This was going to be a release, but we found a few issues with it:

  • Rotating secrets will rotate too many things and cause existing apps to not restart correctly
  • Issues with diego-locket disappearing half way, causing roles holding the lock to lose it and issues derived from such
  • Certificates were not regenerating when required, causing rep to not work until a full secrets regeneration was forced (but see above)
Assets 2
Loading

2.8.0

13 Apr 15:21
@cornelius cornelius
2.8.0
5aa8b03
Compare
Choose a tag to compare
2.8.0

Added

  • Added mysql-proxy for UAA
  • Exposed more log variables for UAA
  • TCP routing ports are now configurable and can be templatized
  • CPU limits can now be set
  • Kubernetes annotations enabled so operators can specify which nodes particular roles can run on
  • Allow more than one IP address for external IPs
  • MySQL now a clustered role
  • More configurations for UAA logging level

Changed

  • Bumped fissile to 5.2.0+6
  • Variable kube.external_ip now changed to kube.external_ips
  • To address CVE-2018-1221, bumped CF Deployment to 1.15 and routing-release to 0.172.0
  • Bumped UAA to v55.0
  • Bumped SLE12 & OpenSUSE stacks
  • Bumped buildpack versions to latest

Fixed

  • Addressed issue with how pods were indexed with invalid formatting
  • Changed how secrets are generated for rotation after 2.7.1 and 2.7.2 ran into problems during upgrades
  • Make the cloud controller clock role wait until the API is ready
Assets 3
Loading

2.7.0

22 Feb 15:30
@cornelius cornelius
2.7.0
2d95fcb
Compare
Choose a tag to compare
2.7.0

Added

  • Add ability to rename immutable secrets

Changed

  • Bump to CF Deployment (1.9.0), using CF Deployment not CF Release from now on
  • Bump UAA to v53.3
  • Update CATS to be closer to what upstream is using
  • Make RBAC the default in the values.yaml (no need to specify anymore)
  • Increase test brain timeouts to stop randomly failing tests
  • Remove unused SANs from the generated TLS certificates
  • Remove the dependency on jq from stemcells
  • Diego cells don't require a persistant volume anymore. This makes SCF compatible with a wider range of storage classes so that you can use a NFS storage class when deploying SCF to Kubernetes, for example.

Fixed

  • Fix duplicate buildpack ids when starting Cloud Foundry
  • Fix an issue in the vagrant box where compilation would fail due to old versions of docker.
  • Fix an issue where diego cell could not mount nfs in persi
  • Fix many problems reported with the syslog forwarding implementation
Assets 4
Loading