Diego v1.2.0

Changes from v1.1.0 to v1.2.0

• Verified with garden-runc-release v1.0.4.
• Verified with garden-windows-bosh-release v0.0.11.
• Verified with etcd-release v87.
• Verified with cf-mysql-release v32.
• Verified with cflinuxfs2-rootfs-release v1.41.0.

IMPORTANT: It is now a deployment error not to configure a relational data store for the BBS API server. Both MySQL and Postgres are supported SQL dialects. Please see documentation on Diego data stores for information about selecting a relational store and, for existing deployments, migrating data from etcd if so desired.

IMPORTANT: This version of Diego makes it possible to secure the Auctioneer API via mutual TLS. Please see the updated TLS configuration documentation for information on generating and configuring the TLS credentials, and "Upgrading to a TLS-Secured Auctioneer API" for detailed instructions on upgrading an existing deployment to mutual TLS without downtime.

Significant changes

BBS Relational Datastore

• As a Diego operator, I expect not to be able to run Diego without a relational store
• As a Diego operator, I expect a MySQL-backed BBS to be resilient to occasional deadlock errors

Container Execution

• As an app developer, I expect to have a CF_INSTANCE_INTERNAL_IP environment variable set to the non-loopback IP address inside the container

Windows Support

• cloudfoundry/diego-release #225: Remove powershell when starting jobs in Windows
• Remove powershell when starting jobs in Windows
• Fix Powershell error handling
• Open Rep ports

Manifest Generation

• As a Diego operator, I expect the capi.tps.traffic_controller_url property to default to the tps job spec in the BOSH manifest
• cloudfoundry/diego-release #227: wip: generate datadog firehose nozzle deployment manifest
• As a CF operator, I expect the AWS example instructions to allow overriding the CF instance types

Test Suites and Tooling

• cloudfoundry/consuladapter #5: Remove prefix 'v' when parsing version
• As a Diego operator, I expect to upgrades from Diego v1.0.0 to latest to be supported

Security

• As a Diego operator, I expect to be able to secure BBS communication to the auctioneer API so that I can create new deployments with secure communication
• As a Diego operator, I expect to be able to upgrade existing deployments to a fully secure auctioneer API configuration without downtime

Documentation

• Remove minimal-aws instructions from diego-release
• cloudfoundry/diego-release #229: Updating the name of the bbs log file

BOSH job changes

None.

BOSH property changes

• Added diego.auctioneer.ca_cert: CA cert for the auctioneer API server to use in TLS authentication.
• Added diego.auctioneer.server_cert: Certificate for the auctioneer API server to use in TLS authentication.
• Added diego.auctioneer.server_key: Private key for the auctioneer API server to use in TLS authentication.
• Added diego.bbs.auctioneer.api_location: Hostname and port of the auctioneer API server.
• Added diego.bbs.auctioneer.ca_cert: CA cert for the BBS auctioneer client to use in TLS authentication.
• Added diego.bbs.auctioneer.client_cert: Certificate for the BBS auctioneer client to use in TLS authentication.
• Added diego.bbs.auctioneer.client_key: Private key for the BBS auctioneer client to use in TLS authentication.
• Added diego.bbs.auctioneer.require_tls: Whether the BBS auctioneer client strictly requires TLS.
• Deprecated diego.bbs.auctioneer.api_url in favor of diego.bbs.auctioneer.api_location.