0.4.0

Manifest changes

• Uses new consul link structure
• Cloud Controller and UAA consume the database link via the mysql proxy. This should allow scaling of the mysql nodes and use of the proxy logic.
• Privileged container support is turned off by default.
• Updated redirect_uri for OAuth Clients to be complete URIs, in accordance with client validations introduced in uaa-release v36.
• The variable uaa_scim_users_admin_password has been renamed to cf_admin_password. If you don't want your admin password to get rotated, you'll need to update your vars-store to include both values temporarily.

Ops-files

New operations

• use-s3-blobstore.yml allows the deployer to use s3 as their Cloud Controller blobstore and eschews deploying WebDAV.
• use-external-dbs.yml allows deployer to use external databases (e.g. RDS) for all SQL databases. That includes databases for CC, UAA, BBS, and the Routing API.
• enable-privileged-container-support.yml enables support for privileged containers.
• Experimental: use-grootfs.yml deploys GrootFS with Diego cells.
• Experimental: use-cf-networking.yml deploys cf-networking-release and colocates the necessary jobs with Diego cells.

Ops-file updates

• use-postgres.yml uses a link for sharing IP configuration with other jobs.
• tcp-routing-gcp.yml uses default port 80 for TCP router healthchecks.

0.3.0

Manifest Updates:

• Routing API now gets deployed by default in cf-deployment. This should allow deployers to take advantage of other routing features (like routing isolation segments) without also needing to deploy the TCP router. This also removes the need for operations/use-postgres-tcp-routing.yml.
• HTTP Route Emitters are deployed in local mode by default in cf-deployment. The experimental ops-files for enabling local HTTP Route Emitters are now no-ops, and will soon be removed.
• Remove unnecessary scopes from UAA Clients
• Garden is configured with cleanup_process_dirs_on-wait to true.

Ops-files:

• locket.yml deploys Diego jobs with locket and uses it for distributed locking (instead of using consul).
• scale-to-single-az.yml properly scales down the NATS static IPs.
• use-latest-stemcell.yml allows deployers to use the latest stemcell version instead of the version encoded in the manifest.
• bypass-cc-bridge.yml allows deployers to bypass the CC Bridge for most workflows. This will eventually be inlined to cf-deployment.yml.
• The experimental enable-local-route-emitter-tcp.yml allows deployers to deploy with local TCP Route Emitters. This is still being verified, but will eventually be inlined to cf-deployment.yml.
• The experimental enable-loggregator-v2-diego-cell.yml allows deployers to opt-in to the v2 API for the Metron Agent. This will eventually be inlined to cf-deployment.yml.
• The experimental disable-etcd.yml allows deployers to deploy without an etcd cluster and use links for loggregator components instead. This will eventually be inlined to cf-deployment.yml.

Transition from cf-release: You might have noticed a transition directory in cf-deployment. This is where we're keeping our experimental tooling for migrating cf-release to cf-deployment.

• Currently, the primary tool there is transition.sh, which builds a vars-store from an existing CF and Diego manifest. You must also provide a file with the private keys use by the internal CAs for your deployment.
• We also have a ops-file, test/cfr-to-cfd-transition.yml, for testing the migration process. When we're ready for people to use this ops-file to migrate to cf-deployment, we'll move it out of the test directory.

0.2.2

Manifest updates:

• Network has been renamed from private to default
• Garden debug server enabled.

Ops files updates:

• operations/experimental/locket.yml
  • Configures cells to use locket instead of consul
  • Configures TPS watcher to use locket instead of consul
• New: operations/test/add-datadog-firehose-nozzle.yml
  • Deploys a datadog firehose nozzle for shipping metrics to datadog. Mostly used for metrics in a test environment, and we don't recommend this ops file for general consumption yet. We'll move this out of the test directory if we decide to support this ops file long-term.

Fixes:

• operations/scale-to-one-az.yml
  • Removes an extraneous IP address from nats.machines on the mysql proxy job.
• UAA Clients
  • gorouter, tcp_emitter, and tcp_router no longer have the unnecessary refresh_token grant type.
  • cf client has an explicit, empty-string password
• Anchors moved so that manifest is valid yaml.

0.2.0

Release updates:

• cflinuxfs2-release is the new name (changed from cflinuxfs-rootfs-release).

Manifest updates:

• The network name for instance groups in cf-deployment have been renamed to default. Versions of bbl newer than 2.1.1 support this.
• HTTP Router has routing.router_groups.read scope
• consul_server link can be shared across deployments
• etcd job does not consume its own link. This change should be temporary.

Ops files updates:

• New operations/experimental/locket*.yml allows a deployer to opt in to the high experimental use of Locket.
• operations/tcp-routing-gcp.yml explicitly names a router group for the TCP router.
• operations/tcp-routing-gcp.yml sets routing_api.enabled to true for the Cloud Controller worker.

Manifest fixes:

• Mutual TLS certificates for the cc_uploader job have been moved to the correct location in the manifest.
• Deprecated UAA jwt properties have been removed.
• Unused diego_consul_client certificate has been removed.
• Unused blobstore TLS properties have been removed.

0.1.0

Ops Files:

• use-compiled-releases.yml allows the deployer to use a pre-compiled release for cf-mysql-release. This should speed up deploy times.

Configuration changes:

• diego-brain deploys with 10GB ephemeral disk
• bosh-lite is configured with a smaller default for app memory (256MB)
• diego-cell instance group does not start updating until diego-brain finished.
• Default quota allows for 100 route ports

0.0.2

Changes:

• New ops-file for scaling to single AZ
• Enable Zipkin on routers
• Split Cloud Controller workers into a separate instance group
• cfdot added to diego-bbs and diego-brain jobs