Home Messages Hashtags Subgroups

#8681

routing-release 0.189.0

Aidan Obley <aobley@...>

Hello cf-dev!

This release includes several fixes and improvements. Notably, this release encrypts the control plane interactions with the routing-api.

Release Highlights

Gorouter is configurable to prune with TTL when using TLS to validate backend identity. This is a temporary mitigation of an issue where a route deregistration message is lost details
gorouter_ctl runs correctly on Xenial stemcells details
Operator can configure routing-api to support mTLS connections details
Routing API provides a bosh link that route registrar consumes to enable mTLS with the routing api details
Operator can configure route-registrar to communicate over mTLS to routing-api details
gorouter consumes Routing-API Link for mtls properties details
Operator can configure gorouter to fetch routes over mTLS from routing-api details
TCP Router consumes Routing-API Link for mtls properties details
Operator can configure tcp-router to communicate over mTLS to routing-api details
Route registrar route_registrar.routing_api.skip_ssl_validation property is now correctly applied details
Operator can to configure gorouter with client certs for route services details
cloudfoundry/routing-release #146: Deploy does not fail when required property server_cert_domain_san is not configured details

Manifest Property Changes

Job	Property	0.188.0 Default	0.189.0 Default
gorouter	`router.route_services.cert_chain`	did not exist	`undefined`
gorouter	`router.route_services.private_key`	did not exist	`undefined`
gorouter	`routing_api.uri`	http://routing-api.service.cf.internal	https://routing-api.service.cf.internal
gorouter	`routing_api.port`	3000	from routing_api link
gorouter	`routing_api.ca_certs`	did not exist	from routing_api link
gorouter	`routing_api.cert_chain`	did not exist	from routing_api link
gorouter	`routing_api.private_key`	did not exist	from routing_api link
gorouter	`router.prune_all_stale_routes`	did not exist	false
gorouter	`router.set_kernel_parameters`	did not exist	true
route_registrar	`route_registrar.logging_level`	did not exist	info
route_registrar	`route_registrar.routing_api.api_url`	http://routing-api.service.cf.internal:3000	https://routing-api.service.cf.internal:3001
route_registrar	`route_registrar.routing_api.client_cert`	did not exist	from routing_api link
route_registrar	`route_registrar.routing_api.client_private_key`	did not exist	from routing_api link
route_registrar	`route_registrar.routing_api.server_ca_cert`	did not exist	from routing_api link
routing-api	`routing_api.enabled_api_endpoints`	did not exist	“both”
routing-api	`routing_api.mtls_port`	did not exist	3001
routing-api	`routing_api.mtls_ca`	did not exist	generated by credhub
routing-api	`routing_api.mtls_server_cert`	did not exist	generated by credhub
routing-api	`routing_api.mtls_server_key`	did not exist	generated by credhub
routing-api	`routing_api.mtls_client_cert`	did not exist	generated by credhub
routing-api	`routing_api.mtls_client_key`	did not exist	generated by credhub
routing-api	`consul.servers`	http://127.0.0.1:8500	removed property
routing-api	`routing_api.skip_consul_lock`	false	removed property
tcp_router	`routing_api.uri`	http://routing-api.service.cf.internal	https://routing-api.service.cf.internal
tcp_router	`routing_api.port`	3000	from routing_api link
tcp_router	`routing_api.client_cert`	did not exist	from routing_api link
tcp_router	`routing_api.client_private_key`	did not exist	from routing_api link
tcp_router	`routing_api.ca_cert`	did not exist	from routing_api link

Regards,

The Networking Program

#8681

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.

Home Hashtags Subgroups Terms