|
Re: Is anyone successfully using IPSec along with Windows Server 2016 (1709)?
Pivotal has a commercial offering providing IPSec integration for the Windows stack. As a first stab, perhaps our public docs may contain some configuration clues for you?
On Sun, May 27, 2018 at 8:18 PM Aaron Huber <aaron.m.huber@...> wrote: We're testing out the new Windows version and everything appears to be working correctly with the exception of traffic from the routers to the containers via the NAT on the Windows cells. The IPSec session is working between the router and the Windows host itself but there is just no response when connecting to a mapped port inside a container. For example:
|
|
|
|
Re: Deprecation Notice: bosh-hm-forwarder is moving
Benjamin Gandon <benjamin@...>
Hi Adam,
toggle quoted messageShow quoted text
I understand that this BOSH Health Monitor Forwarder (that was donated to OSS in July 2016) is now deprecated. I also saw that PCF has moved away from it in v2.0. So I guess this bosh-hm-forwarder is replaced by something else. Could you give us more insights (or pointers) about why this component is now deprecated, what is replacing it, and whether it is OSS? Thanks for your answers.
|
|
|
|
Is anyone successfully using IPSec along with Windows Server 2016 (1709)?
Aaron Huber
We're testing out the new Windows version and everything appears to be working correctly with the exception of traffic from the routers to the containers via the NAT on the Windows cells. The IPSec session is working between the router and the Windows host itself but there is just no response when connecting to a mapped port inside a container. For example:
router (10.10.10.10) -> windows2016-cell (10.10.10.11) - works fine for any open port (rep, consul etc.) on the cell itself router (10.10.10.10) -> windows2016-cell (10.10.10.11) -> container (172.30.0.10) - no response to the external port for either HTTP or SSH (for example, 40000 and 40001) As soon as we turn off IPSec the traffic works just fine and we can access the app via the gorouter and cf ssh is connecting successfully. The error message from the router looks like this: curl http://10.10.10.11:40000/
curl: (7) Failed to connect to 10.10.10.11 port 40000: Connection refused Please let me know if you were able to get this working correctly. Aaron
|
|
|
|
Cloud Foundry Swift Client
Dwayne Forde <dwayne.forde@...>
Ahoy,
wanted to let everyone know that I made a small Cloud Foundry Swift Client. I've been using the code in a small iOS application to help monitor some applications on a Cloud Foundry foundation for a couple of years now. Finally got around to separating it into its own code base. I'm not sure how many Swift use cases are floating around the Cloud Foundry ecosystem, but it has come in handy for me. Feel free to use if the need come up. Cheers
|
|
|
|
[cfcr] Deprecation of ABAC authorization mode
Sean O'Sullivan
What We are looking to drop support Attribute Based Access Control as an authorization mode for Cloud Foundry Container Runtime in the near term planned release v0.18 Why RBAC is considered to have significant security advantages over ABAC, thus we don't see value in continuing to support this as a solution. We reached out to our user base and there is no feedback anyone has ABAC implemented. Sean O'Sullivan Product Manager - Cloud Foundry Container Runtime (CFCR) Dublin, Ireland
|
|
|
|
Re: 1 of 3 pre-start scripts failed. Failed Jobs: cloud_controller_ng. Successful Jobs: route_registrar, consul_agent.
PulPham <hungfq@...>
|
|
|
|
CF+K8S SIG Call tomorrow
Chip Childers <cchilders@...>
All, -- Tomorrow at 6 PM CET, 12 AM ET, 9 AM PT is our next CF+k8s SIG call. I've reached out to several projects to see if they want to provide a demo tomorrow, but schedules aren't aligning. The following call does have some demos scheduled already (two weeks from now). That said, we will still have a brief call tomorrow. Agenda will be: 1) Any project status updates worth highlighting 2) Open discussion on k8s + CF efforts Since there isn't a demo, I won't be switching to Zoom this time around. Expect the call to be fast. Join if interested! Join the call: www.uberconference.com/cchilders Dial in number: 215-315-3487 No PIN needed International Callers Dial the local number below based on your location. When prompted, enter your host's conference number (215-315-3487), then the "#" key. -Germany: 030 30807999 -Ireland: (01) 525 5652 -United Kingdom: 020 3514 1993 Other international numbers available here: https://www.uberconference.com/international -chip Chip Childers CTO, Cloud Foundry Foundation 1.267.250.0815
|
|
|
|
Re: Istio router on container overlay network
Mike Youngstrom
This is exciting work. Thanks for raising it here Gabe! Mike
On Mon, May 21, 2018 at 12:26 PM, Gabriel Rosenhouse <grosenhouse@...> wrote:
|
|
|
|
Istio router on container overlay network
Gabriel Rosenhouse <grosenhouse@...>
Hi all, The Cloud Foundry Networking team is planning to move the Istio Router (eventual replacement for gorouter) onto the overlay network used by app containers. If this interests you, please read our proposal here. We welcome feedback via comments on that doc, or reply to this email. Sincerely, Gabe & the CF Networking Team
|
|
|
|
Re: How to access CF services from external service in aws or k8s?
nilesh.subhash.salpe@...
FYI
--
From: "Salpe, Nilesh Subhash" <nilesh.subhash.salpe@...>
Hi Guys , Can you please help me with questions?
Regards, Nilesh
|
|
|
|
upcoming CFP deadlines
I just wanted to share a few upcoming deadlines for call for papers for events that might be relevant (and interesting) for y'all in our community to consider. The list here is sorted in the order of deadline dates.
InnerSource Day is a gathering of industry practitioners discussing real-world implementations of this community-inspired, transformational approach to software development within the enterprise. A number of companies are adopting the practices of open source to create an internal company collaboration under the rubric InnerSource. Do you have a story to share about how you’ve implemented InnerSource in your organization? We want to hear about your successes and failures to build the community and practice of InnerSource.
Submission deadline: Friday, May 25 Istio is an open platform for connecting, managing, and securing microservices, providing an easy way to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, without requiring any changes in service code. So, if you know how to leverage Istio with open source tools such as Prometheus and Zipkin, have an Istio demo, or a great story or best practice to share, we want to hear from you.
Submission deadline: Tuesday, May 29 DevOps Days Chicago DevOpsDays Chicago brings development, operations, QA, InfoSec, management, and leadership together to discuss the culture and tools to make better organizations and products. The 2018 event will be the fifth time we have held DevOpsDays Chicago, and it should be bigger and better than ever before!
Submission deadline: Friday, June 1 (13:06 UTC)Cloud Foundry Summit (Basel) Well, obviously!! :-) Cloud Foundry Summit Europe is the premier event for end users to learn the platform from those who build and use it every day. Join hundreds of developers in Basel to learn how to run apps at scale – using a platform or containers on multiple clouds. Submission deadline: Friday, June 1 (11.59pm US Pacific) TensorFlow is a fast, flexible, and easy to use open-source machine learning library for research and production. The TensorFlow Community Day aims to bring together contributors and users to share experiences, increase collaboration, and advance the state of open source machine learning. We're looking for 30-minute talks from the community cross-platform use cases, related open source projects, using TensorFlow in the real world and more. Submission deadline: Monday, June 4 Cheers, Swarna.
|
|
|
|
routing-release 0.178.0 released today
Shubha Anjur Tupil
Hi all, We cut routing-release 0.178.0 today downgrading Golang from 1.10 to 1.9. We found a breaking change in Golang 1.10 that the parsing of x509 certificates is much stricter. Github issues on the regression here and here. Our plan is to upgrade to Golang 1.10 when a fix is released for this issue. Side note: You might notice that there was no routing-release 0.177.0. The release is published but marked "Do Not Use" since it's a non-production ready release. We recommend skipping it. Regards, Routing team
|
|
|
|
CF CLI v6.36.2 Released Today: Downgrades Golang to 1.9
Abby Chau
Hi all, the CF CLI team released v6.36.2 today:Downgraded to Golang. 1.9Due to a regression with certs in Golang 1.10, we've decided to publish a new release and downgrade our Golang version to 1.9. This release is a tag of Other Fixes
Let us know if you have any questions, thanks! Best, Abby Chau CF Interim Product Manager - CLI
|
|
|
|
Re: CF Application Runtime PMC - CLI Project Lead Call for Nominations
Michael Maximilien
I second that nomination. I've worked with Abby and the CLI team recently and plan on working with them on and off as an engineer again this year. I have nothing but good things to mention. Best, max
On Tue, May 15, 2018 at 3:29 PM, Dieu Cao <dcao@...> wrote:
--
|
|
|
|
Welcome MS SQL Broker and MultiApps to CF-Extensions
Michael Maximilien
FYI... Brief announce to welcome MS SQL Broker [1] and MultiApps [2] to CF-Extensions. They were successfully voted in by members of the PMC. Congrats! The respective initial teams from Microsoft and Pivotal (MS SQL) and SAP (MultiApps) will be working with the CFF (Chris C. and others) to move initial code to cloudfoundry-incubator org. Feel free to ping team directly (see links below) or join the #cf-extensions slack channel for updates or best :) join our monthly calls [3].
|
|
|
|
Re: Feedback on service instance sharing (experimental)
Matt McNeeney
Hey Lukas, Very pleased to hear the feature is working as you expected! As things stand, the feature should be released as GA within the next couple of months, and so far we haven't received any feedback that has made us rethink about how the feature works today. Thanks, Matt
On Wed, May 16, 2018 at 11:38 AM Lukas Lehmann <lukas92lehmann@...> wrote:
|
|
|
|
Re: Feedback on service instance sharing (experimental)
Lukas Lehmann
Hi Matt, We have tested this feature in Swisscom and it works great and as expected. Is there a timeline on your side to release this future finally? Is there something we can further help you with testing or so? Best regards, Lukas 2018-03-27 16:05 GMT+02:00 Matt McNeeney <mmcneeney@...>:
--
Freundliche Grüsse
Lukas Lehmann
|
|
|
|
CF Application Runtime PMC - CLI Project Lead Call for Nominations
Dieu Cao <dcao@...>
Hello All, This email is overly delayed and I apologize for that. Jay Badenhope, the Project Lead for the cf CLI team within the Application Runtime PMC, transitioned to an internal project within Pivotal in late March. We thank him for his time serving as the CLI Project Lead. The cf CLI team, primarily located in San Francisco, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations to me/in reply to this posting by end of day May 22nd, 2018. If you have any questions about the role/process, please let me know. These are described in the CFF governance documents. [1] -Dieu Cao CF Application Runtime PMC Lead
|
|
|
|
Re: Improving Service Access in Cloud Foundry Application Runtime
Krannich, Bernd <bernd.krannich@...>
Hi Matt,
I was already tempted to ping you about the status of the topic. Seems like all the lobbying I did, both in writing [1] and in person is coming to a good end. 😉
I already left my feedback in the document and the suggested solution you outlined below looks good from my perspective.
Thanks so much, I believe users will like this quite a bit!
Regards, Bernd
[1] https://github.com/cloudfoundry/cloud_controller_ng/issues/837
From: <cf-dev@...> on behalf of Matt McNeeney <mmcneeney@...>
Hi all,
In Cloud Foundry Application Runtime, a Service Broker can only be registered once (either globally or space-scoped). This is because the Cloud Controller detects conflicts in the information exposed in a Service Broker's Catalog. However, we are aware of a number of use cases in which the same Service Broker should be registered multiple times in the platform, for example:
The CF Services API team would like to tackle this problem and have outlined a number of possible solutions in this proposal [0]. The solution we believe best solves this problem is allowing the name of a Service Broker to be used as an optional argument when multiple services with the same name are available in the marketplace. This would mean exposing the user-defined name of Service Brokers to all developers for the first time (we don't believe these to be confidential), and updating a number of CLI commands to display/consume this additional field.
For example, the marketplace would now should the name of a broker:
$ cf marketplace service plans broker description service1 small broker1 An example service service1 small broker2 An example service
And to create a new service instance using service1, the broker name would have to be provided:
$ cf create-service service1 small my-service More than one service called ‘mysql’ is available. Please specify the name of the broker from which to provision this service with the ‘-b’ flag.
$ cf create-service service1 small my-service -b broker1 OK
We are looking for feedback on this proposal before we start this work, so please provide any feedback you have over the next week!
[0] https://docs.google.com/document/d/1_OBnFCsL3ru43PEXocsCc3EuGaM0YLHjr0iAoXnakt4/edit?usp=sharing
|
|
|
|
Deprecating Cloud Controller DELETE /v2/apps/:guid/service_bindings/:guid?
Luis Urraca
Hi All, We are thinking about deprecating DELETE /v2/apps/:guid/service_bindings/:guid from the CC API. This endpoint is redundant as you can delete a service binding directly via DELETE /v2/service_bindings/:guid. We are also adding support for asynchronous service binding deletion and want new features to only exist in one place. Before marking this endpoint as deprecated we want to gather feedback from the community on who is using DELETE /v2/apps/:guid/service_bindings/:guid and whether switching to DELETE /v2/service_bindings/:guid would be an issue. Thanks, Services API (SAPI) Team Luis Urraca
|
|
|