cf-networking-release v2.28.0 & silk-release v2.28.0
Hi cf-dev,
cf-networking-release v2.28.0 & silk-release v2.28.0 have been cut!
Release HighlightsRelease Highlights- Platform operators can expose UDP services running on the host, in the same way that TCP services can be exposed currently. details
CF-Bosh Networking
|
|
Re: New lead for Community (CAB) meetings

Troy Topnik
I'd be happy to take this on if nobody else is biting. I hereby nominate myself. :)
For those that don't know me, I am a Product Manager at SUSE responsible for SUSE Cloud Application Platform. I have been working in and around Cloud Foundry since 2011 as a technical writer, instructor, product manager, and enthusiastic user. I've recently been focused on Cloud Foundry incubator projects related to Kubernetes (Eirini and Quarks), and on the Stratos web user interface.
Huge thanks to Dr. Max for leading these meetings over the years!
TT --
Troy Topnik
Senior Product Manager,
SUSE Cloud Application Platform
troy.topnik@...
|
|
IMPORTANT NOTICE: [dotnet-core-buildpack] End of Support for dotnet-runtime versions 3.0.x after 2020-03-03
Kashyap Vedurmudi <kvedurmudi@...>
The first release of the .NET Core buildpack after March 3, 2020 will no longer include dotnet-runtime versions 3.0.x. These .NET versions will no longer be supported upstream.[1] Please migrate your .NET Core apps to supported versions of dotnet-runtime before that time.
Note: Unless you are manually specifying a version of dotnet-runtime for the buildpack to use, or you have customized your .NET Core buildpack, no action is required.
As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel.
[1] - https://dotnet.microsoft.com/platform/support/policy/dotnet-core
Thanks, Kashyap Vedurmudi, CF Buildpacks PM
|
|
Re: enable 2fa for UAA zone
Hi Enrique -
Yes, either SAML or LDAP. CF supports connections to LDAP and SAML external IdPs.
Regards, Dan Beneke
toggle quoted messageShow quoted text
Hi Dan
Is the expectation then that we would integrate with the external IdP via SAML?
Thanks
Enrique
|
|
Re: enable 2fa for UAA zone
Hi Dan
Is the expectation then that we would integrate with the external IdP via SAML?
Thanks
Enrique
|
|
Hello cf-eng, Release Highlights
- When application developers embed content and also enable sticky sessions, they want cookies to travel through embedded content. The gorouter now sets vcap_id SameSite value based on JSESSIONID to prevent a sticky session error details
CF-Bosh Networking
|
|
Re: On SelfServiceLinksEnabled
#uaa
Thanks again Dan for your feedback. We will certainly try that option. Good day.
best regards -CG
|
|
Re: enable 2fa for UAA zone
Thanks Dan and I also followed a bit the link that Peter provided on this.
Definitely I can see use-case as proxy as well as IDP itself.
Would it be possible to strike a middle path here, in the sense that based on filters and whitelist of IP CIDRs the operators/admins can configure to accept API calls without 2FA, while anywhere outside would accept users credentials with in-built 2FA. So that way the auto-tests would not break (eg within CF vPC or dev env which are typically pvt ip-ranges)
Is there a path for reopening of the mentioned/closed ticket?
|
|
Re: On SelfServiceLinksEnabled
#uaa
Hi CG -
It looks as if you've taken the right step to disable the create account and password reset links. We'd expect selfServiceLinksEnabled to have the documented effect (determines if users are allowed to sign up or reset their passwords via the UI) and aren't aware of open issues with its function. Keep in mind that this value isn't global as it can be set for each individual identity zone. If you think you've found a bug/issue, I'd encourage you to open a github issue supplying content that will allow the team to recreate the situation.
As for suppressing just one of the two self service links, that feature isn't offered. Currently, enablement or disablement occurs jointly. If it's of any value, you do have the option to set the destination http link for the 'create an acct' experience using config.links.selfService.signup . I've seen implementations wherein this link takes users to a joint self service page with the information they need to either create an account or reset their password.
Regards, Dan Beneke
toggle quoted messageShow quoted text
in the uaa.yml, when I set selfServiceLinksEnabled to false under
login: |
|
selfServiceLinksEnabled: false |
they (create an acc and password reset link) still appear. Any reliable way to disable them?
Further, is there a way to just suppress "create an acc" with selfServiceLinksEnabled: false ? and still have self service password reset enabled?
Thanks in anticipation
best regards -CG
|
|
Re: New CLA tool for Cloud Foundry
Hi all,
I’ve got a few updates to the EasyCLA migration, now a few months behind us:
We’ve removed the prompt to click on “CFF Migration” for previously whitelisted contributors. We’ll be deprecating this shortly, as it was intended as a temporary bridge to minimize disruption to contributors and avoid having covered committers and companies re-sign a CLA. At this point we assume the vast majority of active committers has already signed up with EasyCLA (anyone who has a commit since October has, and that's over 500 committers). Going forward, we’ll ask everyone else to sign a new CLA, which should only take a minute or two.
Previously, the cloudfoundry and cloudfoundry-incubator GitHub orgs had been whitelisted. This should not have been the case. While the majority of these orgs’ members are covered by an existing CCLA or ICLA, membership in those orgs alone should not exempt committers from being covered by a CLA. Going forward, these orgs will not be whitelisted… so, if you’ve authorized EasyCLA with "CFF Migration" and your whitelisting was based on membership in one of these orgs alone, you may need to re-authorize EasyCLA and select your employer's CCLA, or sign an ICLA. Either way, this should just take a couple minutes.
Bots: If you have an issue with a CI (or any other) bot that makes commits (and therefore will trigger the CLA check), please open a ticket with LF IT (the EasyCLA app will prompt this in the GitHubPR), and they should be able to take care of this for you.
Please reach out to me, or LF IT, if you have any questions, issues, or feedback. Thank you again for your patience with all this!
|
|
Re: enable 2fa for UAA zone
Sorry my response was so blunt. Product tradeoff decisions are always hard and you can't make everyone happy. Just wanted to let you know that there are consumers for this feature if you do revisit anytime soon.
|
|
Re: enable 2fa for UAA zone
> We see the UAA more frequently used as an identity proxy than as an IdP
This may be true because UAA doesn't support MFA. cloud.gov runs its own IdP simply because MFA is not supported by UAA. To quote from Bret Mogilefsky from https://github.com/cloudfoundry/cf-deployment/pull/540
> This is a shocking disappointment. The cloud.gov team predicated a chunk of their roadmap on the understanding that MFA was staying.
|
|
Re: enable 2fa for UAA zone
Hi CG -
The 2FA/MFA feature still exist in the most recent versions of UAA, but Dr. Nic is correct in suggesting that our intent is to remove it. We see the UAA more frequently used as an identity proxy than as an IdP, and often the IdP feature is used to store service accounts over actual human users that would be able to interact with 2FA/MFA flows. The predominance of this usage pattern has led us to consider viewing UAA on a path to become a stronger identity proxy tool wherein the user brings their own identity (IdP). This suggests 2FA/MFA features would/could be applied to the external IdP and not to the UAA itself as it would only be acting as a proxy.
Regards, Dan Beneke
toggle quoted messageShow quoted text
>I think the UAA team deprecated or removed 2FA/MFA features.
Not sure I am following the "why", to remove 2FA for UAA zone?
Any documentation pointing to that would be much appreciated.
Thanks Dr Nic!
|
|
On SelfServiceLinksEnabled
#uaa
in the uaa.yml, when I set selfServiceLinksEnabled to false under
login: |
|
selfServiceLinksEnabled: false |
they (create an acc and password reset link) still appear. Any reliable way to disable them? Further, is there a way to just suppress "create an acc" with selfServiceLinksEnabled: false ? and still have self service password reset enabled?
Thanks in anticipation
best regards -CG
|
|
Re: New lead for Community (CAB) meetings

Swarna Podila
Hi Everyone, Bringing this to the top of your inboxes, y'all.
Please send in your nominations by Wednesday, February 5th.
-- Swarna Podila (she/her) Senior Director, Community | Cloud Foundry FoundationYou can read more about pronouns here, or please ask if you'd like to find out more.
toggle quoted messageShow quoted text
On Thu, Jan 23, 2020 at 7:54 AM Swarna Podila < spodila@...> wrote: Dear CF Community, Max (popularly known as "Dr. Max", cc'd here) has been running Cloud Foundry Community Advisory Board (CAB) meetings for the past 4-ish years now. As he mentioned during the recent calls, 2020 is a great opportunity for any of you in the community to nominate yourself (or someone you know is interested) to take the baton from Max. Max will continue being an active member of our community; we just think that other members may want to take an opportunity to step up and make their mark in our community.
The responsibilities will be to host - the monthly CAB calls by sourcing interesting topics/demos for the meetings
- in-person CAB meetings at Cloud Foundry Summits (we, from the Foundation, can help you with that)
If you are unsure of the responsibilities or if you would like to talk to Max directly, please feel free to reach out to him.
Please send us your nominations no later than February 5th.
-- Swarna Podila (she/her) Senior Director, Community | Cloud Foundry FoundationYou can read more about pronouns here, or please ask if you'd like to find out more.
|
|
Re: enable 2fa for UAA zone
>I think the UAA team deprecated or removed 2FA/MFA features.
Not sure I am following the "why", to remove 2FA for UAA zone?
Any documentation pointing to that would be much appreciated.
Thanks Dr Nic!
|
|
Re: enable 2fa for UAA zone
Dr Nic Williams <drnicwilliams@...>
I think the UAA team deprecated or removed 2FA/MFA features.
Nic -- Dr Nic Williams Stark & Wayne LLC +61 437 276 076 twitter @drnic
|
|
Greetings. I hope this mailing forum can give me pointers on the following How to enable 2fa (but-in google-authenticator) for UAA (base and default zone)? After creating a 2fa provider, when I try to update UAA zone via curl/api post with update setting mfaconfig etc. I don't see any response back (yes, with right admin client access token) Also when directly updated the database query on identity_zone, config, when it reboots it restores mfaconfig enabled to false. Is there something 'am missing ; appreciate any pointers on this Thanks CG -- Sent from: http://cf-dev.70369.x6.nabble.com/
|
|
Re: Bi-weekly Round-Up: Technical + Ecosystem Updates
Dr Nic Williams <drnicwilliams@...>
Thanks Chris for compiling this!
Nic
toggle quoted messageShow quoted text
On Wed, 29 Jan 2020 at 11:12 am, Chris Clark < cclark@...> wrote:
In 2020, we thought it would be beneficial to share more frequent updates on various happenings in the Cloud Foundry ecosystem: community news, projects, releases, demos, recordings of community meetings, must-read articles, and other interesting finds within the community. Expect brief round-ups like this every two weeks going forward. We hope you find this useful and interesting - feedback welcome!
From The Last Few Weeks:
- cf cli v6.49.0 was released: https://lists.cloudfoundry.org/g/cf-dev/topic/cf_cli_v6_49_0_is_available/69541640?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,69541640
- cf routing v0.197.0 was released: https://lists.cloudfoundry.org/g/cf-dev/topic/routing_release_0_197_0/69741399?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,69741399
- Quarks project released CF Operator v1.0: https://lists.cloudfoundry.org/g/cf-bosh/topic/cf_dev_cf_bosh_project/68858276?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,68858276
- The CAB call was held on Jan 15, where KubeCF was demo’ed by SUSE: https://docs.google.com/document/d/1SCOlAquyUmNM-AQnekCOXiwhLs6gveTxAcduvDcW_xI/edit#heading=h.mewn94q54hla
- From Jan 7 Runtime PMC meeting: The Release Integration team has launched bi-weekly schedule for cf-deployment minor releases with early positive feedback.
- Interesting writeup of cloudnativebuildpacks.io: https://devstack.in/2020/01/03/introduction-to-cloud-native-buildpacks-with-kubernetes/
- CF for Kubernetes SIG call videos from January are up:
Jan 7 – https://www.youtube.com/watch?v=D2DZNetyV5U&feature=youtu.be
Jan 21 – https://www.youtube.com/watch?v=hob5Qj8Gaso&=&feature=youtu.be
Dates To Remember (All times US Pacific):
- CF for Kubernetes SIG call – 8:30 AM on Feb 4
- Bi-Weekly CF App Runtime PMC meeting – 10:30 AM on Feb 4
Interesting Finds from Around the Web:
- SUSE released v0.1.0 of KubeCF: https://lists.cloudfoundry.org/g/cf-dev/topic/kubecf_0_1_0/69269395?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,69269395
- A cool video from IBM putting Cloud Foundry and Kubernetes in context published back in October: https://youtu.be/oUpqXxmr6oU
- Google Cloud Next will be April 6 to 8 in SF: https://cloud.google.com/blog/topics/google-cloud-next/join-us-at-google-cloud-next-2020
- Harness.io wrote a bit about how CI/CD and PaaS are better together: https://harness.io/2020/01/platform-as-a-service-series-part-3-3-paas-and-harness-better-together/
- Neat writeup about cloud.gov and the concept of “Government as a Platform”: https://cloudbestpractices.net/cloud-gov/
- Congratulations to Resilient Scale: https://www.linkedin.com/pulse/exciting-times-resilient-scale-steve-greenberg/
- Setting up App Autoscaler using Stark and Wayne’s Genesis https://starkandwayne.com/blog/setting-up-cf-autoscaler-using-genesis/
- Running Cloud Foundry on Kubernetes using kubecf https://starkandwayne.com/blog/running-cloud-foundry-on-kubernetes-using-kubecf/
- CF Summit promotional video https://youtu.be/ZcJRvW5E7wo
Who’s hiring?
-- Dr Nic Williams Stark & Wayne LLC +61 437 276 076 twitter @drnic
|
|
Bi-weekly Round-Up: Technical + Ecosystem Updates
In 2020, we thought it would be beneficial to share more frequent updates on various happenings in the Cloud Foundry ecosystem: community news, projects, releases, demos, recordings of community meetings, must-read articles, and other interesting finds within the community. Expect brief round-ups like this every two weeks going forward. We hope you find this useful and interesting - feedback welcome!
From The Last Few Weeks:
- cf cli v6.49.0 was released: https://lists.cloudfoundry.org/g/cf-dev/topic/cf_cli_v6_49_0_is_available/69541640?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,69541640
- cf routing v0.197.0 was released: https://lists.cloudfoundry.org/g/cf-dev/topic/routing_release_0_197_0/69741399?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,69741399
- Quarks project released CF Operator v1.0: https://lists.cloudfoundry.org/g/cf-bosh/topic/cf_dev_cf_bosh_project/68858276?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,68858276
- The CAB call was held on Jan 15, where KubeCF was demo’ed by SUSE: https://docs.google.com/document/d/1SCOlAquyUmNM-AQnekCOXiwhLs6gveTxAcduvDcW_xI/edit#heading=h.mewn94q54hla
- From Jan 7 Runtime PMC meeting: The Release Integration team has launched bi-weekly schedule for cf-deployment minor releases with early positive feedback.
- Interesting writeup of cloudnativebuildpacks.io: https://devstack.in/2020/01/03/introduction-to-cloud-native-buildpacks-with-kubernetes/
- CF for Kubernetes SIG call videos from January are up:
Jan 7 – https://www.youtube.com/watch?v=D2DZNetyV5U&feature=youtu.be
Jan 21 – https://www.youtube.com/watch?v=hob5Qj8Gaso&=&feature=youtu.be
Dates To Remember (All times US Pacific):
- CF for Kubernetes SIG call – 8:30 AM on Feb 4
- Bi-Weekly CF App Runtime PMC meeting – 10:30 AM on Feb 4
Interesting Finds from Around the Web:
- SUSE released v0.1.0 of KubeCF: https://lists.cloudfoundry.org/g/cf-dev/topic/kubecf_0_1_0/69269395?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,69269395
- A cool video from IBM putting Cloud Foundry and Kubernetes in context published back in October: https://youtu.be/oUpqXxmr6oU
- Google Cloud Next will be April 6 to 8 in SF: https://cloud.google.com/blog/topics/google-cloud-next/join-us-at-google-cloud-next-2020
- Harness.io wrote a bit about how CI/CD and PaaS are better together: https://harness.io/2020/01/platform-as-a-service-series-part-3-3-paas-and-harness-better-together/
- Neat writeup about cloud.gov and the concept of “Government as a Platform”: https://cloudbestpractices.net/cloud-gov/
- Congratulations to Resilient Scale: https://www.linkedin.com/pulse/exciting-times-resilient-scale-steve-greenberg/
- Setting up App Autoscaler using Stark and Wayne’s Genesis https://starkandwayne.com/blog/setting-up-cf-autoscaler-using-genesis/
- Running Cloud Foundry on Kubernetes using kubecf https://starkandwayne.com/blog/running-cloud-foundry-on-kubernetes-using-kubecf/
- CF Summit promotional video https://youtu.be/ZcJRvW5E7wo
Who’s hiring?
|
|