Re: New lead for Community (CAB) meetings
Michael Maximilien
This is wonderful news!
Thanks Swarna for organizing the search and finding a leader.
And super thanks to Troy for stepping up. I am sure you will do fantastically well.
I am at your service. Best,
------ dr.max ibm ☁ silicon valley, ca maximilien.org
----- Original message -----
|
|||
|
|||
Component Changes in CF-for-K8s
Daniel Jones
Hi folks, What's the deal with components in CF getting CNCF-friendly replacements in CF-for-K8s? The repo points out that Istio, envoy, kpack and fluentd are in the mix. Presumably kpack is replacing traditional staging? And is fluentd replacing Loggregator, or supplementing it? Has there been any discussion of what this means for maintaining feature parity between CF4BOSH and CF4K8s, and for technical certification of CF platforms? Regards, Daniel 'Deejay' Jones - CTO +44 (0)79 8000 9153 EngineerBetter Ltd - More than cloud platform specialists
|
|||
|
|||
Re: [cf-bosh] CF Summit North America 2020: Seeking Program Chair Nominations
Daniel Jones
Hi Swarna, Will a blind selection process be possible this year? Regards, Daniel 'Deejay' Jones - CTO +44 (0)79 8000 9153 EngineerBetter Ltd - More than cloud platform specialists
On Fri, 7 Feb 2020 at 17:04, Swarna Podila <spodila@...> wrote:
|
|||
|
|||
CF Summit North America 2020: Seeking Program Chair Nominations
Dear Friends, It is that time of Cloud Foundry Summit again where we need your help in establishing the program committee to review CFP submissions. Given the new format of Summits this year, we will also look to our program chairs to help structure the content in the best way suited for our community. I've written up a quick post [1] that explains it and hopefully answers all your questions (if there are more questions, please don't hesitate to ask here or on in #summit or #cff-forum channels on slack). Get nominating today [2]! The nominations close on Feb 18, 11:59PM US PST. -- [2] https://docs.google.com/forms/d/e/1FAIpQLSeqpGbgr1vjrzMvgq-lm2BSPA1-lcKShvbqdQo1UYNH1ZgnOA/viewform -- Swarna Podila (she/her) Senior Director, Community | Cloud Foundry FoundationYou can read more about pronouns here, or please ask if you'd like to find out more.
|
|||
|
|||
Re: enable 2fa for UAA zone
JohnG
Hi Dan,
Thanks for your feedback on this topic. I not sure the whitelisting (IP) solution would hamper growing UAA as IDP proxy? Both can co-exist (IDP and IDP proxy) and there is certainly a need as cloud.gov team mentioned. Further, an example is predix.io which was forked out of uaa (from my little understanding of what documentation is available) I understand it is resource-coupled, but technically doable :) Do we need a voting for this pull request? If the matters are beyond what are transparent here on the thread, we can close this topic. Good day, Thanks -CG -- Sent from: http://cf-dev.70369.x6.nabble.com/
|
|||
|
|||
Re: New lead for Community (CAB) meetings
Hi Friends, Please join me in welcoming @Troy Topnik as the Cloud Foundry Community Advisory Board (CAB) Meeting host. Please also join me in thanking Dr. Max for his gracious, thoughtful, and inspiring leadership through these years in not establishing (the call and more importantly, the momentum) and leading CAB meetings to such great success. We will sorely miss him as the host but we will continue to see him as a participant. A huge thank you to @Neil MacDougall as well, for offering to support Troy as and when needed. I would also like to take this opportunity to thank the awesome folks at Stark & Wayne (especially Ashley!) for diligently hosting this meeting on their zoom bridge and recording every meeting. The recordings[1] are so much more helpful for those who cannot join these meetings live. Thank you, Ashley and the S&W crew, for continuing to do this. I would also like to thank the awesome folks at Altoros for diligently writing a summary of each call on their website[2]. These are extremely useful for those who are unable to either attend live or watch the recording. Thank you, Team Altoros. Looking forward to seeing you all in the next CAB meeting on Wednesday, February 19th at 11AM US Eastern. (You can add this and other regular community meetings to your own calendar from the community calendar posted here[3]) Cheers, Swarna. -- Swarna Podila (she/her) Senior Director, Community | Cloud Foundry FoundationYou can read more about pronouns here, or please ask if you'd like to find out more.
On Thu, Jan 23, 2020 at 7:54 AM Swarna Podila <spodila@...> wrote:
|
|||
|
|||
Re: enable 2fa for UAA zone
Dan Beneke
Hi CG - Thanks for the information and context. The case presented is similar in spirit to the conversation that occurred in PR #540 as noted earlier in this email by Peter. Generally, 2FA enablement is made difficult because it currently applies to all authentications broadly. We don't currently see a path for reopening this ticket and our thoughts as to why fall into two buckets: 1. It furthers the use of UAA as an identity provider and we believe it more valuable to focus on UAA as an identity proxyThere is a world where you could imagine UAA's functionality being split into two separate deployments - one acting as a proxy, the other acting as an IdP. In that world, the IdP portion could theoretically choose to maintain IdP-like features like 2FA/MFA. We aren't there yet, but with outcomes like that in mind, we want to ensure we aren't adding to the complexity of uncoupling UAA's IdP and proxy functionality sets. Regards, Dan Beneke Thanks Dan and I also followed a bit the link that Peter provided on this.
|
|||
|
|||
Re: New lead for Community (CAB) meetings
Thank you, Troy. Dear Community, Here is a last call if anyone else would like to support Troy or nominate themselves to co-lead CAB with Troy. The "call for nominations" will officially close at11:59PM US Pacific (it is still Feb 5th here in my timezone ;) ). -- Swarna Podila (she/her) Senior Director, Community | Cloud Foundry FoundationYou can read more about pronouns here, or please ask if you'd like to find out more.
On Wed, Feb 5, 2020 at 7:49 AM Troy Topnik <troy.topnik@...> wrote: I'd be happy to take this on if nobody else is biting. I hereby nominate myself. :)
|
|||
|
|||
Re: New lead for Community (CAB) meetings
Dr Nic Williams <drnicwilliams@...>
Thanks Troy, that sounds awesome. Thanks again Dr Max for many awesome years running CAB calls. Nic --
|
|||
|
|||
cf-networking-release v2.28.0 & silk-release v2.28.0
Keshav Sharma
Hi cf-dev, cf-networking-release v2.28.0 & silk-release v2.28.0 have been cut!
Release Highlights
Silk-Release v2.28.0
Release Highlights
CF-Bosh Networking
|
|||
|
|||
Re: New lead for Community (CAB) meetings
I'd be happy to take this on if nobody else is biting. I hereby nominate myself. :)
For those that don't know me, I am a Product Manager at SUSE responsible for SUSE Cloud Application Platform. I have been working in and around Cloud Foundry since 2011 as a technical writer, instructor, product manager, and enthusiastic user. I've recently been focused on Cloud Foundry incubator projects related to Kubernetes (Eirini and Quarks), and on the Stratos web user interface.
Huge thanks to Dr. Max for leading these meetings over the years! -- Troy Topnik
Senior Product Manager,
SUSE Cloud Application Platform
troy.topnik@...
|
|||
|
|||
IMPORTANT NOTICE: [dotnet-core-buildpack] End of Support for dotnet-runtime versions 3.0.x after 2020-03-03
Kashyap Vedurmudi <kvedurmudi@...>
The first release of the .NET Core buildpack after March 3, 2020 will no longer include dotnet-runtime versions 3.0.x. These .NET versions will no longer be supported upstream.[1] Please migrate your .NET Core apps to supported versions of dotnet-runtime before that time. Note: Unless you are manually specifying a version of dotnet-runtime for the buildpack to use, or you have customized your .NET Core buildpack, no action is required. As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel. [1] - https://dotnet.microsoft.com/platform/support/policy/dotnet-core Thanks, Kashyap Vedurmudi, CF Buildpacks PM
|
|||
|
|||
Re: enable 2fa for UAA zone
Dan Beneke
Hi Enrique - Yes, either SAML or LDAP. CF supports connections to LDAP and SAML external IdPs. Regards, Dan Beneke
On Tue, Feb 4, 2020 at 2:41 AM Enrique Cano <enrique.canocarballar@...> wrote: Hi Dan
|
|||
|
|||
Re: enable 2fa for UAA zone
Enrique Cano
Hi Dan
Is the expectation then that we would integrate with the external IdP via SAML? Thanks Enrique
|
|||
|
|||
Routing Release 0.198. 0
Keshav Sharma
Hello cf-eng, Routing Release 0.198.0 has been cut! Release Highlights
CF-Bosh Networking
|
|||
|
|||
Re: On SelfServiceLinksEnabled
#uaa
JohnG
Thanks again Dan for your feedback. We will certainly try that option. Good day.
best regards -CG
|
|||
|
|||
Re: enable 2fa for UAA zone
JohnG
Thanks Dan and I also followed a bit the link that Peter provided on this.
Definitely I can see use-case as proxy as well as IDP itself. Would it be possible to strike a middle path here, in the sense that based on filters and whitelist of IP CIDRs the operators/admins can configure to accept API calls without 2FA, while anywhere outside would accept users credentials with in-built 2FA. So that way the auto-tests would not break (eg within CF vPC or dev env which are typically pvt ip-ranges) Is there a path for reopening of the mentioned/closed ticket?
|
|||
|
|||
Re: On SelfServiceLinksEnabled
#uaa
Dan Beneke
Hi CG - It looks as if you've taken the right step to disable the create account and password reset links. We'd expect selfServiceLinksEnabled to have the documented effect (determines if users are allowed to sign up or reset their passwords via the UI) and aren't aware of open issues with its function. Keep in mind that this value isn't global as it can be set for each individual identity zone. If you think you've found a bug/issue, I'd encourage you to open a github issue supplying content that will allow the team to recreate the situation. As for suppressing just one of the two self service links, that feature isn't offered. Currently, enablement or disablement occurs jointly. If it's of any value, you do have the option to set the destination http link for the 'create an acct' experience using config.links.selfService.signup . I've seen implementations wherein this link takes users to a joint self service page with the information they need to either create an account or reset their password. Regards, Dan Beneke
in the uaa.yml, when I set selfServiceLinksEnabled to false
|
|||
|
|||
Re: New CLA tool for Cloud Foundry
Chris Clark
Hi all, I’ve got a few updates to the EasyCLA migration, now a few months behind us:
|
|||
|
|||
Re: enable 2fa for UAA zone
Peter Burkholder
Sorry my response was so blunt. Product tradeoff decisions are always hard and you can't make everyone happy. Just wanted to let you know that there are consumers for this feature if you do revisit anytime soon.
|
|||
|