|
Re: Add support for multiple Credhubs to CF/Diego
Nic,
> Will we be enabling developers to store secrets (or secrets setup by their organization) that are loaded by Diego like currently exists only for service bindings?
I guess this is already
Nic,
> Will we be enabling developers to store secrets (or secrets setup by their organization) that are loaded by Diego like currently exists only for service bindings?
I guess this is already
|
By
Matthias Winzeler
·
#8177
·
|
|
Re: Add support for multiple Credhubs to CF/Diego
Will we be making credhub indirectly available to developers so they can populate secret variables for use with their manifest?
Currently if a developer wants secrets passed they need to store them
Will we be making credhub indirectly available to developers so they can populate secret variables for use with their manifest?
Currently if a developer wants secrets passed they need to store them
|
By
Dr Nic Williams <drnicwilliams@...>
·
#8176
·
|
|
Re: Add support for multiple Credhubs to CF/Diego
Hi all
Currently, the CF ecosystem supports two deployment architectures of Credhub (https://docs.cloudfoundry.org/credhub/#deployment-architecture ):
Colocated with BOSH, used for the secrets of
Hi all
Currently, the CF ecosystem supports two deployment architectures of Credhub (https://docs.cloudfoundry.org/credhub/#deployment-architecture ):
Colocated with BOSH, used for the secrets of
|
By
matthias.winzeler@...
·
#8175
·
|
|
Proposal: Improving Security for HTTP Ingress to CFAR Application Containers
Hi, everyone,
Building on the features and technologies the CF Diego and Routing teams have introduced into the CF App Runtime to improve application routing consistency, security, and stability
Hi, everyone,
Building on the features and technologies the CF Diego and Routing teams have introduced into the CF App Runtime to improve application routing consistency, security, and stability
|
By
Eric Malm <emalm@...>
·
#8174
·
|
|
Re: Variable Substitution in manifest.yml #
Hello Karthi,
Even we also get rid of all secrets managed in *.yml file and moved all secrets to the vault, and we have the simple jar which embedded into spring/spring boot war.
For Example, below
Hello Karthi,
Even we also get rid of all secrets managed in *.yml file and moved all secrets to the vault, and we have the simple jar which embedded into spring/spring boot war.
For Example, below
|
By
Lingesh Mouleeshwaran
·
#8173
·
|
|
Re: Variable Substitution in manifest.yml #
Thank you for confirming me.Can you point me to any examples /links on web of how it could be done in CI like in jenkins world for file creation that you were talking of.
Rgds,
Karthik.
Thank you for confirming me.Can you point me to any examples /links on web of how it could be done in CI like in jenkins world for file creation that you were talking of.
Rgds,
Karthik.
|
By
kvemula15@...
·
#8172
·
|
|
Feature Narrative - Configure egress policies dynamically
Hello,
The CF container networking team has received feedback from users regarding some pain points around using Application Security Groups (ASGs) for defining egress policies. After much research,
Hello,
The CF container networking team has received feedback from users regarding some pain points around using Application Security Groups (ASGs) for defining egress policies. After much research,
|
By
Preethi Varambally
·
#8171
·
|
|
Re: Variable Substitution in manifest.yml #
Yes that sounds right - or if you’re deploying in CI then your CI pipeline would create the vars.yml file for each diff target/stage.
Nic
From: 30111352660n behalf of
Sent: Tuesday, July 24, 2018
Yes that sounds right - or if you’re deploying in CI then your CI pipeline would create the vars.yml file for each diff target/stage.
Nic
From: 30111352660n behalf of
Sent: Tuesday, July 24, 2018
|
By
Dr Nic Williams <drnicwilliams@...>
·
#8170
·
|
|
Re: Variable Substitution in manifest.yml #
If the CF CLI doesn't support environment variables, It would be really wonderful if the file would consider environment variables. It would be more in line with the 12 factor manifesto, it would
If the CF CLI doesn't support environment variables, It would be really wonderful if the file would consider environment variables. It would be more in line with the 12 factor manifesto, it would
|
By
Josh Long <starbuxman@...>
·
#8169
·
|
|
Variable Substitution in manifest.yml #
Hi CF Team,
I was exploring on variable substitution in manifest.yml : https://docs.cloudfoundry.org/devguide/deploy-apps/manifest.html#variable-substitution
I see there is a vars.yml that can be used
Hi CF Team,
I was exploring on variable substitution in manifest.yml : https://docs.cloudfoundry.org/devguide/deploy-apps/manifest.html#variable-substitution
I see there is a vars.yml that can be used
|
By
kvemula15@...
·
#8168
·
|
|
Re: Unconference at CF Summit Basel 2018
Thanks for putting the time into another unconference.
I'm working on a book about the UAA; hopefully its done by the conf. Since the UAA is delightfully invisible to most people, I'd love to do 5-10
Thanks for putting the time into another unconference.
I'm working on a book about the UAA; hopefully its done by the conf. Since the UAA is delightfully invisible to most people, I'd love to do 5-10
|
By
Dr Nic Williams <drnicwilliams@...>
·
#8167
·
|
|
Unconference at CF Summit Basel 2018
Hi all,
We're pleased to confirm that there'll be an Unconference at Basel again this year at 6pm on Tuesday 9th October.
We're planning on the same rough schedule as last year, so talks interspersed
Hi all,
We're pleased to confirm that there'll be an Unconference at Basel again this year at 6pm on Tuesday 9th October.
We're planning on the same rough schedule as last year, so talks interspersed
|
By
Daniel Jones
·
#8166
·
|
|
Re: [CAUTION] Re: [cf-dev] Proposed BOSH logging interface
We haven't done anything beyond proposing the interface and implementing the option to respect permissions.
Since the time of this proposal, BPM has implemented a feature that should allow us to run
We haven't done anything beyond proposing the interface and implementing the option to respect permissions.
Since the time of this proposal, BPM has implemented a feature that should allow us to run
|
By
Jesse T. Alford
·
#8165
·
|
|
Re: cf-deployment 3.0
Thanks Geoff, Marco, Chip, Jesse, Bernd, and David for sharing your feedback and thoughts. You’ve expressed valid concerns and provided valuable context that I take to heart. I really appreciate the
Thanks Geoff, Marco, Chip, Jesse, Bernd, and David for sharing your feedback and thoughts. You’ve expressed valid concerns and provided valuable context that I take to heart. I really appreciate the
|
By
Josh Collins
·
#8164
·
|
|
Re: cf-deployment 3.0
Another point: most (certainly not all, but most) CVEs are stemcell, buildpack, or rootfs bumps that can be consumed safely/have minimal integration concerns. Even those that are in more substantive
Another point: most (certainly not all, but most) CVEs are stemcell, buildpack, or rootfs bumps that can be consumed safely/have minimal integration concerns. Even those that are in more substantive
|
By
Jesse T. Alford
·
#8163
·
|
|
Re: cf-deployment 3.0
As the previous project lead for RelInt, I want to speak to Marco's concerns directly. We _definitely_ considered the operator as an important persona during any decision-making; if anything, we were
As the previous project lead for RelInt, I want to speak to Marco's concerns directly. We _definitely_ considered the operator as an important persona during any decision-making; if anything, we were
|
By
David Sabeti
·
#8162
·
|
|
[High Severity CVE] UAA accepts refresh token as access token on admin endpoints
CVE-2018-11047: UAA accepts refresh token as access token on admin endpoints
Severity
HighVendor
Cloud Foundry FoundationAffected Cloud Foundry Products and Versions
You are using uaa versions 4.19
CVE-2018-11047: UAA accepts refresh token as access token on admin endpoints
Severity
HighVendor
Cloud Foundry FoundationAffected Cloud Foundry Products and Versions
You are using uaa versions 4.19
|
By
Dan Jahner
·
#8161
·
|
|
Re: cf-deployment 3.0
I was about to mention that I indeed enjoyed the existing CF model of releases which roughly translated to “you better run fast” for consumers.
The thing I found needed some tweaking in the
I was about to mention that I indeed enjoyed the existing CF model of releases which roughly translated to “you better run fast” for consumers.
The thing I found needed some tweaking in the
|
By
Krannich, Bernd
·
#8159
·
|
|
Re: cf-deployment 3.0
I don't agree with the claim that we didn't introduce major breaking changes in the past - we did. Routinely.
`cf-release` was sem-ver only insofar as every version was a major version. Changes just
I don't agree with the claim that we didn't introduce major breaking changes in the past - we did. Routinely.
`cf-release` was sem-ver only insofar as every version was a major version. Changes just
|
By
Jesse T. Alford
·
#8158
·
|
|
Re: cf-deployment 3.0
Food for thought: One of the challenges here is that maintaining patches for past coordinated releases is expensive (both in time and CI costs). In the CF ecosystem, this has traditionally been the
Food for thought: One of the challenges here is that maintaining patches for past coordinated releases is expensive (both in time and CI costs). In the CF ecosystem, this has traditionally been the
|
By
Chip Childers <cchilders@...>
·
#8157
·
|