1. Cf-Dev
  2. Messages

Expanded

Topics Messages
   Date   
Is SAML configuration optional in UAA? #uaa

Enrique Cano
 

Hi

If we don't need to use the SAML protocol with UAA, do we really need to configure that section e.g. encryption keys? It seems UAA won't start if that section is empty.

Thanks
Enrique
cf-for-k8s 0.3.0 alpha release

Saikiran Yerram <syerram@...>
 

Hello CF community,

 

We just shipped cf-for-k8s 0.3.0 alpha release.

 

Feedback Survey

We would love to hear from the CF community on your experience with cf-for-k8s. Your feedback helps us improve our product and processes. Please take a moment to submit your feedback with this survey. Thanks in advance!

Notable changes since the last (v0.2.0) release

New features and Bug fixes

  • 🔥 Platform operators can now set ingress certs for cf apps using the new property workloads_certificate🔥
    • By separating certificate properties for CF API domain (system_certificate), app domains (workloads_certificate), and internal system components (internal_certificate), operators get granular control in creating certificates for different domains.
  • Resolved an issue when upgrading the internal Minio blobstore to new versions (Issue #164).
  • Resolved an issue when upgrading the internal Postgres database (Bitnami Postgres helm chart) (Issue #212). Please note that kapp exits [1] before the Postgres statefulset is available. In addition, rotating database passwords on an existing install do not currently work.
  • Platform operators can now install cf-for-k8s on Kubernetes 1.18 version. You can follow the newest (1.18) and the oldest version (1.14) changes by watching supported_k8s_versions.yml file.
  • Platform operators and app developers can see metrics after pushing the app using the cf cli v7 rolling strategy (Issue #177).
  • Platform operators will now get an error message if the kapp CLI version does not meet the minimum kapp version required to install cf-for-k8s. (This was already the case for vendir and ytt.)
  • Platform operators should see a reduction in insufficient CPU errors when installing cf-for-k8s (Issue #103). With PriorityClass for DaemonSet, K8s will schedule DaemonSet first before scheduling pods.
  • Platform operators can now consume Istio pilot metrics.
  • App Developers can pass environment variables with cf push (Issue #163).

[1] This is a known issue. You will have to manually check for the statefulset pod health before running cf-cli commands.

Other updates

  • CAPI now includes API readiness configuration, so that it can receive traffic only when it’s ready to accept.
  • Changed prefix for user-facing CAPI names to "cf-api".

What we are working on next

  • Continue to resolve issues pertaining to cf-for-k8s upgradability. With v0.3.0 release, Operators can now upgrade Minio, PostgresDB, and config-maps changes. Our next milestone is to resolve upgrade issues with system components, K8s cluster version, and 3rd party components.
  • Incorporate the full set of Paketo Cloud Native Buildpacks into cf-for-k8s.
  • Collaborate with contributing projects in establishing a workflow on consuming releases.

Have a question, reach out to us

Our slack channels

Interested in contributing?

  • The easiest way to get involved is to start attending the SIG meetings, join the #cf-for-k8s slack channel, and subscribe to the cf-dev@... mailing list.
  • You can also start by improving the docs. Install cf-for-k8s using the deploy docs and if you notice issues or discrepancies in the docs, you can submit a PR.

 
Re: Seeking Nominations: Cloud Foundry Extensions PMC

Neil MacDougall <NMacDougall@...>
 

All,

 

I believe we are still seeking nominations for the extensions PMC.

 

I’d like to nominate Troy Topnik from SUSE – he has a passion for Cloud Foundry that would serve the extensions PMC well.

 

Regards,

 

Neil

 

From: Swarna Podila <spodila@...>
Date: Thursday, 7 May 2020 at 00:57
To: CF Developers Mailing List <cf-dev@...>, cf-extensions-pmc <cf-extensions-pmc@...>, Michael Maximilien <maxim@...>
Subject: Re: Seeking Nominations: Cloud Foundry Extensions PMC

 

Hi Everyone,

Just a quick reminder to send us your nominations by the end of Friday (May 8).

 

Cheers!

 

-- Swarna Podila (she/her)

Senior

 Director

, Community

 | Cloud Foundry Foundation

 

You can read more about pronouns here, or please ask if you'd like to find out more.

 

 

On Thu, Apr 30, 2020 at 4:30 PM Swarna Podila <spodila@...> wrote:

Hi All,

You may have seen Dr. Max's note earlier.  After leading Extensions PMC for almost four years, he would like to step down and make space for new folks to take on the role. 

 

Please send in your nominations for a new lead for Cloud Foundry Extensions PMC by the end of day next Friday, May 8, 2020. 

 

-- Swarna Podila (she/her)

Senior

 Director

, Community

 | Cloud Foundry Foundation

 

You can read more about pronouns here, or please ask if you'd like to find out more.

--
You received this message because you are subscribed to the Google Groups "cf-extensions-pmc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cf-extensions-pmc+unsubscribe@....
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/cf-extensions-pmc/CAPYQVGLQO3vLjyQ-YKvPWV8nWmf_40tndAB_Tg3WC5WaepAh%3DA%40mail.gmail.com.
Cloud Foundry Community Award Nomination Form

Paige O'Connor <poconnor@...>
 

Google Forms
Having trouble viewing or submitting this form?
Fill out in Google Forms
I've invited you to fill out a form:
Cloud Foundry Community Award Nomination Form
Please nominate individuals and/or teams from our community for the bi-annual Cloud Foundry Community Awards. These Awards recognize and appreciate contributions from the individuals in the CF community and will be presented at NA Summit.
    Email address *
    Categories *
    Committed Contributor Awesome Advocate Inspirational User
    Name of Nominee *
    Give us brief insight into why you nominated this individual and/ or team. *
This form was created inside of Cloud Foundry.
Report Abuse - Terms of Service - Additional Terms
Create your own Google Form
Re: Routing Release 0.201.0

Amelia Downs
 

*golang 1.14.4

Sadly, we are not living in some great post-pandemic future.

From: Amelia Downs
Sent: Tuesday, June 2, 2020 10:13 AM
To: cf-dev@... <cf-dev@...>
Subject: Routing Release 0.201.0
 

Hello cf-dev,

Routing Release 0.201.0 has been cut! It's an exciting one.


Release Highlights

  • Bump to golang 2.14.4
  • Bug Fix: Updated the logic for configuring drain timeout so that it always uses the value that is configured. There should not be a magic value (60) that it ignores and uses request_timeout instead.


Enjoy!
CF-Bosh Networking Team
Routing Release 0.201.0

Amelia Downs <adowns@...>
 

Hello cf-dev,

Routing Release 0.201.0 has been cut! It's an exciting one.


Release Highlights

  • Bump to golang 2.14.4
  • Bug Fix: Updated the logic for configuring drain timeout so that it always uses the value that is configured. There should not be a magic value (60) that it ignores and uses request_timeout instead.


Enjoy!
CF-Bosh Networking Team
How do we get the user attributes from AD into the ID Token ?

Shetty, Viraj S [CTR]
 

Hi Martijn –

 

Thank you for the response an pointers. I missed the fact that the attribute in the uaa.yml should be of the format

 

user.attribute.<attr_name>

 
Everything is working now. 

Thanks,

Viraj

 
Re: #uaa #uaa

Martijn de Boer
 

You need to set e.g. the config.attributeMappings['user.attribute.department'] attribute in the identity provider registration. See https://docs.cloudfoundry.org/api/uaa/version/74.18.0/index.html#oauth-oidc

Then you can retrieve it from the userinfo endpoint, see https://docs.cloudfoundry.org/api/uaa/version/74.18.0/index.html#user-info


config.attributeMappings['user.attribute.department'] String Optional Map external attribute to UAA recognized mappings. Mapping should be of the format user.attribute.<attribute_name>. department is used in the documentation as an example attribute.
Am 22.05.20 um 19:42 schrieb Shetty, Viraj S [CTR] via lists.cloudfoundry.org:

We have our own UAA server running in a cloud.gov environment which we use for all applications that are deployed in cloud.gov. These applications use OAuth 2 to integrate with the UAA server and the UAA server is using SAML to integrate with our on premises ADFS Identity Server. Currently the only claims that we are getting from ADFS are the standard First name, last name, email. But now one of the applications need a custom claim from the AD. We set that in ADFS and we now see the custom claim as part of the SAML but we dont see that in the ID token after a user login. What do I need to do in the UAA.yml to get this in the ID token ? I added an entry in the attributes mapping but it did not work.  Is there anything I need to add to the scopes for this to happen ? Whats the best way ? Any help is appreciated. 

       attributeMappings:
          somename: claim_url

#uaa #uaa

Shetty, Viraj S [CTR]
 

We have our own UAA server running in a cloud.gov environment which we use for all applications that are deployed in cloud.gov. These applications use OAuth 2 to integrate with the UAA server and the UAA server is using SAML to integrate with our on premises ADFS Identity Server. Currently the only claims that we are getting from ADFS are the standard First name, last name, email. But now one of the applications need a custom claim from the AD. We set that in ADFS and we now see the custom claim as part of the SAML but we dont see that in the ID token after a user login. What do I need to do in the UAA.yml to get this in the ID token ? I added an entry in the attributes mapping but it did not work.  Is there anything I need to add to the scopes for this to happen ? Whats the best way ? Any help is appreciated. 

       attributeMappings:
          somename: claim_url
Re: FOLLOW-UP to --- Announcing Cloud Foundry CLI v7 Release Plan

Josh Collins
 

Hello Again My Dear Cloud Foundrians,


As promised, we’re sending a follow-up to our initial v7 CF CLI GA announcement.


We’ve set target dates/milestones for the v7 GA and we’ve completed our audit of the v7 CLI commands and the list of differences between v6 and v7 are available for review. We’re still working on the exact approach to support pinning to earlier versions of the CLI and we’ll send a follow up when that’s solidified.


Estimated milestones/dates:

Date

Milestone

05/22/2020

A copy of one of the Release Integration Team’s CI Pipelines is running cf7 CLI beta & v7 CATs

05/29/2020

v7 CLI Release Candidate (7.0.0-rc.1) published

05/29/2020

v6 CLI available for pinning in automated scripts

06/05/2020

RelInt’s CF-Deployment CI Pipelines are running CLI v7.0.0-rc.x  & v7 CATs

06/22/2020

v7.0.0 CLI is GA

06/23/2020

RelInt’s CF-Deployment CI Pipelines running v7.0.0 CLI & v7 CATs



And here’s the finalized and comprehensive list changes CLI changes you can anticipate when migrating from v6 to v7.


Once the work to support pinning to older versions of the CLI has been completed, we’ll publish instructions for doing so in the Download the CF CLI docs page. We'll also send a reply to this thread to let you know.


For more information and/or questions about the v7 CLI, please visit Cloud Foundry docs.

If you'd like to chat, please feel free to message us on slack, or visit our github.


Looking forward!


Cloud Foundry CLI Contributors


***************************************************************
***************************************************************
***************************************************************

On Mon, Apr 27, 2020 at 9:13 AM Josh Collins <jcollins@...> wrote:

Dear Cloud Foundry Community,


We are nearing the completion of the v7 CF CLI and we’re excited to announce that we’ll be cutting our GA release soon!

 

The exact target date for the launch hasn’t been finalized but because transitioning from v6 to v7 will require coordination and planning we’re sending an initial heads up. We'll send follow ups to this communication once the launch date and associated details become concrete.

 

In case you haven’t been following the development of the v7 CLI closely, here’s three of many new capabilities that will become available when v7 GAs:

  • Rolling Deploys using the "--strategy" flag for "cf push" and other commands

  • Metadata apply labels and annotations to apps, spaces, organizations, and other resources

  • Sidecar Processes for applications using application manifests


Current Plan:

  1. We’ll continue working through and finalizing the finer-grained details regarding the transition from v6 to v7 (these details will be sent as a follow up to this announcement in advance of the v7 GA)

  2. In the coming weeks, we’ll cut a feature complete v7 CLI release candidate (7.0.0-rc.1)

  3. We’ll coordinate with Release Integration (RelInt) team to integrate the RC v7 CLI into their CF-Deployment CI pipelines and iterate on fixes as necessary ‘till they run green 

  4. Once we’ve finalized and published the v6 to v7 transition plan & the RC v7 CLI has been passing successfully through RelInt’s CF-Deployment CI Pipelines, we’ll GA the v7 CLI

  5. Once the v7 CLI is GA, the active development and release of new features and bug fixes will take place on the v7 CLI, and as per Phase 2 of the v6 CLI deprecation plan, the v6 CLI will no longer be under active development and only be updated to fix severe bugs and or CVEs


While our goal is for the v6 to v7 CLI transition to be fairly easy, it is a major version bump containing breaking changes and a certain amount of impact is unavoidable. 


The previously published “Upgrading to cf cli v7” describes many of the breaking changes that will be included at launch. Although the doc isn’t final, it’s the best resource currently for those needing to understand the change required in day to day manual and/or automated workflows.

 

At the time of this communication, although the list of breaking changes included in the document linked above is nearly complete, it should not be considered comprehensive.

Once we complete our final review/audit we’ll publish an exhaustive list of the changes from v6 to v7 and we’ll send an announcement to the community.   


Automated scripts may break when v7 of the CLI GAs. To minimize disruption and allow for teams to migrate when ready, we will support pinning to the 6.x major version. Although this isn’t possible today, the CLI team is actively working on this capability and will send a follow-up communication with instructions once that work is complete.


Lastly, with the GA release of v7, we plan to update the CF-CLI Minimum Supported Version policy. A separate communication describing the intended changes will be sent to this distribution list soon. 


For more information about the v7 CLI, please visit Cloud Foundry docs, message us on slack, or visit our github.


Thanks,

Cloud Foundry CLI Contributors



--
Josh Collins
PM - MAPBU
Re: Removing bits-service from cf-deployment

James Pollard
 

Thanks Philipp, good catch! Your observation appears to be correct.

It appears that one would need to go back to cf-deployment v12.36 or earlier. We've updated cf-deployment release notes to properly capture which release ended bits-service support.

Best,
Release Integration

On Mon, May 4, 2020 at 12:17 AM Thun, Philipp <philipp.thun@...> wrote:

Hi,

 

I don’t think that using bits-service with the mentioned ops files will work. In fact support for bits-service is broken since cf-deployment v12.39 (incl. CAPI v1.92, more precisely commit https://github.com/cloudfoundry/cloud_controller_ng/commit/66fb2bd434656e8caa060ff55e6c87a296ab1455 that adds a new method which is not implemented in the Ruby BitsService::Client class). Is our observation correct or are we doing something wrong when setting up a current version of cf-d with bits-service?

 

Thanks,

Philipp

 
Stratos 3.2.0

Richard Cox
 

Hi All,

Another month, another Stratos release!

Highlights of 3.2.0 include...

- The SSO_WHITELIST now supports wildcard paths
- Improvements to metric endpoints details view
- Added support for node selectors in the Stratos helm chart
- Improve documentation for the list 'max' feature, including information on the 'fetch all' button
- Endpoints and their connection details can now be backed up by administrators
- CF applications that spend a long time deploying should now successfully stream the log all the way through
- Application stats at the space level should now show correct values again

Full release notes are available from - https://github.com/cloudfoundry/stratos/releases/tag/3.2.0

We welcome your feedback, comments and bug reports. Please feel free to raise them in github (https://github.com/cloudfoundry/stratos) or reach out directly to us in slack (#stratos)

Regards,

Richard Cox
on behalf of the Stratos team
CF-Networking and Silk Release 2.30.0

Alexander Standke <astandke@...>
 

Hi cf-eng!

New CF-Networking and Silk Releases have been cut.

CF-Networking Release Highlights
  • Container networking remains up during daemon cell draining (see #76)
  • Update readmes for CF Networking Release Jobs
  • Built with go1.14.3
  • Tested with silk-release v2.30.0
Silk Release Highlights
  • Container networking remains up during daemon cell draining (see cloudfoundry/cf-networking-release#76)
  • General documentation updates
  • Built with go1.14.3
  • Tested with cf-networking-release v2.30.0
Regards,
CloudFoundry Networking Program
Reminder: CAB call on Wednesday, May 20 @ 8AM PDT / 11AM EDT / 5PM CEST

Troy Topnik
 

It's that time again. Community Advisory Board Time!

On the agenda are updates from the Foundation and the PMCs as usual, plus two presentations from T-Mobile about:
  • Dealing with noisy neighbors on CF platform
  • Automating the life-cycle management (upgrade) of large-scale CF environments
I'm looking forward to seeing both of these. 

Agenda:

 https://docs.google.com/document/d/1SCOlAquyUmNM-AQnekCOXiwhLs6gveTxAcduvDcW_xI
 
Join Zoom Meeting
https://zoom.us/j/886369973

Meeting ID: 886 369 973

One tap mobile
+16699006833,,886369973# US (San Jose)
+16465588656,,886369973# US (New York)

Dial by your location
        +1 669 900 6833 US (San Jose)
        +1 646 558 8656 US (New York)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
        +1 647 558 0588 Canada
        855 703 8985 Canada Toll-free
Meeting ID: 886 369 973
Find your local number: https://zoom.us/u/abSAPsJbM

----------
Chat room: go to slack.cloudfoundry.org and then join the #cab channel


Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/757994996

Or iPhone one-tap :
    US: +16468769923,,757994996#  or +16699006833,,757994996#
Or Telephone:
    Dial(for higher quality, dial a number based on your current location):
        US: +1 646 876 9923  or +1 669 900 6833  or +1 408 638 0968
    Meeting ID: 757 994 996
    International numbers available: https://zoom.us/zoomconference?m=BbM_MZowkH08pdKycQk10at13V5cLneM

──────────

Hope you'll join us!


TT

--
Troy Topnik
troy.topnik@...
 
Re: [Proposal] CAPI V3 Service Bindings

Aditya Tripathi
 

Nice one!

On Fri, 15 May 2020 at 13:43, <fmartini@...> wrote:
Hello everyone,
 
The Services API Team has been working on a model for the Cloud Controller V3 API for service bindings, service keys and service route bindings.
You can view the proposal here:
We are seeking feedback from the community to help us finalize this proposal and move forward with implementation.

We are looking forward to your comments! You can contact us by replying to this email, or in our cloud foundry slack channel #svat 

Best regards
Felisia
On Behalf of the Services API Team
[Proposal] CAPI V3 Service Bindings

fmartini@...
 

Hello everyone,
 
The Services API Team has been working on a model for the Cloud Controller V3 API for service bindings, service keys and service route bindings.
You can view the proposal here:
We are seeking feedback from the community to help us finalize this proposal and move forward with implementation.

We are looking forward to your comments! You can contact us by replying to this email, or in our cloud foundry slack channel #svat 

Best regards
Felisia
On Behalf of the Services API Team
Cloud Foundry Summit Virtual Schedule is Now Live!

Chip Childers <cchilders@...>
 

Hi All, 

This morning, we published the initial schedule for NA Summit, which you can find here

The Summit will be held online over two half-days on Wednesday, June 24th and Thursday, June 25th on US Central Time, with each date devoted to a key Cloud Foundry audience: developers (users) and contributors, respectively. Summit will include a networking space to facilitate a virtual version of the “hallway track” and digital booths sponsored by vendors for attendees to explore. 

Read the full press release here: https://www.cloudfoundry.org/blog/cloud-foundry-na-summits-initial-schedule-highlights-developer-experience-on-kubernetes-open-source-contributors/

You can register here for free using this code: CFNA20CON 

We look forward to "seeing" you all at Summit!

Chip Childers
Executive Director
Cloud Foundry Foundation
KubeCF 2.2.0

Jaime Gomes
 

Hi,

I would like to announce that KubeCF 2.2.0 is out! Check the release notes to find out what's coming and take it for a spin but before that, I want to highlight two points:

- upgrades must be sequential.

- if you are upgrading from 2.1.0 to 2.2.0 there's a special section on the release notes...so please check if that's your case.

 

Please, don't forget to share your experience and/or problems on the #kubecf-dev slack channel - we're there for you!💪

 

Stay healthy. Stay safe.


Jaime Gomes

Github: https://github.com/cloudfoundry-incubator/kubecf
Slack: https://cloudfoundry.slack.com/archives/CQ2U3L6DC
IMPORTANT NOTICE: [php-buildpack] End of Support for NGINX versions 1.16.x after 2020-06-07

Kashyap Vedurmudi
 

The first release of the PHP buildpack after 2020-06-07 will no longer include NGINX versions 1.16.x. These NGINX versions will no longer be supported upstream[1]. Please migrate your PHP apps to supported versions of NGINX before that time.


Note: If you’d like to use a different NGINX version, please configure your application to select that version[2].


As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel[3].


[1] - https://nginx.org/en/download.html

[2] - https://docs.cloudfoundry.org/buildpacks/nginx/index.html

[3] - https://cloudfoundry.slack.com/archives/C02HWMDUQ


Thanks,

Kashyap Vedurmudi, Buildpacks PM
IMPORTANT NOTICE: [nginx-buildpack] End of Support for NGINX versions 1.16.x after 2020-06-07

Kashyap Vedurmudi
 

The first release of the NGINX buildpack after 2020-06-07 will no longer include NGINX versions 1.16.x. These NGINX versions will no longer be supported upstream[1]. Please migrate your NGINX apps to supported versions of NGINX before that time.


Note: As 1.16.x is the current stable version of NGINX in the buildpack, the stable NGINX version will be updated to 1.18.x as a part of this removal. If you’d like to use a different NGINX version, please configure your application to select that version[2].


As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel[3].


[1] - https://nginx.org/en/download.html

[2] - https://docs.cloudfoundry.org/buildpacks/nginx/index.html

[3] - https://cloudfoundry.slack.com/archives/C02HWMDUQ


Thanks,

Kashyap Vedurmudi, Buildpacks PM
421 - 440 of 9441