Date
1 - 1 of 1
routing-release 0.189.0
Aidan Obley <aobley@...>
Hello cf-dev!
This release includes several fixes and improvements. Notably, this release encrypts the control plane interactions with the routing-api.
Release Highlights
- Gorouter is configurable to prune with TTL when using TLS to validate backend identity. This is a temporary mitigation of an issue where a route deregistration message is lost details
- gorouter_ctl runs correctly on Xenial stemcells details
- Operator can configure routing-api to support mTLS connections details
- Routing API provides a bosh link that route registrar consumes to enable mTLS with the routing api details
- Operator can configure route-registrar to communicate over mTLS to routing-api details
- gorouter consumes Routing-API Link for mtls properties details
- Operator can configure gorouter to fetch routes over mTLS from routing-api details
- TCP Router consumes Routing-API Link for mtls properties details
- Operator can configure tcp-router to communicate over mTLS to routing-api details
- Route registrar
route_registrar.routing_api.skip_ssl_validationproperty is now correctly applied details - Operator can to configure gorouter with client certs for route services details
- cloudfoundry/routing-release #146: Deploy does not fail when required property
server_cert_domain_sanis not configured details
Manifest Property Changes
| Job | Property | 0.188.0 Default | 0.189.0 Default |
|---|---|---|---|
| gorouter | router.route_services.cert_chain |
did not exist | undefined |
| gorouter | router.route_services.private_key |
did not exist | undefined |
| gorouter | routing_api.uri |
http://routing-api.service.cf.internal | https://routing-api.service.cf.internal |
| gorouter | routing_api.port |
3000 | from routing_api link |
| gorouter | routing_api.ca_certs |
did not exist | from routing_api link |
| gorouter | routing_api.cert_chain |
did not exist | from routing_api link |
| gorouter | routing_api.private_key |
did not exist | from routing_api link |
| gorouter | router.prune_all_stale_routes |
did not exist | false |
| gorouter | router.set_kernel_parameters |
did not exist | true |
| route_registrar | route_registrar.logging_level |
did not exist | info |
| route_registrar | route_registrar.routing_api.api_url |
http://routing-api.service.cf.internal:3000 | https://routing-api.service.cf.internal:3001 |
| route_registrar | route_registrar.routing_api.client_cert |
did not exist | from routing_api link |
| route_registrar | route_registrar.routing_api.client_private_key |
did not exist | from routing_api link |
| route_registrar | route_registrar.routing_api.server_ca_cert |
did not exist | from routing_api link |
| routing-api | routing_api.enabled_api_endpoints |
did not exist | “both” |
| routing-api | routing_api.mtls_port |
did not exist | 3001 |
| routing-api | routing_api.mtls_ca |
did not exist | generated by credhub |
| routing-api | routing_api.mtls_server_cert |
did not exist | generated by credhub |
| routing-api | routing_api.mtls_server_key |
did not exist | generated by credhub |
| routing-api | routing_api.mtls_client_cert |
did not exist | generated by credhub |
| routing-api | routing_api.mtls_client_key |
did not exist | generated by credhub |
| routing-api | consul.servers |
http://127.0.0.1:8500 | removed property |
| routing-api | routing_api.skip_consul_lock |
false | removed property |
| tcp_router | routing_api.uri |
http://routing-api.service.cf.internal | https://routing-api.service.cf.internal |
| tcp_router | routing_api.port |
3000 | from routing_api link |
| tcp_router | routing_api.client_cert |
did not exist | from routing_api link |
| tcp_router | routing_api.client_private_key |
did not exist | from routing_api link |
| tcp_router | routing_api.ca_cert |
did not exist | from routing_api link |
Regards,
The Networking Program