netman/0.10.0
You can find the source of this version on GitHub at cloudfoundry-incubator/netman-release. It was created based on the commit fcb529d3
.
Release Notes¶
Key changes include manifest changes related to policy server DB configuration, logging enhancements and testing related to data plane security.
We do not recommend using netman-release in production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Verified with the following: - CF deployment
Significant Changes
Manifest Changes
Logging
- Log levels for vxlan-policy-agent are reconfigurable at runtime
- Logging for c2c iptables is reconfigurable at runtime
- Log levels for policy-server are reconfigurable at runtime
Security
- Move flannel state dir to something under /var/vcap
- As an attacker my containers can reach local addresses on the host VM
- Redact tokens/passwords in policy server log messages
Miscellaneous
- netman-release has a NOTICE file with license information
- Containers can be created while policy server is down and receive traffic when the policy-server comes back up
- Masquerade rule should be written by something other than vxlan-policy-agent
- SPIKE: Containers can connect to an IP address on the host
Usage¶
You can reference this release in your deployment manifest from the releases
section:
- name: "netman" version: "0.10.0" url: "https://bosh.io/d/github.com/cloudfoundry-incubator/netman-release?v=0.10.0" sha1: "ec53c03636976faea55256d614025128c9e7a8e7"
Or upload it to your director with the upload-release
command:
bosh upload-release --sha1 ec53c03636976faea55256d614025128c9e7a8e7 \ "https://bosh.io/d/github.com/cloudfoundry-incubator/netman-release?v=0.10.0"