release: github.com/cloudfoundry/diego-release / 0.1454.0

Github source: 72b65532 or master branch

Changes from v0.1453.0 to v0.1454.0

Significant changes

Operators can now install a set of trusted system certificates in the default /etc/ssl/certs trust store of the cflinuxfs2 rootfs. This is particularly useful if your cflinuxfs2-based instances communicate with external services signed by a custom CA, in which case you can use this feature to install that CA certificate in all the instances.

To install the certificates, supply the contents of the PEM-encoded certificates in the diego.rootfs_cflinuxfs2.trusted_certs property in the Diego deployment manifest. As with other PEM-encoded manifest data, you may wish to use the YAML | block-literal syntax to specify the property, as follows:

properties:
  diego:
    rootfs_cflinuxfs2:
      trusted_certs: |
        -----BEGIN CERTIFICATE-----
        (cert number 1 data)
        -----END CERTIFICATE-----
        # comments outside the PEM boundaries will be ignored
        -----BEGIN CERTIFICATE-----
        (cert number 2 data)
        -----END CERTIFICATE-----

If you are using the spiff-based manifest-generation scripts, this property can also be specified in the property-overrides stub.

Custom CAs

SSH

Routing

Manifest Generation

Dependencies

Test Suites and Tooling

Documentation

Cleanup

BOSH job changes

None.

BOSH property changes

  • Added diego.rootfs_cflinuxfs2.trusted_certs: Bundle of certificates to install in the cflinuxfs2 rootfs default trust store (/etc/ssl/certs).

Upload this release version to the Director:

$ bosh upload release https://bosh.io/d/github.com/cloudfoundry/diego-release?v=0.1454.0

Modify deployment manifest to use this release in addition to any other used releases:

releases:
- {name: diego, version: "0.1454.0"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 4175435ff2e5c81494a0398f93c53807424edb0c release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/diego-release?v=0.1454.0

# or with wget...
$ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/diego-release?v=0.1454.0