netman/0.10.0
You can find the source of this version on GitHub at cloudfoundry-incubator/netman-release. It was created based on the commit fcb529d3.
Release Notes¶
Key changes include manifest changes related to policy server DB configuration, logging enhancements and testing related to data plane security.
We do not recommend using netman-release in production yet, but give it a try and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Verified with the following: - CF deployment
Significant Changes
Manifest Changes
Logging
- Log levels for vxlan-policy-agent are reconfigurable at runtime
- Logging for c2c iptables is reconfigurable at runtime
- Log levels for policy-server are reconfigurable at runtime
Security
- Move flannel state dir to something under /var/vcap
- As an attacker my containers can reach local addresses on the host VM
- Redact tokens/passwords in policy server log messages
Miscellaneous
- netman-release has a NOTICE file with license information
- Containers can be created while policy server is down and receive traffic when the policy-server comes back up
- Masquerade rule should be written by something other than vxlan-policy-agent
- SPIKE: Containers can connect to an IP address on the host
Usage¶
You can reference this release in your deployment manifest from the releases section:
- name: "netman" version: "0.10.0" url: "https://bosh.io/d/github.com/cloudfoundry-incubator/netman-release?v=0.10.0" sha1: sha256:
Or upload it to your director with the upload-release command:
bosh upload-release --sha1=sha256: \ "https://bosh.io/d/github.com/cloudfoundry-incubator/netman-release?v=0.10.0"