v3.1.0

Notices

• Docs have been moved to the cf-for-k8s.io website.
• Istio has been upgraded to an in-support version, with an additional upgrade to follow.

Highlights

• Istio upgrade to 1.8.4 (from 1.7.3).
• Eirini upgrade to v4.0.0.

PRs Merged

• Bump Eirini to v4.0.0 657
• DOC: Add guidance around cf-for-k8s upgrades 656
• Added OCI labels to capi nginx kbld config 649
• ENH: bump Istio from v1.7.3 to v1.8.0 628

Issues Closed

• Bump Istio to 1.8 622

Release Updates

Release	Old Version	New Version
CF API	09d5969	dd6224d
Eirini	v3.1.0	v4.0.0
Istio	1.7.3	1.8.4
Logging	0.6.0	0.7.0
Metrics	1.2.0	1.3.0
Networking	b76db5f	35f3ed3
QuarksSecret	4171053d17e66a93044795924abdca66cac09785	v1.0.758
UAA	v75.0.0	v75.1.0

Contributors

Andrew Costa
Andrew Wittrock
Caitlyn Yu
Dave Walter
Giuseppe Capizzi
Jaskanwal Pawar
Matt Royal
Tim Downey

v3.0.0

Notices

New data values:

• instance_index_env_injector_certificate.ca
• instance_index_env_injector_certificate.crt
• instance_index_env_injector_certificate.key

Highlights

• Eirini 3.1.0
• Better default cf api server availability during updates

Configuration changes

New values listed in Notices

PRs Merged

• Added OCI labels to capi nginx kbld config 649
• Remove cf api server update strategy 648
• Build component images with Carvel tools 647
• Bump Eirini to v3.1.0 643
• Create UAA image build process with kbld & pack 642
• Create Eirini image build process with kbld & pack 640
• Modify eirini build to use new helmless eirini yaml 616

Issues Closed

• ERR Failed to stage build: staging failed 644
• CF-StatsUnavailable; Stats unavailable: Stats server temporarily unavailable; "code": 200002 639
• cf-for-k8s deployed locally - buildpack creation fails 413 Payload Too Large/Request Entity Too Large; Error unmarshalling the following into a cloud controller error 634
• CF push of spring-music app with v7 CLI fails - Package failed to process correctly after upload 632
• CF CLI frequently gets 'stuck' during push commands while doing concurrent pushes 588

Release Updates

Release	Old Version	New Version
CF API	8d83ea3	09d5969
Eirini	v2.0.0	v3.1.0
Kpack	v0.2.1	v0.2.2
Networking	b74903e	b76db5f

Contributors

Andrew Costa
Andrew Wittrock
Caitlyn Yu
Danail Branekov
Dave Walter
Georgi Sabev
Giuseppe Capizzi
Jaskanwal Pawar
Mario Nitchev
Matt Royal
Tim Downey

v2.1.1

Notices

This release properly aligns the Eirini images with the Eirini 2.0.0 release.

Highlights

Scale Test Results

See Scalability tests on cf-for-k8s 2.1.0

PRs Merged

• Rebuilt Eirini images to 2.0.0 release 633

Issues Closed

• fail: reconcile builder/cf-default-builder (kpack.io/v1alpha1) namespace: cf-workloads-staging 631

Release Updates

Release	Old Version	New Version
CF API	fd1f65a	8d83ea3
Kpack	v0.2.0	v0.2.1

Contributors

Andrew Costa
Andrew Wittrock
Jaskanwal Pawar

v2.1.0 - Improved `cf apps` performance

Highlights

The performance of cf apps should now be greatly improved, especially when there are apps on the platform with zero instance jobs (common with Java apps, for example). More details in #606

Scale Test Results

Scalability tests on cf-for-k8s 2.1.0

PRs Merged

• MAINT: remove KinD patch to disable snapshot annos #629

Issues Closed

• Listing apps takes a very long time at scale #606
• istio cert not installing #624

Release Updates

Release	Old Version	New Version
CF API	c476d88	fd1f65a
Kpack	v0.1.5	v0.2.0
Metrics	1.1.0	1.2.0

Buildpack and stack updates, as seen in the diff here: v2.0.0...v2.1.0#diff-5b8fdf0030eb7b7f5a290e9eba9a40119b80160e214eba2ef83571ca425a67a9

Contributors

Andrew Costa
Andrew Wittrock
James Pollard
Jaskanwal Pawar
Raina Masand

v2.0.0

Notices

Please remove the internal_certificate block from your values file - ytt will produce an error.

Highlights

Fixed:

• Environment variables are not respected in Java buildpack 603
• Unable to run CF tasks for kpack buildpack staged apps 591

Scale Test Results

Details here

Configuration changes

The internal_certificate property block in values has been removed.

PRs Merged

• Migrate capi-k8s-release pipeline 615
• CI-MAINT: bump dependencies of KinD tests 612
• Add network policy for eirini webhook registration job 611
• Automate building of statsd_exporter image 607
• MAINT: remove internal cert 605
• ENH: use an annotated minio image 599
• Bump supported k8s versions to include v1.20.0 594
• Revert "Bump minio to 8.0.5" 592
• Re add logging to smoke test 590
• Bump minio to 8.0.5 586
• FIX: Update the eirini image SHAs 582
• Allow docker auth for smoke tests 581
• [this PR accidentally still used images from our eirini fork] ENH: update to using eirini 2.0 images 578
• Move Eirini images to cloudfoundry dockerhub 577
• Quarks secrets (squashed) 575
• Remove resource requirements also from istio init container 572
• Note that uaa.database.password is currently not rotatable 567
• doc: add transparency to readme banner 565
• Improve run-cats ci task. 562

Issues Closed

• PodDisruptionPolicy prevents Kubernetes upgrades 604
• Environment variables are not respected in Java buildpack 603
• UNAUTHORIZED: authentication required from cf-api-worker > registry-buddy logs 601
• As a developer, I would like to push CF applications with sidecar processes 597
• Nginx app won't start due to mkdir permission error 596
• Stratos does not Stream Logs 593
• Unable to run CF tasks for kpack buildpack staged apps 591
• Smoke Tests should use a cloudfoundry org image to avoid rate limiting 589
• Log streaming in Stratos does not work 585
• Guidance on how to use AWS ECR as private registry 584
• fail: reconcile builder/cf-default-builder (kpack.io/v1alpha1) namespace: cf-workloads-staging 583
• Move smoke-tests docker image to cloudfoundry org to avoid rate limiting 580
• Enable proxy protocol for Ingress Envoy 561

Release Updates

Release	Old Version	New Version
CF API	06ac2fd	c476d88
Kpack	v0.1.4	v0.1.5
Logging	0.5.0	0.6.0
Metrics	1.0.1	1.1.0
Networking	99de0ea	b74903e
UAA	v74.29.0	v75.0.0

Contributors

Andrew Costa
Andrew Wittrock
Dave Walter
James Pollard
Jaskanwal Pawar
Kieron Browne
Paul Warren
Travis Patterson

v1.1.0

⚠️ v1.1.0 added a bug, which will be patched in the next release. See Environment variables are not respected in Java buildpack #603 ⚠️

Highlights

• Added support for private registries for cf-for-k8s system images

• Added QuarksSecret as an experimental option (doesn't manage all secrets yet)

  • moves the management of some internal secrets and credentials onto the cluster

• Added playbooks to the docs/maintaining folder

• Docs updates

Breaking Changes to Values File

• We've added a new required value: capi.cf_api_backup_metadata_generator_client_secret

Scale Test Results

• 1000 active applications achieved with better availability of the cf api server. More details here.

Configuration Changes

New config options

• experimental.quarks_secret

PRs Merged

• Validate s3 blobstore #434
• 175210100 update secret rotation branch #538
• Update ytt tests to better reflect operator worflow #547
• add cf_api_backup_metadata_generator UAA client #555
• (minor) fix codefence in deploy instructions #557
• fix secret_name for cf_api_backup_metadata_generator client #559
• doc: add transparency to readme banner #565
• Note that uaa.database.password is currently not rotatable #567
• Remove resource requirements also from istio init container #572
• Quarks secrets (squashed) #575
• Move Eirini images to cloudfoundry dockerhub #577
• [this PR accidentally still used images from our eirini fork] ENH: update to using eirini 2.0 images #578
• Allow docker auth for smoke tests #581
• FIX: Update the eirini image SHAs #582
• Bump minio to 8.0.5 #586
• Revert "Bump minio to 8.0.5" #592

Issues Closed

• Stratos does not Stream Logs 593
• Log streaming in Stratos does not work 585
• fail: reconcile builder/cf-default-builder (kpack.io/v1alpha1) namespace: cf-workloads-staging 583
• Prometheus access from another namespace 576
• cf-api-clock crashed 563
• Accessing cf api endpoint 551

Release Updates

Release	Old Version	New Version
CF API	29b77b9	06ac2fd
Eirini	v1.9.0	v2.0.0
Kpack	v0.1.2	v0.1.4
Networking	c1a8c86	99de0ea
QuarksSecret	n/a	4171053
UAA	v74.26.0	v74.29.0

Contributors

Andrew Costa
Andrew Wittrock
Brendan Winter
Clay Kauzlaric
Dave Walter
Eric Promislow
James Pollard
Johannes Dillmann
John Ryan
Luca Schimweg
Nancy Hsieh
Paul Warren
Philipp Stehle
Renee Chu
Sannidhi Jalukar
Tim Downey
Tom Kennedy
Ulrich Kramer

v1.0.0 - cf push comes to Kubernetes

Highlights

• We are 1.0! 🥳
• Runs on a laptop. No reason not to experience the famous cf push for yourself.
• You can now specify one or more app log destinations (see our deployment docs for more info)
• Our CNB builder now uses cnb-full stack images and includes the paketo ruby buildpack (that graduated from community)
• Input values file now support PEM encoded certificates (that don't have to also be base64 encoded)

Scale Test Results

• cf-for-k8s was scaled to 1000 applications
• With right number of replicas 1.0.0 can be good for environments which targets for 500-700 application instances
• 7000 logs/sec and req/sec.
• Up to 20 concurrent pushes.
• Thanks to SAP for their great work. More details can be found here

Configuration Changes

• enable_load_balancer property was renamed to load_balancer.enabled
• istio_static_ip property was renamed to load_balancer.static_ip

PRs Merged

• "Bump Istio to 1.7.1" 455
• "Expect ingressgateway to be either a Deployment or DaemonSet" #464
• "Make application wait for sidecar proxy before starting" #472
• "add networking metrics docs" 474
• "rename istio_static_ip field name to load_balancer.static_ip" #480
• "ENH: Allow operators to provide PEM-encoded certs" #482
• "Document ingress certificate rotation" #484
• "FIX: disable_snapshot_annotations to fix #444" #485
• "Use full paketo build and run bionic stack images" #487
• "Bump Istio to 1.7.3" 488
• "add option to allow Prometheus scrape access to metrics endpoints" #495
• "Use the capi-database-encryption-key-secret in capi-k8s-release" #497
• "doc: required pod capabilities for Istio" #499
• "update logging to 0.4.0" 500
• "ENH: Add SAN definitions to generated certs" #501
• "Merge Istio sidecar and app stats" 510
• "Disable prometheus metrics merging" #512
• "Fork and patch Eirini to loosen UID requirement" #513
• "Use paketo-buildpacks/ruby" 514
• "reformat version in upgrade job" 516
• "Add private-registry instructions" 517
• "Revert "Merge pull request #512 from cloudfoundry/disablePrometheusMerge"" #518
• "DOC: Update setup-ingress-certs-with-letsencrypt" #519
• "Run Istio Ingressgateway pod as root" #521
• "update logging to 0.5.0" 522
• "Replace VirtualService with Ingress for routing to system components" #525
• "Add Scaling documentation" 526
• "Maint/rm old eirini namespace overlays" #528
• "Revert "Replace VirtualService with Ingress for routing to system components"" #531
• "Bump capi-k8s-release to 29b77b94183a26cefdc98eff5825f22ae6c75090 (fix docker app deletion)" 534
• "DOC: Improve project README" 543

Issue Closed

• Extend UAA login with external provider #539
• Need the ability to add annotations to the LoadBalancer Service #537
• Gateway access logs do not appear in cf log #520
• Release notes for 0.7.0 regarding load balancer is wrong. #508
• Metrics server fails to install on DigitalOcean #498
• CF Push fails with v6 CLI #471
• Input values for certificates should have a consistent format #460
• Platform engineers can install cf-for-k8s on their local machine without needing to configure any data values #419
• App Developers can expect their apps with Procfile + app language will be correctly detected Type: Feature Parity #408
• YTT should validate my data values before it installs cf-for-k8s #398
• Platform engineers can configure an external blobstore with cf-for-k8s #344
• CF push of spring-music app with v7 CLI fails after building app image #287
• /v2/resource_match returns status code 413 for large nodejs app delivered #260
• Starting a docker image app fails if it tries to establish connections before Envoy is ready #189
• Upgrading cf-for-k8s to a new version fails #99

Releases

Release	Old Version	New Version
CF API	d84e4bf	29b77b9
Eirini	v1.9.0	v1.9.0+
Istio	1.6.4	1.7.3
Kpack	v0.1.2	n/a
Logging	0.4.0	0.5.0
Metrics	1.0.0	1.0.1
Networking	8aab2b2	c1a8c86
UAA	v74.25.0	v74.26.0

Contributors

Many thanks to all of the contributors that have made cf-for-k8s 1.0 possible.

• Aakash Shah
• Adrian Zankich
• Aidan Obley
• Alex Standke
• Alexander Standke
• Amin Chawki
• Andrew Costa
• Andrew Wittrock
• Angela Chin
• Ben Fuller
• Benjamin Haegenlaeuer
• Bruce Ricard
• Caitlyn Yu
• Carlos Iriarte
• Carson Long
• Chip Childers
• Chris Selzo
• Chris Tarazi
• Christian Ang
• Clay Kauzlaric
• Connor Braa
• Dave Walter
• David Timm
• Dennis Leon
• Dmitriy Kalinin
• Eli Wrenn
• Eric Promislow
• Fabio Berchtold
• Gary Liu
• Georgi Dankov
• Georgi Sabev
• Giuseppe Capizzi
• Graham Siener
• Jaime Gonzalez Aguilar
• Jakob Schmid
• James Pollard
• JamesClonk
• Jaskanwal Pawar
• Jen Spinney
• Joey McDonald
• Johannes Dillmann
• John S. Ryan
• Joseph Palermo
• Josh Russett
• Julian Hjortshoj
• Kaitlin Barrer
• Kauana dos Santos
• Keshav Sharma
• Kieron Browne
• Leah Hanson
• Lisa Burns
• Louie Brann
• Luca Schimweg
• Mark Stokan
• Matt Royal
• Melena Suliteanu
• Mikael Manukyan
• Nancy Hsieh
• Nitya Dhanushkodi
• Oleksandr Slynko
• Paul Czarkowski
• Paul Warren
• Peter Chen
• Philipp Stehle
• Piyali Banerjee
• Ralf Pannemans
• Renee Chu
• Rizwan Reza
• Rodolfo Sanchez
• Saikiran Yerram
• Sannidhi Jalukar
• Sebastian Vidrio
• Seth Boyles
• Shannon Coen
• Tim Downey
• Tom Chen
• Tom Kennedy
• Travis Patterson
• Ulrich Kramer

Shoutout to our previous Release Integration team members

• Angela Chin
• Dmitriy Kalinin
• Jwal Pawar
• Jen Spinney
• John Ryan
• Joseph Palermo
• Lisa Burns
• Sai Yerram
• Sebastian Vidrio

Best,
Release Integration

• Andrew Costa
• Andrew Wittrock
• Dave Walter
• Eric Promislow
• James Pollard
• Paul Warren
• Renee Chu

v0.7.0

Notice:

cf-for-k8s does NOT support upgrades for alpha releases. We are in the process of defining the final configuration contract which will follow the semver versioning scheme once we ship 1.0 version.

• Please upgrade your kapp to v0.33.0

Highlights:

• Platform engineers can configure an external blobstore with cf-for-k8s
• App developers can expect their apps with Procfile to be correctly handled by the platform
• App developers can expect correct language detection order for their apps
• cf logs APP_NAME prints envoy proxy logs

In More Detail

PRs Merged

• Add documentation for configurable properties 373
• Allow blobstore to be configured 374
• bump cf-k8s-networking to include istio 1.6.4 changes 377
• Add validation test for external database 382
• Update metric-proxy to v1.0.0 391
• Renamed the file to better indicate its intention of being a warning … 392
• Skip minio installation if external blobstore is configured 393
• Add documentation on how to use external blobstores 394
• Fix network policies for eirini 396
• Add support for ingressgateway logs to show up in cf logs 397
• Allow ingress to cf-api-server from eirini-events 399
• Updated the description of the log fields emitted by the ingress gateway 400
• added reference to envoy docs for response_flag 401
• updated description for upstream_transport_failure_reason 402
• Remove the unused update-gcp-dns hack script 403
• updated start_time description 404
• Validate external blobstore 405
• update logging to 0.3.0 410
• Add the Procfile buildpackage to all groups 411
• Fix links in docs/maintaining.md 414
• remove metric_proxy cert from values/20-secrets-config-values.yml 415
• Kapp rebase rules 416
• Reorder buildpacks 428
• Move Istio config and build scripts to cf-for-k8s 429
• Use Image Registry for Package Uploads and Secure Internal CF API Endpoints 430
• remove capi eirini cert config 432
• docs: add documentation on sidecar access logs 433
• remove HPA and fix istiod replicas to 1 435
• cf-for-k8s now uses the latest networking changes 437
• Replace namespace data values with internal functions 438
• Update the sample-cf-install-values.yml blobstore key 439
• updated the kubectl command to clarify that users should be using app… 441
• updated duration field description 442
• documenting upgrade-test results 443
• bump newest supported K8s version from 1.17 to 1.19 445
• add missing namespace labels, harmonize existing labels 446
• Bump to latest stable kpack (0.1.2) and latest capi-k8s-release which supports that kpack 448
• add additional authorities to cf_api_controllers UAA client 454
• Update Istio sidecar fluent-bit image 458
• Make cc log level configurable 461
• punctuation 463
• Allow Eirini to hit internal CF API endpoints 467
• fix markdown mistake in docs 468
• Rename allow-istio-control-plane network policy 475
• cluster requires network policy support 476

Issues Closed

• cf logs APP_NAME prints envoy proxy logs #387
• App developers can expect correct language detection order for their apps #407
• App Developers can expect their apps with Procfile + app language will be correctly detected #408
• cf_system_namespace, cf_workloads_namespace and cf_staging_namespace configuration properties are broken [#431](App Developers can expect their apps with Procfile + app language will be correctly detected #408)
• Pushing Docker apps broken #465

Configuration changes

• cf_system_namespace, cf_workloads_namespace and cf_staging_namespace removed from the configuration interface

Release Updates

We are only tracking published releases

Release	Old Version	New Version
Networking	0.2.0	8aab2b2
CAPI	7b4ecf6	d84e4bf
Logging	0.2.1	0.4.0
Metrics	0.2.0	1.0.0
UAA	v74.24.0	v74.25.0
Kpack	--	v0.1.2
Eirini	v1.8.0	v1.9.0
kapp	0.30.0	0.33.0

Scale Test Results

• Highlights: v0.7.0 has been scale tested to 1200 deployed applications. More details about the shape and configuration used to achieve that can be found here.

What we are working on next

• Continue to incorporate CATS tests into cf-for-k8s workflows.
• Continue scale test and work towards a scaling configuration interface
• Collaborate with Credhub team to integrate Quarks server-side password generation. With Quarks, Platform engineers will no longer be required to provide passwords (or run bosh-cli based script to generate passwords) and rely on Quarks to generate them in the K8s cluster. It is similar to the functionality available today in cf-deployment with Credhub integration.
• Identify and document app structural differences required by Paketo Buildpacks to detect and build the image.
• Image Management; improve the image provenance and management of system component images

v0.6.0

Notice:

cf-for-k8s does NOT support upgrades for alpha releases. We are in the process of defining the final configuration contract which will follow the semver versioning scheme once we ship 1.0 version.

• Please upgrade your kapp to v0.33.0

Notable changes since the last v0.5.0 release

New Features / Bug fixes

• Platform engineers and App developers will notice auto-patching of app workloads when the foundation is upgraded to a new stack version. App developers no longer have to re-push the app source to patch their app workload with the CVE fixes in the base image!!
• Platform engineers can now expect all traffic to/from components are denied by default and components will require explicit policies to allow ingress/egress traffic #262.
• Platform engineers can expect all sensitive information such as passwords, cert keys are stored in Kubernetes native secrets #225, #226, #227, #228, #229, #230, #330.
• Platform engineers and App developers can see available buildpacks via cf buildpacks #101.
• App developers can select a buildpack with cf push APP_NAME -b [buildpack-name] #340.
  • Note, you can currently only select known buildpacks that are available in cf-for-k8s and not custom builpacks
• Platform engineers can expect every component gets their own unique UAA client password #233.
• Platform engineers can expect simplification of the cf-for-k8s configuration interface. You can see a list of allowable properties in config/values/00-values.yml
  • All overlays in config-optional are now managed by properties defined in config/values/00-values.yml.
  • Long term, cf-for-k8s will use YTT schema to define a more strict schema with semver versioning scheme.
  • Note: Platform engineers are still expected to provide properties in config/values/20-secrets-config-values.yml until cf-for-k8s replaces it with server-side secret generation using Quarks.
• Platform engineers can expect by default all external HTTP traffic to CF API and application workloads to redirect to HTTPS unless they set gateway.https_only to false. Note, internal traffic between system components is encrypted by default by Istio.
• Platform engineers can now control the creation of load balancer in Kubernetes using the new flag enable_load_balancer. This is helpful when you want to install locally or if want to wire your foundation to a pre-existing load-balancer.
• Platform engineers can expect upgrades to wait until Postgres (stateful sets) are upgraded #206.
• Platform engineers can observe application ingress latency contributed by the platform and network (more here)

Configuration changes

• Core config properties from config/values.yml have been moved to config/values/00-values.yml.
• Certs/password related properties were moved to config/values/20-secrets-config-values.yml. Our hope is to drop this file in favor of Quarks server side password/cert generation in the future.

Release Updates

We are only tracking published releases

Release	Old Version	New Version
Eirini	v1.7.0	v1.8.0
Networking	v0.0.6	v0.2.0
CAPI	7d9acf6a8d05fcb7f186758b58ad2e803c8c7ecc	+v0.3.0
kapp	0.30.0	0.33.0

Integration updates

Showing only notable updates,

• PR checks now include upgrade with uptime check and external database validations
• The long-running environment now has a dedicated registry repository. The goal is to monitor registry usage over time.

What we are working on next

• Define a clear versioning contract between the Platform engineers, cf-for-k8s, and contributing projects. Our goal is to submit the proposal to the community in a week or so after this release.
• Incorporate CATS tests into cf-for-k8s workflows.
• Collaborate with Credhub team to integrate Quarks server-side password generation. With Quarks, Platform engineers will no longer be required to provide passwords (or run bosh-cli based script to generate passwords) and rely on Quarks to generate them in the K8s cluster. It is similar to the functionality available today in cf-deployment with Credhub integration.
• Identify and document app structural differences required by Paketo Buildpacks to detect and build the image.
• Move roadmap to github projects and use milestones to plan future releases. Our hope is that github projects/milestones will create transparency with the community and make it easier for contributors to participate and contribute to cf-for-k8s.

v0.5.0

Notable changes since the last v0.4.0 release

🎉 🎉    We are excited to have SAP Cloud Platform Cloud Foundry team [1] contribute a complete end to end feature - external database support - to cf-for-k8s. The feature will allow Platform engineers to use cf-for-k8s with a highly available external database service.

The cf-for-k8s team is thankful for the contribution from SAP and are looking forward to future contributions of similar impactful features.

[1] SAP Team: @c0d1ngm0nk3y , @Haegi, @jkbschmid, @kramerul, @phil9909, @modulo11, @loewenstein, @lucaschimweg

New Features / Bug fixes

• 🌟 Platform engineers can now configure an external hosted Postgres database service. The platform checks for the presence of an external DB configuration. If one is available, it drops the internal Postgres DB else install the DB on the cluster alongside CF. See how to configure an external DB @ docs/platform_operators/external-databases.md
• App developers can now see application crash events in the output of cf events APP_NAME.
• Platform engineers can expect sensitive information such as UAA client passwords, UAA admin passwords in UAA are stored and consumed via native Kubernetes Secrets.
• Resolved an issue where apps under the system domain did not get SSL (Issue #238).
• Resolved the missing CAPI's database encryption key secret [1].

Configuration changes

This section highlights changes made to the config/values.yml configuration that may impact your upgrades ^[1]

Change type	Changes	Highlights
REMOVED	cf_db.enabled	Explicit flag is not needed. The platform checks for the presence of an external DB configuration. If one is available, it drops the internal Postgres DB else install the DB on the cluster alongside CF
RENAMED	app.repository => app. repository_prefix	See #249
RENAMED	kpack_watcher_client_secret => cf_api_controllers_client_secret kpack_watcher_secret_name => cf_api_controllers_secret_name	CAPI repository re-organization
NEW, OPTIONAL	database_encryption_key_secret_name, encryption_key	Add missing CAPI's database encryption key secret
NEW, OPTIONAL	kpack_watcher_client_secret, cc_username_lookup_client_secret	Use separate UAA client secret names
NEW, OPTIONAL	ca_cert	Enables TLS cert for external database
NEW, OPTIONAL	cf_blobstore_key_secret_name, database_password_secret_name, kpack_watcher_secret_name, cloud_controller_username_lookup_secret_name, encryption_key_passphrase_secret_name	Create actual Secrets resources and provide configuration for the secret names

^[1] cf-for-k8s does NOT support upgrades for alpha releases. Our goal is to move towards stable upgrades and highlighting changes to the configuration is a step towards that direction.

Release Updates

We are only tracking published releases

Release	Old Version	New Version
Eirini	1.6.0	1.7.0
UAA	v74.21.0	v74.23.0
metric-proxy		0.2.0

Integration updates

• Built a long-running environment to validate and measure cf-for-k8s upgradability and availability over time.
• Use PRs as a single point of entry to validate all contributions to cf-for-k8s.

What we are working on next

• Define a clear versioning contract between the Platform engineers, cf-for-k8s, and contributing projects. Our goal is to submit the proposal to the community in a week or so after this release.
• Incorporate CATS tests into cf-for-k8s workflows.
• Collaborate with Credhub team to integrate Quarks server-side password generation. With Quarks, Platform engineers will no longer be required to provide passwords (or run bosh-cli based script to generate passwords) and rely on Quarks to generate them in the K8s cluster. It is similar to the functionality available today in cf-deployment with Credhub integration.
• Identify and document app structural differences required by Paketo Buildpacks to detect and build the image.
• Move roadmap to github projects and use milestones to plan future releases. Our hope is that github projects/milestones will create transparency with the community and make it easier for contributors to participate and contribute to cf-for-k8s.

Have a question, reach out to us

Our slack channels

• #cf-for-k8s
• #release-integration

Interested in contributing?

• The easiest way to get involved is to start attending the SIG meetings, join the #cf-for-k8s slack channel, and subscribe to the [email protected] mailing list.
• You can also start by improving the docs. Install cf-for-k8s using the deploy docs and if you notice issues or discrepancies in the docs, you can submit a PR.