Isolation Segment v3.0 Release Notes
Page last updated:
This topic contains release notes for Isolation Segment v3.0.
VMware Tanzu Application Service for VMs (TAS for VMs) is certified by the Cloud Foundry Foundation for 2022.
For more information about the Cloud Foundry Certified Provider Program, see How Do I Become a Certified Provider? on the Cloud Foundry website.
Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs containing that patch.
Release Date: 11/15/2022
- [Feature] Add “Max request header size in kb” property to Networking tab to allow operators to specify a limit on the aggregate size of request headers. Requests over this limit receive a 431 status code.
- Bump cf-networking to version
- Bump garden-runc to version
- Bump mapfs to version
- Bump nfs-volume to version
- Bump routing to version
- Bump silk to version
- Bump smb-volume to version
## Changes * Replace `go get` with `go install` (#23) * Update vendored package golang-1-linux (#26) * Update vendored package golang-1-linux (#27) ## Dependencies * **mapfs:** Updated to v`27f8711`.
## Changes * Fix upgrade from 7.1.6 (#253) * Include openldap 2.4.44 blob in release to use it in Xenial (#254)
## Changes * Add final release 7.1.6 [ci skip] * Bump OpenLDAP package to 2.5.13 LTS, which supports xenial (#241) * Remove libnfsidmap from jammy. Was replaced by new nfs-utils (#220) * Replace `go get` with `go install` (#209) ## Dependencies * **bosh-template:** Updated to v2.3.0.
## What's Changed * Emit access logs for 431 responses to Loggegator [gorouter PR #331](https://github.com/cloudfoundry/gorouter/pull/331). Thanks @dsabeti ! * Always suspend pruning when nats is down https://github.com/cloudfoundry/routing-release/pull/287. Thanks @ameowlia ! * **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.243.0...v0.244.0 ## ✨ Built with go 1.19.2
🎉 Bumped to go1.19.2 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.242.0...v0.243.0
## What's Changed - `tcp_router` is now more verbose when running `haproxy_reloader` to assist in diagnosting failed reloads. Thanks @geofffranks! 🎉 ([PR 9](https://github.com/cloudfoundry/cf-tcp-router/pull/9)) - `gorouter` will now truncate access logs that exceed loggregator + UDP packet limits, so that we no longer drop access log messages sent to the firehose. Thanks @ameowlia @ebroberson! 😻 ([PR 328](https://github.com/cloudfoundry/gorouter/pull/328) and [PR 329](https://github.com/cloudfoundry/gorouter/pull/329)) **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.241.0...v0.242.0 ## ✨ Built with go 1.18 * despite what the docs/go.version says * because the go 1.18 package is present
🎉 ~~Bumped to go1.19.1~~ * Still using go 1.18 * despite what the docs/go.version says * because the go 1.18 package is present * @plowin submitted [gorouter PR 327](https://github.com/cloudfoundry/gorouter/pull/327) to adjust endpoint-not-unregistered log-level to 'info' **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.240.0...v0.241.0
## What's Changed * @geofffranks and @ameowlia added property `router.max_header_bytes` to the gorouter job. * This value controls the maximum number of bytes the gorouter will read parsing the request header's keys and values, including the request line. * It does not limit the size of the request body. * An additional padding of 4096 bytes is added to this value by go. * Requests with larger headers will result in a 431 status code. **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.239.0...v0.240.0 ## Manifest Property Changes | Job | Property | 0.237.0 | 0.238.0 | | --- | --- | --- | --- | | `gorouter` | `router.max_header_bytes` | didn't exist | 1048576 (1MB) | ## ✨ Built with go 1.18.6
## Changes * Update vendored package golang-1-linux (#67) * Update vendored package golang-1-linux (#70) ## Dependencies * **bosh-template:** Updated to v2.3.0.
Release Date: 10/06/2022
- [Feature Improvement] Bump component releases in time for Isolation Segment v3.0
- [Feature Improvement] Bump golang to 1.18 for diego, routing, cf-networking, and silk
- [Feature Improvement] Gorouter Metrics Toggle
- [Breaking Change] HAProxy removed
- Bump garden-runc to version
- Bump metrics-discovery to version
- Bump smoke-tests to version
Create bosh final release 4.7.0
Release Date: 09/20/2022
To install Isolation Segment v3.0, see Installing Isolation Segment.
To install Isolation Segment v3.0, you must first install Ops Manager v3.0. For more information, see the Ops Manager documentation.
There are no new features for Isolation Segment v3.0.
All VMs that TAS for VMs v3.0 deploys run on the Jammy Jellyfish stemcell described in Jammy Jellyfish Stemcell Support above. Because of this, any add-ons from other tiles or configured in the BOSH Director that are colocated on TAS for VMs VMs do not function unless they support the Jammy Jellyfish stemcell.
Tiles that are compatible TAS for VMs v3.0 already work with Jammy Jellyfish stemcells.
Further, the use of the Jammy Stemcell means TAS now requires an Ops Manager with Jammy support, which means Ops Manager version 2.10.33 or greater.
Isolation Segment v3.0 includes the following breaking changes:
In Isolation Segment v3.0, HAProxy is removed.
If you are upgrading to Isolation Segment v3.0 from Isolation Segment v2.13 or earlier, you must re-configure the following settings in the Isolation Segment tile before you upgrade:
In the Networking pane:
- If you previously selected HAProxy under TLS termination point, you must select Gorouter instead.
- If you previously configured the HAProxy IPs field, you may need to configure the Gorouter IPs field instead. Depending on how you configured the Allow SSH access to app containers and TCP routing settings, you may also need to configure the SSH Proxy IPs or TCP router IPs fields.
In the Resource Config pane:
- If you previously configured load balancers under the HAProxy, you must configure load balancers under the Router job instead. Depending on how you configured the Allow SSH access to app containers and TCP routing settings in the Networking pane, you may also need to configure load balancers under the Diego Brain or TCP Router jobs.
The global log rate limit that measures app log rates in lines per second is deprecated in favor of per-app log rate limits that measure app log rates in bytes per second.
If you have configured a global log rate limit in lines per second, VMware recommends that you re-configure your apps to use log rate limits in bytes per second.
If you still want to use the global log rate limit, logs that exceed the log rate limit are immediately dropped. Previously, logs that exceeded the log rate limit were buffered and released at the configured log rate.
For more information about app log rate limits, see App Log Rate Limiting.
There are no known issues for Isolation Segment v3.0.