PCF v1.12 Feature Highlights

This topic highlights important new features included in Pivotal Cloud Foundry (PCF) v1.12.

Ops Manager Highlights

Ops Manager v1.12 includes the following major features:

Migrate Non-Configurable Secrets to CredHub

Tile Authors can write a JavaScript migration to move their existing non-configurable secrets into CredHub. Ops Manager v1.12 supports migrating secret, simple_credential, rsa_pkey_credential, and salted_credential types.

For more information about this feature, see Migrating Existing Credentials to CredHub in the PCF Tile Developers Guide.

Secure BOSH Director/Agent HTTP Traffic via TLS

Ops Manager creates a TLS certificate and passes it to BOSH. This facilitates mutually authenticated and encrypted HTTP traffic between the BOSH Director and the Agent that exists on each BOSH-created VM.

Faster Upgrade and Installation Export

Ops Manager decreases the time required to upgrade by reducing the size of the file produced by Export Installation Settings by several orders of magnitude.

For upgrade instructions, see Upgrading Pivotal Cloud Foundry.

The exported installation file is smaller because Ops Manager no longer retains releases between upgrades if it has already uploaded them to BOSH. When backing up PCF, you must take this into account by backing up the BOSH blobstore that contains the uploaded releases. BOSH Backup and Restore (BBR) backs up the BOSH blobstore. For more information, see Backing Up Pivotal Cloud Foundry with BBR.

WARNING: CFOps assumed that the Ops Manager installation settings artifact contained all necessary releases, which is no longer the case in PCF v1.12. CFOps should not be used to back up and restore PCF v1.12.

Manifest-only Workflow with CredHub

This feature is relevant for operators who use Ops Manager only for manifest generation and do not click Apply Changes.

Operators who extract Ops Manager-generated manifests in order to manually deploy PCF products with BOSH can ensure credentials are migrated to CredHub and continue to be included in the deploy.

Older Ops Manager-generated manifests contained credentials in plain text. But as products migrate to use CredHub, manifests now contain placeholders so that credentials are fetched at deploy time. The extracted manifests for supporting PCF product releases automatically contain a reference to CredHub-stored credentials.

The new Ops Manager API generates a file used by CredHub to bulk load credentials from Ops Manager. Subsequent BOSH deployments result in existing credentials continuing to be supplied. The new API also includes an additional endpoint that operators can use to delete credentials from Ops Manager if needed.

For more information about using the Ops Manager API, see Using the Ops Manager API. For the complete Ops Manager API documentation, browse to https://YOUR-OPS-MANAGER-FQDN/docs.

BOSH Director Supports Multiple Runtime Configs

The BOSH Director now supports multiple named runtime configs. Operators can add, remove, and update each runtime config file independently, in order to more easily configure which Pivotal Cloud Foundry Add-ons are applied to which deployments and instance groups.

For more information about runtime configs, see the BOSH documentation.

More AWS Regions

Operators can deploy PCF and supported products to additional AWS regions. PCF now supports the following public regions:

  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2
  • ca-central-1
  • ap-south-1
  • ap-northeast-1
  • ap-northeast-2
  • ap-southeast-1
  • ap-southeast-2
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • sa-east-1

Pivotal publishes AMIs for all of these regions. The PDF downloaded from PivNet contain the new AMI IDs.

AWS GovCloud (US)

Operators can deploy Ops Manager v1.12 to AWS GovCloud (US). For more information about deploying AWS GovCloud (US), see the following AWS installation topics:

Google Shared Virtual Private Cloud

Google Shared Virtual Private Cloud (VPC), formerly known as Google Cross-Project Networking (XPN), enables you to assign Google Cloud Platform (GCP) resources to individual projects within an organization but allows communication and shared services between projects.

For more information about this feature, see Configuring a Shared VPC on GCP.

BOSH CLI v2

Ops Manager v1.12.0 uses the new version of the BOSH CLI.

There are two major releases of the BOSH CLI, and the Ops Manager Director VM includes both versions. You can bosh commands for the old CLI and bosh2 commands for the new CLI, but many old CLI commands are incompatible with the BOSH Director. See the corresponding Knowledge Base article for more information.

For more information about the differences between the old and new versions of the BOSH CLI, see the BOSH documentation.

Other Features

For information about other new features in Ops Manager v1.12, see the Pivotal Cloud Foundry Ops Manager v1.12 Release Notes.


Elastic Runtime Highlights

Elastic Runtime v1.12 includes the following major features:

Multiple Buildpack Applications

Developers can deploy applications that utilize multiple buildpacks in sequence. Developers specify the buildpacks either with the Cloud Foundry Command Line Interface (cf CLI) or through an application manifest.

Support for multiple buildpacks enables developers to use system buildpacks rather than custom buildpacks or Docker packaging. System buildpacks provide benefits such as automated patching of application server CVEs, and assures a constantly patched root file system across applications.

Elastic Runtime Uses CredHub for Simplistic Credentials

The internal credentials (secret and simple_credentials) that Elastic Runtime uses for intra-component communication are generated and stored in CredHub instead of Ops Manager.

GrootFS in Garden-runC

GrootFS replaces previously built-in functionality in Garden-runC, including:

  • File system isolation
  • Disk quota enforcement
  • Container image management

This is part of ongoing work designed to make PCF compliant with the Open Container Initiative (OCI) standards.

Application Instance Identity Credentials

Each application instance has a unique certificate and key available to it that can be used to verify the identity of the application.

This gives applications an easier way to assert their identity to other clients and services, so that appropriate authentication and authorization decisions can be made on either side of the communication.

For more information, see the App Instance Container Identity Credentials section of the TLS Connections in PCF Deployments topic.

HAProxy Release

Elastic Runtime now uses the newly incubated haproxy-boshrelease. This replacement of this job allows the tile to expose new HAProxy features.

Other Features

For information about other new features in Elastic Runtime v1.12, see the Pivotal Cloud Foundry Elastic Runtime v1.12 Release Notes.


Apps Manager Highlights

Apps Manager v1.12 includes the following features:

In-context Service Creation

Developers can create services without leaving the application or space view for an accelerated workflow.

Service Configuration Parameter Discovery

When creating a new service, developers can discover additional parameter options as fields, or a JSON editor that enables them to define the parameters.


PCF Isolation Segment Highlights

The PCF Isolation Segment v1.12 tile includes the following features:

Sharded Routers

Operators can now configure sharding mode for routers. For more information, see Installing PCF Isolation Segment.

HAProxy

You can now use an HAProxy for the Isolation Segment tile that is independent from the Elastic Runtime HAProxy.

The Isolation Segment tile includes its own HAProxy VM, which uses the haproxy-boshrelease. For more information, see Installing PCF Isolation Segment.


PCF Runtime for Windows Highlights

The PCF Runtime for Windows v1.12 tile includes the following features:

Operators Can Manage the Windows Admin Password

Operators can now manage a password strategy for the Windows admin user on Windows VMs when configuring the PCF Runtime for Windows v1.12 tile. They can use the Windows default password, specify a password, or generate random passwords for each VM. For more information, see Deploying PCF Runtime for Windows.

Windows Event Logs Consumable via Syslog

Operators can now configure a syslog endpoint for Windows Event Logs in the PCF Runtime for Windows v1.12 tile. Windows Events Logs provide a consolidated, system-level logging mechanism that is especially useful in troubleshooting problems with running applications. For more information, see Deploying PCF Runtime for Windows.


Services Highlights

PCF Metrics v1.4

The PCF Metrics v1.4 tile releases alongside PCF v1.12 and includes the following major features:

  • Support for Spring Boot Actuator metrics
  • Support for custom app metrics
  • Instance-level metrics visualization
  • Improved UI

For more information, see the PCF Metrics v1.4 documentation.

Single Sign-On v1.5

The Single Sign-On (SSO) v1.5 tile releases alongside PCF v1.12 and includes the following major features:

  • Support for enterprise SSO with Azure Active Directory using OpenID Connect (OIDC)
  • Improved framework support for SSO and the SSO connector for app developers using Spring Boot on PCF
  • New sample apps to help developer onboarding
  • Support for token exchange flow, including integration with existing enterprise identity providers

For more information, see the SSO v1.5 documentation.

RabbitMQ for PCF v1.10

RabbitMQ for PCF v1.10 offers an on-demand cluster plan. Now operators can offer three types of plans:

  • Pre-provisioned
  • On-demand single node
  • On-demand cluster

For application teams that require more isolation, on-demand plans empower them to self-serve their own RabbitMQ on a single node or cluster.

Release v1.10 also provides smoke tests for the on-demand plans so that operations teams can validate the application developer workflow for on-demand services.

For more information, see the Redis for PCF v1.10 documentation.

Redis for PCF v1.10

The Redis for PCF v1.10 tile includes the following major features:

  • General metrics enhancements for on-demand services
  • Syslog enablement with or without TLS encryption

For more information, see the RabbitMQ for PCF v1.10 documentation.

MySQL for PCF v2.1

The MySQL for PCF v2.1 tile includes the following major features:

  • Provides a new restore utility on each service instance to make restoring from a backup artifact easier
  • Adds the ability to enable or disable lower_case_table_names for all MySQL service instances or only specific service instances, which helps when migrating from legacy systems that need case insensitivity
  • Changes several MySQL server default configurations to provide better consistency and expected behavior when migrating from the MySQL for PCF v1 series

For more information, see the MySQL for PCF v2.1 documentation.

Create a pull request or raise an issue on the source for this page in GitHub