IMPORTANT

• The cloud_controller_clock can now be deployed in an HA configuration. For users of cf-release manifest generation, this will happen in an upcoming version of cf-release. For users customizing their deployment manifest, we now recommend running the cloud_controller_clock job in 2 availability zones. These jobs can be on their own VM or colocated with other jobs.

CC API Version: 2.69.0 and 3.4.0

Service Broker API Version: 2.11

CAPI Release

Cloud Controller

• Cloud Controller has a TLS server on the Internal Consul DNS hostname details
• Cloud Controller should set VCAP_APP_PORT environment variable to the same thing as PORT environment variable on Diego details
• Scaling an app on Diego while it is staging results in an Unknown Error details
• DROPLETS should use SHA-256 to ensure they have not been corrupted or tampered with details
• Make cloud_controller_clock HA details

Pull Requests and Issues

• cloudfoundry/cloud_controller_ng#754: find_error needs Ruby to be added to path details

Job Spec Changes

• Valid properties.uaa.sslPrivateKey, properties.uaa.sslCertificate, and properties.uaa.ca_cert are now required for the CC to communicate with UAA via the internal HTTPS endpoint (normally to uaa.service.cf.internal). The script in cf-release can be used to generate a self-signed certificate, private key, and ca cert.
• Added cc.diego_sync.frequency_in_seconds, the frequency with which we'll enqueue a job to ensure Diego is in sync. This synchronization is still experimental and is not used by default yet. Defaults to 30-seconds.