Releases: EngineerBetter/control-tower
control-tower 0.23.0
This is part 2 of the upgrade to NATS v2.0 which updates BOSH to v276.1.0.
Please upgrade to 0.22.x prior to upgrading to this version!
director_bosh_cpi_release_aws: 93 > 95
director_bosh_cpi_release_gcp: 43.0.0 > 45.0.0
director_bosh_release: 273.0.0 > 276.1.0
director_bpm_release: 1.1.18 > 1.1.19
director_stemcell_aws: 0.3 > 1.44
director_stemcell_gcp: 0.2 > 1.44
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.122
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.44
- Concourse 7.8.3
- BOSH 276.1.0
- BOSH AWS CPI 95
- BPM 1.1.19
- Credhub 2.12.12
- Grafana 0.0.60
- InfluxDB 8.0.14
- UAA 75.23.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.122
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.44
- Concourse 7.8.3
- BOSH 276.1.0
- BOSH GCP CPI 45.0.0
- BPM 1.1.19
- Credhub 2.12.12
- Grafana 0.0.60
- InfluxDB 8.0.14
- UAA 75.23.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.470) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.22.1
Auto-generated release
Updates:
- Upgrade Ginkgo and Gomega
- Bump google.golang.org/api from 0.98.0 to 0.101.0
- Upgrade aws sdk
- Upgrade lego
- Upgrade aws sdk
- Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
- Bump github.com/GoogleCloudPlatform/cloudsql-proxy from 1.32.0 to 1.33.0
- Bump github.com/aws/aws-sdk-go from 1.44.126 to 1.44.127
- Upgrade aws sdk
- Upgrade gomega
- Upgrade indirect dependencies
- Bump github.com/aws/aws-sdk-go from 1.44.131 to 1.44.132
- Upgrade ginkgo
- Update cloud.google.com/go/storage
- Add database information
- Update all dependencies
- grafana_release: 0.0.58 > 0.0.60
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.122
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 0.3
- Concourse 7.8.3
- BOSH 273.0.0
- BOSH AWS CPI 93
- BPM 1.1.18
- Credhub 2.12.12
- Grafana 0.0.60
- InfluxDB 8.0.14
- UAA 75.23.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.122
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 0.2
- Concourse 7.8.3
- BOSH 273.0.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.18
- Credhub 2.12.12
- Grafana 0.0.60
- InfluxDB 8.0.14
- UAA 75.23.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.469) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.22.0
Adds --persistent-disk as a deploy flag to enable the selection of a larger persistent disk for web instances. If this option is not supplied, the default persistent disk option is selected where the disk is an equivalent size to the previous version. Valid options are:
small:20GBdefault:50GBmedium:100GBlarge:200GB
This release also contains changes to the NATS MBUS URL in preparation for NATS v2.0 update in BOSH v274.0.0.
concourse_release: 7.8.2 > 7.8.3
credhub_release: 2.12.6 > 2.12.12
grafana_release: 0.0.45 > 0.0.58
stemcell_aws: 1.92 > 1.122
stemcell_gcp: 1.92 > 1.122
uaa_release: 75.22.0 > 75.23.0
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.122
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 0.3
- Concourse 7.8.3
- BOSH 273.0.0
- BOSH AWS CPI 93
- BPM 1.1.18
- Credhub 2.12.12
- Grafana 0.0.58
- InfluxDB 8.0.14
- UAA 75.23.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.122
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 0.2
- Concourse 7.8.3
- BOSH 273.0.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.18
- Credhub 2.12.12
- Grafana 0.0.58
- InfluxDB 8.0.14
- UAA 75.23.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.467) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.21.0
Adds --github-auth-host and --github-auth-ca-cert as deploy flags to enable GitHub Auth to be configured with a GitHub Enterprise server as an alternative to github.com.
Both flags must be provided together; a CA cert is always needed, even if the server's TLS certificate is not self-signed. The new flags must also be used in conjunction with the existing flags --github-auth-client-id and --github-auth-client-secret.
You can grant main team access to particular users, or members of orgs or teams that are configured in your GitHub Enterprise server by also providing GitHub main team auth flags
This release also bumps the following stemcell versions:
director_stemcell_aws: 1.88 > 1.90
director_stemcell_gcp: 1.88 > 1.90
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.90
- Concourse 7.7.1
- BOSH 272.5.0
- BOSH AWS CPI 93
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.90
- Concourse 7.7.1
- BOSH 272.5.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.446) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.20.4
dd9f901
radiosilence
James Cleveland
Auto-generated release
director_bosh_release: 272.4.0 > 272.5.0
director_stemcell_aws: 1.87 > 1.88
director_stemcell_gcp: 1.87 > 1.88
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.88
- Concourse 7.7.1
- BOSH 272.5.0
- BOSH AWS CPI 93
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.88
- Concourse 7.7.1
- BOSH 272.5.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.446) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.20.3
Auto-generated release
director_stemcell_aws: 1.85 > 1.87
director_stemcell_gcp: 1.85 > 1.87
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.87
- Concourse 7.7.1
- BOSH 272.4.0
- BOSH AWS CPI 93
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.87
- Concourse 7.7.1
- BOSH 272.4.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.441) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.20.2
Auto-generated release
director_stemcell_aws: 1.84 > 1.85
director_stemcell_gcp: 1.84 > 1.85
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.85
- Concourse 7.7.1
- BOSH 272.4.0
- BOSH AWS CPI 93
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.85
- Concourse 7.7.1
- BOSH 272.4.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.443) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.20.1
Auto-generated release
director_bosh_release: 272.3.0 > 272.4.0
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.84
- Concourse 7.7.1
- BOSH 272.4.0
- BOSH AWS CPI 93
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.84
- Concourse 7.7.1
- BOSH 272.4.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.441) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.20.0
tl;dr: Migrate to using specific service account credentials for self-update pipeline
When we first introduced the self-update pipeline we followed the "simplest thing that works" approach and configured it so that the pipeline would be configured with the session credentials. In other words the AWS or GCP creds used on the last manual run of control-tower deploy would be writted into the self-update pipeline's yaml then the pipeline would be set. This isn't ideal because it means anyone with access to the main team can easily see the credentials of the person who last ran control-tower deploy in plain-text.
This release uses terraform to create a specific self-update user then loads the creds for that user into credhub so that the self-update pipeline can read them at run time. This means that not only are the session creds no longer used but also that the new creds don't show up in the update output nor in the output of fly get-pipeline.
On AWS the service user is further restricted to only have permissions when calls originate from the NAT IP of the worker VMs (i.e. when run from a Concourse task).
Dependency bumps:
director_bosh_release: 272.2.0 > 272.3.0
director_bpm_release: 1.1.17 > 1.1.18
director_stemcell_aws: 1.79 > 1.84
director_stemcell_gcp: 1.79 > 1.84
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.84
- Concourse 7.7.1
- BOSH 272.3.0
- BOSH AWS CPI 93
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.84
- Concourse 7.7.1
- BOSH 272.3.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.18
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.441) to the same level as control-tower to get the required manifests and ops files.
control-tower 0.19.5
Auto-generated release
director_stemcell_aws: 1.76 > 1.79
director_stemcell_gcp: 1.76 > 1.79
Golang version bump to 1.18.1
Deploys:
AWS
- Concourse VM stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-aws-xen-hvm-ubuntu-bionic-go_agent 1.79
- Concourse 7.7.1
- BOSH 272.2.0
- BOSH AWS CPI 93
- BPM 1.1.17
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
GCP
- Concourse VM stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.76
- Director stemcell bosh-google-kvm-ubuntu-bionic-go_agent 1.79
- Concourse 7.7.1
- BOSH 272.2.0
- BOSH GCP CPI 43.0.0
- BPM 1.1.17
- Credhub 2.12.3
- Grafana 0.0.31
- InfluxDB 8.0.14
- UAA 75.18.0
- BOSH CLI 5.5.1
- Terraform 0.11.11
Note to build locally you will need to clone control-tower-ops (version 0.0.438) to the same level as control-tower to get the required manifests and ops files.