-
Notifications
You must be signed in to change notification settings - Fork 399
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Service_Fabric_ReleaseNotes_91CU1.md #1409
Conversation
@@ -23,7 +23,7 @@ The following packages and versions are part of this release: | |||
|
|||
## Key Announcements | |||
|
|||
Starting 9.1.1436.9590, Service Fabric Runtime will provide a configuration on Linux and Windows called "Setup/BlockAccessToWireServer" to allow the runtime deployer to set up Access Control Lists (ACLs) on the Virtual Machine (VM) to prevent access from containers to the wire server. These ACLs will be kept in sync during new cluster creation/upgrade and VM/SF node restart scenarios. | |||
Starting 9.1.1436, the Service Fabric runtime will include a configuration setting that prevents access to specific ports of the WireServer endpoint (168.63.129.16) to Docker containers deployed as Service Fabric applications. The setting, "Setup/BlockAccessToWireServer", is supported for Service Fabric clusters deployed on Azure VMs, Windows, and Linux, and defaults to 'false' (access is permitted). Please note that enabling this setting may break containerized services that rely on access to WireServer - which is uncommon. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use "might break" instead of "may break". Also provide details on how it is expected to break it and what should the customer do if that happens.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Posting on Shamika's behalf, since she has no access: No specific way known - depends on how the customer code may be using wire server. Hence config is opt-in only
Update 9.0CU5 release notes
update announcement