2.72.0
tas-runtime-bot
released this
04 Mar 07:07
·
995 commits
to develop
since this release
Changes
- Envoy bump to 1.25.1
- Metric tags can be updated for running containers
- Support for configurable entrypoints in buildpackapplifecycle (cloudfoundry/buildpackapplifecycle#58)
Bosh Job Spec changes:
diff --git a/jobs/auctioneer/spec b/jobs/auctioneer/spec
index 4fd93c8b2..ae685ceb9 100644
--- a/jobs/auctioneer/spec
+++ b/jobs/auctioneer/spec
@@ -88,13 +88,6 @@ properties:
diego.auctioneer.locket.api_location:
description: "Hostname and port of the Locket server. When set, the auctioneer attempts to claim a lock from the Locket API."
default: locket.service.cf.internal:8891
- diego.auctioneer.skip_consul_lock:
- default: false
- description: "Set to 'true' for the auctioneer to skip acquiring a Consul lock. Requires 'diego.auctioneer.locket.api_location' to be set."
-
- enable_consul_service_registration:
- description: "Enable the auctioneer to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
locks.locket.enabled:
description: When set, the auctioneer attempts to claim a lock from the Locket API.
diff --git a/jobs/bbs/spec b/jobs/bbs/spec
index 11cd996f0..b6f1040c2 100644
--- a/jobs/bbs/spec
+++ b/jobs/bbs/spec
@@ -140,16 +140,6 @@ properties:
diego.bbs.locket.api_location:
description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API."
default: locket.service.cf.internal:8891
- diego.bbs.skip_consul_lock:
- default: false
- description: "Set to 'true' for the BBS to skip acquiring a Consul lock. Requires 'diego.bbs.locket.api_location' to be set."
- diego.bbs.detect_consul_cell_registrations:
- default: true
- description: "Whether the BBS should detect Diego cell registrations present in the Consul key-value store. To prevent unexpected loss of capacity, set to 'false' only when the BBS uses Locket and when all Diego cells in the cluster maintain their registrations via Locket."
-
- enable_consul_service_registration:
- description: "Enable the BBS to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
limits.open_files:
description: Maximum number of files (including sockets) the BBS process may have open.
diff --git a/jobs/file_server/spec b/jobs/file_server/spec
index 7d50581a3..dddda86c2 100644
--- a/jobs/file_server/spec
+++ b/jobs/file_server/spec
@@ -59,10 +59,6 @@ properties:
tls.key:
description: "PEM-encoded tls key"
- enable_consul_service_registration:
- description: "Enable the file-server to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
-
logging.format.timestamp:
description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
default: "unix-epoch"
diff --git a/jobs/locket/spec b/jobs/locket/spec
index 0bbcc4c7b..640651ffb 100644
--- a/jobs/locket/spec
+++ b/jobs/locket/spec
@@ -66,9 +66,6 @@ properties:
default: false
diego.locket.sql.ca_cert:
description: "Bundle of CA certificates for the Locket to verify the SQL server SSL certificate when connecting via SSL"
- enable_consul_service_registration:
- description: "Enable the Locket server to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
logging.format.timestamp:
description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
diff --git a/jobs/rep/spec b/jobs/rep/spec
index e2d40d28c..8591fb6ba 100644
--- a/jobs/rep/spec
+++ b/jobs/rep/spec
@@ -9,9 +9,6 @@ templates:
trusted_ca_certificates.json.erb: config/certs/rep/trusted_ca_certificates.json
instance_identity.crt.erb: config/certs/rep/instance_identity.crt
instance_identity.key.erb: config/certs/rep/instance_identity.key
- consul_ca.crt.erb: config/certs/consul/ca.crt
- consul_client.crt.erb: config/certs/consul/client.crt
- consul_client.key.erb: config/certs/consul/client.key
rep.json.erb: config/rep.json
bpm.yml.erb: config/bpm.yml
bpm-pre-start.erb: bin/bpm-pre-start
@@ -106,16 +103,6 @@ properties:
tls.ca_cert:
description: "REQUIRED: PEM-encoded tls client CA certificate for asset upload/download"
- diego.rep.consul.require_tls:
- description: "Require mutual TLS to talk to the local consul API"
- default: false
- diego.rep.consul.ca_cert:
- description: "PEM-encoded CA certificate"
- diego.rep.consul.client_cert:
- description: "PEM-encoded client certificate"
- diego.rep.consul.client_key:
- description: "PEM-encoded client key"
-
diego.executor.memory_capacity_mb:
description: "the memory capacity the executor should manage. this should not be greater than the actual memory on the VM"
default: "auto"
@@ -228,12 +215,9 @@ properties:
default: "rep"
diego.rep.locket.api_location:
- description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API instead of in the Consul key-value store."
+ description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API."
default: locket.service.cf.internal:8891
- enable_consul_service_registration:
- description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+"
default: false
diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
index 2933d2dbc..4fc4504bf 100644
--- a/jobs/rep_windows/spec
+++ b/jobs/rep_windows/spec
@@ -9,9 +9,6 @@ templates:
trusted_ca_certificates.json.erb: config/certs/rep/trusted_ca_certificates.json
instance_identity.crt.erb: config/certs/rep/instance_identity.crt
instance_identity.key.erb: config/certs/rep/instance_identity.key
- consul_ca.crt.erb: config/certs/consul/ca.crt
- consul_client.crt.erb: config/certs/consul/client.crt
- consul_client.key.erb: config/certs/consul/client.key
rep.json.erb: config/rep.json
loggregator_ca.crt.erb: config/certs/loggregator/ca.crt
loggregator_client.crt.erb: config/certs/loggregator/client.crt
@@ -102,16 +99,6 @@ properties:
tls.ca_cert:
description: "REQUIRED: PEM-encoded tls client CA certificate for asset upload/download"
- diego.rep.consul.require_tls:
- description: "Require mutual TLS to talk to the local consul API"
- default: false
- diego.rep.consul.ca_cert:
- description: "PEM-encoded CA certificate"
- diego.rep.consul.client_cert:
- description: "PEM-encoded client certificate"
- diego.rep.consul.client_key:
- description: "PEM-encoded client key"
-
diego.executor.memory_capacity_mb:
description: "the memory capacity the executor should manage. this should not be greater than the actual memory on the VM"
default: "auto"
@@ -241,9 +228,6 @@ properties:
description: "Hostname and port of the locket server"
default: locket.service.cf.internal:8891
- enable_consul_service_registration:
- description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action."
default: false
diff --git a/jobs/route_emitter/spec b/jobs/route_emitter/spec
index 7c84cbba4..faac3b0c5 100644
--- a/jobs/route_emitter/spec
+++ b/jobs/route_emitter/spec
@@ -146,9 +146,6 @@ properties:
description: "Cert used to communicate with local metron agent over gRPC"
loggregator.key:
description: "Key used to communicate with local metron agent over gRPC"
- locks.consul.enabled:
- description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Consul API."
- default: true
locks.locket.enabled:
description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Locket API."
default: true
diff --git a/jobs/route_emitter_windows/spec b/jobs/route_emitter_windows/spec
index d86340e8f..404c9f518 100644
--- a/jobs/route_emitter_windows/spec
+++ b/jobs/route_emitter_windows/spec
@@ -146,9 +146,6 @@ properties:
description: "Cert used to communicate with local metron agent over gRPC"
loggregator.key:
description: "Key used to communicate with local metron agent over gRPC"
- locks.consul.enabled:
- description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Consul API."
- default: true
locks.locket.enabled:
description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Locket API."
default: true
diff --git a/jobs/ssh_proxy/spec b/jobs/ssh_proxy/spec
index a2919c5ab..cd39dbd52 100644
--- a/jobs/ssh_proxy/spec
+++ b/jobs/ssh_proxy/spec
@@ -119,9 +119,6 @@ properties:
connect_to_instance_address:
description: "Connect directly to container IP instead of to the host IP and external port. Suitable only for deployments in which the gorouters and TCP routers can route directly to the container IP of instances."
default: false
- enable_consul_service_registration:
- description: "Enable the ssh-proxy to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
logging.format.timestamp:
description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
✨ Built with go 1.20.1
Full Changelog: v2.71.0...v2.72.0