Releases: cloudfoundry/diego-release
Releases · cloudfoundry/diego-release
2.82.0
Changes
- Diego now supports reading container networking metrics from garden, and publishing them along with other app container metrics. (cloudfoundry/diego-logging-client#82, cloudfoundry/executor#83)
- Requires garden-runc-release v1.38.0 and cf-networking-release v3.33.0.
- Thanks @geigerj0 and @JVecsei1!
- Removed usage of the
code.cloudfoundry.org/systemcertspackage in favor of golang's builtin functionality. - Bumped to golang 1.21.0
✨ Built with go 1.21.0
Full Changelog: v2.81.0...v2.82.0
Resources
Contributors
geigerj0 and JVecsei1
Assets 3
2.81.0
Changes
- Healthchecks for process startup have been renamed from "readiness" to "startup" to better indicate that it is the initial liveness check to ensure the process has started. After completing, it is superceded by the liveness check, which has had no changes.
- Adds support for "readiness" checks on processes. The purpose of readiness checks are to determine whether a process is capable of serving traffic or not. This is contrasted now with liveness checks which determine if the process is in a state that requires it to be restarted. Readiness checks can be used to pull a process out of service when they fail, while not restarting the process. Once readiness is passing again, the process will be re-added into the service pool. Removal/addition of processes to the service pool is done via route-emitter.
cfdot actual-lrpsnow behaves in a more expected behavior regarding the display ofhost_tls_proxy_port. It should always be preset, even if the value is0.- Bumped to golang 1.20.7.
✨ Built with go 1.20.7
Full Changelog: v2.80.0...v2.81.0
Resources
2.80.0
2.79.0
Changes
- [Feature Improvement]: Use routing_info for desired_lrp's when there are missing actual_lrp's cloudfoundry/route-emitter#26. Thank you for this contribution @klapkov!
- [Feature]: Support distributed tracing cloudfoundry/route-emitter#24. Thank you @mariash for this contribution!
- [Bug Fix]: Fix bug with cachedownloader in PR cloudfoundry/cacheddownloader#26. Fixes issue #773. Thank you @vlast3k for this contribution!
- [Bug Fix]: Resolves a race condition in BBS when the replacement for a suspect LRP has started.
✨ Built with go 1.20.5
Full Changelog: v2.78.0...v2.79.0
Resources
Contributors
mariash, vlast3k, and klapkov
Assets 3
2.78.0
Changes
- Bumped to golang 1.20.5
- Vizzini now defaults to cflinuxfs4
Bosh Job Spec changes:
diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
index 40b5eb74b..6ff53c654 100644
--- a/jobs/vizzini/spec
+++ b/jobs/vizzini/spec
@@ -73,7 +73,7 @@ properties:
default_rootfs:
description: "Default preloaded rootfs to target for running Tasks and LRPs"
- default: "preloaded:cflinuxfs3"
+ default: "preloaded:cflinuxfs4"
grace_tarball_url:
description: "URL for the grace test asset"
✨ Built with go 1.20.5
Full Changelog: v2.77.0...v2.78.0
Resources
2.77.0
Changes
- Adds support for B3 Trace ID logging across diego component requests
- Timeouts in for executor's uploader have been increased to 500ms
- Byte-based logging limits for LRPs and Tasks now emit only once per second
- LRPs can now have liveness and readiness check intervals defined when the LRP is created.
- Dependency Bumps:
- code.cloudfoundry.org/archiver a23cadd462ce
- code.cloudfoundry.org/certsplitter a2c6caf14c29
- code.cloudfoundry.org/cf-tcp-router ecebe81f2c0c
- code.cloudfoundry.org/credhub-cli 439bdb2
- code.cloudfoundry.org/debugserver 70a733dc508f
- code.cloudfoundry.org/diego-logging-client 40495b68ac2e
- code.cloudfoundry.org/durationjson 7a601daf48ee
- code.cloudfoundry.org/eventhub 8efdeac72e14
- code.cloudfoundry.org/garden 8444ff5a31d7
- code.cloudfoundry.org/goshims v0.17.0
- code.cloudfoundry.org/grootfs 79fecf24
- code.cloudfoundry.org/guardian 98f55817772e
- code.cloudfoundry.org/idmapper a410520
- code.cloudfoundry.org/localip 2ea90d997658
- github.com/aws/aws-sdk-go v1.44.269
- github.com/awslabs/amazon-ecr-credential-helper/ecr-login 7f2db5bd753e
- github.com/cloudfoundry/dropsonde v1.1.0
- github.com/docker/docker v24.0.1+incompatible
- github.com/envoyproxy/go-control-plane ba92d50b6596
- github.com/nats-io/nats-server/v2 v2.9.17
- github.com/nats-io/nats.go v1.26.0
- github.com/onsi/ginkgo/v2 v2.9.5
- github.com/onsi/gomega v1.27.7
- github.com/tedsuo/ifrit 7862c310ad26
- golang.org/x/sys v0.8.0
- google.golang.org/grpc v1.55.0
✨ Built with go 1.20.4
Full Changelog: v2.76.0...v2.77.0
Resources
2.76.0
Changes
- Bump to Go 1.20.4
- Bump dependencies
Bosh Job Spec changes:
diff --git a/jobs/auctioneer/spec b/jobs/auctioneer/spec
index ae685ceb9..1fac48936 100644
--- a/jobs/auctioneer/spec
+++ b/jobs/auctioneer/spec
@@ -88,6 +88,12 @@ properties:
diego.auctioneer.locket.api_location:
description: "Hostname and port of the Locket server. When set, the auctioneer attempts to claim a lock from the Locket API."
default: locket.service.cf.internal:8891
+ diego.auctioneer.locket.client_keepalive_time:
+ description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
+ default: 10
+ diego.auctioneer.locket.client_keepalive_timeout:
+ description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
+ default: 22
locks.locket.enabled:
description: When set, the auctioneer attempts to claim a lock from the Locket API.
diff --git a/jobs/bbs/spec b/jobs/bbs/spec
index b6f1040c2..9204a8d4c 100644
--- a/jobs/bbs/spec
+++ b/jobs/bbs/spec
@@ -140,6 +140,12 @@ properties:
diego.bbs.locket.api_location:
description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API."
default: locket.service.cf.internal:8891
+ diego.bbs.locket.client_keepalive_time:
+ description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
+ default: 10
+ diego.bbs.locket.client_keepalive_timeout:
+ description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
+ default: 22
limits.open_files:
description: Maximum number of files (including sockets) the BBS process may have open.
diff --git a/jobs/rep/spec b/jobs/rep/spec
index df7bd7c49..1383b67c0 100644
--- a/jobs/rep/spec
+++ b/jobs/rep/spec
@@ -217,6 +217,12 @@ properties:
diego.rep.locket.api_location:
description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API."
default: locket.service.cf.internal:8891
+ diego.rep.locket.client_keepalive_time:
+ description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
+ default: 10
+ diego.rep.locket.client_keepalive_timeout:
+ description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
+ default: 22
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+"
diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
index 4fc4504bf..023d76f18 100644
--- a/jobs/rep_windows/spec
+++ b/jobs/rep_windows/spec
@@ -227,7 +227,13 @@ properties:
diego.rep.locket.api_location:
description: "Hostname and port of the locket server"
default: locket.service.cf.internal:8891
-
+ diego.rep.locket.client_keepalive_time:
+ description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
+ default: 10
+ diego.rep.locket.client_keepalive_timeout:
+ description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
+ default: 22
+
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action."
default: false
diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
index fa6c8d0d0..40b5eb74b 100644
--- a/jobs/vizzini/spec
+++ b/jobs/vizzini/spec
@@ -47,9 +47,6 @@ properties:
vizzini.verbose:
description: Run tests in verbose mode
default: false
- vizzini.stream:
- description: Stream output from parallel test nodes. This option will lead to less coherent output but is useful when debugging
- default: false
enable_declarative_healthcheck:
description: "When set, enables the declarative check tests in vizzini"
✨ Built with go 1.20.4
Full Changelog: v2.75.0...v2.76.0
Resources
2.75.0
Changes
- Bump ginkgo to v2 and lager to v3
- [Bug fix] Rep does not clean up resources when deleting container fails
✨ Built with go 1.20.3
Full Changelog: v2.73.0...v2.75.0
Resources
2.73.0
Changes
- Bumps github.com/golang-jwt/jwt/v4 from
4.2.0to4.5.0. - Update diego-logging-client to SendSpikeMetrics with EmitTimer instead of EmitGauge (#714)
Bosh Job Spec changes:
diff --git a/jobs/rep/spec b/jobs/rep/spec
index 8591fb6ba..df7bd7c49 100644
--- a/jobs/rep/spec
+++ b/jobs/rep/spec
@@ -182,7 +182,7 @@ properties:
description: "Environment variables to use when running the garden health check"
default: ""
diego.executor.post_setup_hook:
- description: "Experimental: arbitrary command to run after setup action"
+ description: "Experimental: arbitrary command to run after setup action. WARNING: this applies to both buildpack + docker app lifecycles. Any commands specified here *MUST* exist in any docker image being run, or the app will fail to start"
diego.executor.post_setup_user:
description: "Experimental: user to run post setup hook command"
diego.executor.volman.driver_paths:
diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
index 57feb767a..fa6c8d0d0 100644
--- a/jobs/vizzini/spec
+++ b/jobs/vizzini/spec
@@ -80,11 +80,11 @@ properties:
grace_tarball_url:
description: "URL for the grace test asset"
- default: "https://storage.googleapis.com/diego-assets-bucket/grace.tar.gz"
+ default: "https://storage.googleapis.com/diego-assets/grace.tar.gz"
grace_tarball_checksum:
description: "grace test asset sha1 checksum"
grace_busybox_image_url:
description: "grace test asset busybox container image"
- default: "docker:///cfdiegodocker/grace"
+ default: "docker:///cloudfoundry/grace"
✨ Built with go 1.20.2
Full Changelog: v2.72.0...v2.73.0
Resources
2.72.0
Changes
- Envoy bump to 1.25.1
- Metric tags can be updated for running containers
- Support for configurable entrypoints in buildpackapplifecycle (cloudfoundry/buildpackapplifecycle#58)
Bosh Job Spec changes:
diff --git a/jobs/auctioneer/spec b/jobs/auctioneer/spec
index 4fd93c8b2..ae685ceb9 100644
--- a/jobs/auctioneer/spec
+++ b/jobs/auctioneer/spec
@@ -88,13 +88,6 @@ properties:
diego.auctioneer.locket.api_location:
description: "Hostname and port of the Locket server. When set, the auctioneer attempts to claim a lock from the Locket API."
default: locket.service.cf.internal:8891
- diego.auctioneer.skip_consul_lock:
- default: false
- description: "Set to 'true' for the auctioneer to skip acquiring a Consul lock. Requires 'diego.auctioneer.locket.api_location' to be set."
-
- enable_consul_service_registration:
- description: "Enable the auctioneer to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
locks.locket.enabled:
description: When set, the auctioneer attempts to claim a lock from the Locket API.
diff --git a/jobs/bbs/spec b/jobs/bbs/spec
index 11cd996f0..b6f1040c2 100644
--- a/jobs/bbs/spec
+++ b/jobs/bbs/spec
@@ -140,16 +140,6 @@ properties:
diego.bbs.locket.api_location:
description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API."
default: locket.service.cf.internal:8891
- diego.bbs.skip_consul_lock:
- default: false
- description: "Set to 'true' for the BBS to skip acquiring a Consul lock. Requires 'diego.bbs.locket.api_location' to be set."
- diego.bbs.detect_consul_cell_registrations:
- default: true
- description: "Whether the BBS should detect Diego cell registrations present in the Consul key-value store. To prevent unexpected loss of capacity, set to 'false' only when the BBS uses Locket and when all Diego cells in the cluster maintain their registrations via Locket."
-
- enable_consul_service_registration:
- description: "Enable the BBS to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
limits.open_files:
description: Maximum number of files (including sockets) the BBS process may have open.
diff --git a/jobs/file_server/spec b/jobs/file_server/spec
index 7d50581a3..dddda86c2 100644
--- a/jobs/file_server/spec
+++ b/jobs/file_server/spec
@@ -59,10 +59,6 @@ properties:
tls.key:
description: "PEM-encoded tls key"
- enable_consul_service_registration:
- description: "Enable the file-server to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
-
logging.format.timestamp:
description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
default: "unix-epoch"
diff --git a/jobs/locket/spec b/jobs/locket/spec
index 0bbcc4c7b..640651ffb 100644
--- a/jobs/locket/spec
+++ b/jobs/locket/spec
@@ -66,9 +66,6 @@ properties:
default: false
diego.locket.sql.ca_cert:
description: "Bundle of CA certificates for the Locket to verify the SQL server SSL certificate when connecting via SSL"
- enable_consul_service_registration:
- description: "Enable the Locket server to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
logging.format.timestamp:
description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
diff --git a/jobs/rep/spec b/jobs/rep/spec
index e2d40d28c..8591fb6ba 100644
--- a/jobs/rep/spec
+++ b/jobs/rep/spec
@@ -9,9 +9,6 @@ templates:
trusted_ca_certificates.json.erb: config/certs/rep/trusted_ca_certificates.json
instance_identity.crt.erb: config/certs/rep/instance_identity.crt
instance_identity.key.erb: config/certs/rep/instance_identity.key
- consul_ca.crt.erb: config/certs/consul/ca.crt
- consul_client.crt.erb: config/certs/consul/client.crt
- consul_client.key.erb: config/certs/consul/client.key
rep.json.erb: config/rep.json
bpm.yml.erb: config/bpm.yml
bpm-pre-start.erb: bin/bpm-pre-start
@@ -106,16 +103,6 @@ properties:
tls.ca_cert:
description: "REQUIRED: PEM-encoded tls client CA certificate for asset upload/download"
- diego.rep.consul.require_tls:
- description: "Require mutual TLS to talk to the local consul API"
- default: false
- diego.rep.consul.ca_cert:
- description: "PEM-encoded CA certificate"
- diego.rep.consul.client_cert:
- description: "PEM-encoded client certificate"
- diego.rep.consul.client_key:
- description: "PEM-encoded client key"
-
diego.executor.memory_capacity_mb:
description: "the memory capacity the executor should manage. this should not be greater than the actual memory on the VM"
default: "auto"
@@ -228,12 +215,9 @@ properties:
default: "rep"
diego.rep.locket.api_location:
- description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API instead of in the Consul key-value store."
+ description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API."
default: locket.service.cf.internal:8891
- enable_consul_service_registration:
- description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+"
default: false
diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
index 2933d2dbc..4fc4504bf 100644
--- a/jobs/rep_windows/spec
+++ b/jobs/rep_windows/spec
@@ -9,9 +9,6 @@ templates:
trusted_ca_certificates.json.erb: config/certs/rep/trusted_ca_certificates.json
instance_identity.crt.erb: config/certs/rep/instance_identity.crt
instance_identity.key.erb: config/certs/rep/instance_identity.key
- consul_ca.crt.erb: config/certs/consul/ca.crt
- consul_client.crt.erb: config/certs/consul/client.crt
- consul_client.key.erb: config/certs/consul/client.key
rep.json.erb: config/rep.json
loggregator_ca.crt.erb: config/certs/loggregator/ca.crt
loggregator_client.crt.erb: config/certs/loggregator/client.crt
@@ -102,16 +99,6 @@ properties:
tls.ca_cert:
description: "REQUIRED: PEM-encoded tls client CA certificate for asset upload/download"
- diego.rep.consul.require_tls:
- description: "Require mutual TLS to talk to the local consul API"
- default: false
- diego.rep.consul.ca_cert:
- description: "PEM-encoded CA certificate"
- diego.rep.consul.client_cert:
- description: "PEM-encoded client certificate"
- diego.rep.consul.client_key:
- description: "PEM-encoded client key"
-
diego.executor.memory_capacity_mb:
description: "the memory capacity the executor should manage. this should not be greater than the actual memory on the VM"
default: "auto"
@@ -241,9 +228,6 @@ properties:
description: "Hostname and port of the locket server"
default: locket.service.cf.internal:8891
- enable_consul_service_registration:
- description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action."
default: false
diff --git a/jobs/route_emitter/spec b/jobs/route_emitter/spec
index 7c84cbba4..faac3b0c5 100644
--- a/jobs/route_emitter/spec
+++ b/jobs/route_emitter/spec
@@ -146,9 +146,6 @@ properties:
description: "Cert used to communicate with local metron agent over gRPC"
loggregator.key:
description: "Key used to communicate with local metron agent over gRPC"
- locks.consul.enabled:
- description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Consul API."
- default: true
locks.locket.enabled:
description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Locket API."
default: true
diff --git a/jobs/route_emitter_windows/spec b/jobs/route_emitter_windows/spec
index d86340e8f..404c9f518 100644
--- a/jobs/route_emitter_windows/spec
+++ b/jobs/route_emitter_windows/spec
@@ -146,9 +146,6 @@ properties:
description: "Cert used to communicate with local metron agent over gRPC"
loggregator.key:
description: "Key used to communicate with local metron agent over gRPC"
- locks.consul.enabled:
- description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Consul API."
- default: true
locks.locket.enabled:
description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Locket API."
default: true
diff --git a/jobs/ssh_proxy/spec b/jobs/ssh_proxy/spec
index a2919c5ab..cd39dbd52 100644
--- a/jobs/ssh_proxy/spec
+++ b/jobs/ssh_proxy/spec
@@ -119,9 +119,6 @@ properties:
connect_to_instance_address:
description: "Connect directly to container IP instead of to the host IP and external port. Suitabl...