- Announcements
- PMC Lifecycle Activities
- Backlog Review
- Proposal to incubate haproxy-boshrelease by Geoff Franks of Stark & Wayne
- rsyslog configuration on metron planned for removal on August 1st (please use syslog release instead).
- Very close to releasing cf CLI 6.26.0 exposing isolation segments. Reasons for the delay include updating the CI environment from bosh-lite on AWS to full bosh & cf-deployment (we need multiple Diego cells to test iso segs) on GCP (lower cost), additional feature stories stemming from a UX review of the current isolation segments related command set and current CF release, and regressions in commands that mix V2 and V3 CC APIs.
- Next release will focus on UX improvements and bug fixes around plugin installation and management.
- Cross-paired with CAPI on V3 create-app and create-package. Expecting to pick up V3 staging in a week or two when related CAPI changes have completed. These commands are for now hidden, marked experimental and whether they'll be absorbed into V3 push and other commands or will also be exposed as is will be considered later.
- Exploring CLI UX for private docker registries - shared summary on CF Dev and received positive feedback on suggested UX.
- Deploying to 50% of PWS today.
- We found an issue in PWS (caused by a race between
grootfs create
andgrootfs stats
). It's fixed in the latest release.
- Released v0.16.0 today:
- This release contains some of the features required to enable a less "manual" (and more tested) store management (
grootfs init-store
andgrootfs delete-store
calls). - We have found a way around the Kernel limitations, in order to implement rootless with the Overlay-XFS file system driver. v0.16.0 introduces two feature flags in
grootfs create
(--json
and--without-mount
) to start shifting the Garden-Groot contract in order to enable the rootless-Overlay-XFS work.
- This release contains some of the features required to enable a less "manual" (and more tested) store management (
- Resolved BBS performance degradation with 1000 locket-based cell registrations with MySQL tuning
- Cells can opt into using new v2 Loggregator API for rep component metrics (except for the Golang runtime metrics)
- Cells support mutual TLS for asset uploads and downloads
- Finishing up TCP route-registrations from the local route-emitters
- Finishing up rotation of instance-identity credentials before end of validity
- Improving locket operability in advance of recommending use for BBS and auctioneer locks
- Upcoming:
- Continuing with v2 Loggregator API support across Diego components
- Improve LRP health-check efficiency, reliability with more declarative specification
- Support CAPI in performing zero-downtime app updates
- Adding support to the Gorouter and TCP routers to filter routes by router group
- routing-release 0.149.0 shipped with some bug fixes
- Published blog post on performance improvements
- Finished draft of docs for deploying routers for isolation segments
- Cut v255
- PRs
- CC Clock is distributed (rather than a singleton) in manifest generation scripts.
- Certificate generation scripts in cf-release reduce logic duplication
- CATs errand accepts configuration of
detect_timeout
,timeout_scale
,sleep_timeout
, andtest_password
- Add necessary UAA configuration to Openstack template
- New errand for running smoke tests on Windows
- Remove deprecated
jwt
configuration
- New ops-files
use-compiled-releases.yml
allows deployers to skip compilation of cf-mysql-release. More releases to come.scale-to-one-az.yml
uses only the first AZ, and only one instance of each job.
- Starting work on the cf-release to cf-deployment migration
- Versioning
- Currently shipping patch and minor versions of cf-deployment
release-candidate
branch is still updated automatically when builds pass.master
branch is updated when we ship a new version.- First major version will occur when we've developed a migration path from cf-release.
cf-deployment-concourse-tasks
- v2.0 uses
bbl
v3 - Docker image is versioned accordingly
- v2.0 uses
- Small updates and PRs
- Add certs for Cloud Controller to CC Uploader communication
- Cloud Controller link is shared across deployments
- Disable legacy
rep
endpoints - Remove deprecated
jwt
configuration - bosh-lite cloud-config has more compilation workers
- bosh-lite has a lower default app memory
- Default quota definition allows for 100 route ports
- API workers are deployed as a separate instance group
cfdot
is deployed on all Diego jobsdiego-cell
waits fordiego-brain
to finish deploying
- Tests for AppUsageEvents are more robust against large deployments.
- Windows smoke tests use hwc buildpack rather than the binary buildpack
- Updated logic so that the smoke tests can be run from a Windows VM
- No changes
- Released postgres-release v15 that upgrades PostgreSQL to v9.6.2. NOTE: this drops support for upgrading from PostgreSQL 9.4.5
- Going to bump v15 in cf-release
- Working on bosh links
- No changes.
- Important Note: - we have been investigating possible message reliability issues starting in CF253. If you are experiencing this please contribute to the this github issue
- Finishing performance tuning and scaling tests for "Scalable Syslog". We are seeing initial reliability improvements of ~30%.
- Working on the removal of etcd
- Release planning for both of these
- Note: We are only planning to release these changse to cf-deployment
- Etcd and legacy syslog drain architecture will remain in cf-release
- UAA 3.14.0 Releases. This addresses an upgrade incompatibility issues when upgrading from 3.9.9. An advisory was sent out on cf-dev
- UAA 4.0.0 Work in progress
- Strict Validation for OAuth redirect URI
- Enforce POST method for /token and /check_token end-points
- UAA Performance Testing is in progress
- SAML IDP/SP Key Rotation
- UAA Bosh Release ERB Validations for required properties
- Enable deletion of users and clients via YML & Bosh Manifest
- UAA API docs Table of Contents load time improvements
- Version Filtering for UAA API Docs
- Continued secure diego <-> cc communication work
- Continued track to GA V3 API
- Paused adding support for MS SQL
- Submitted zero downtime deployment proposal to cf-dev
- nfs-volume-release now supports LDAP authentication to secure UIDs when communicating with NFS servers. (docs for this are still pending)
- we have an initial drop of an ECS bosh release that bosh deploys ECS (EMC elastic cloud storage) Community Edition
- BOSH deployment of ECS broker & ECS broker support for ECS NFSv3 shares are still pending in our pipeline
- Second draft of the Container Volume Interface is soon to go out for public comment, and will be the topic for the first ever CNCF Storage Working Group meeting. (Note that this brand new working group will not be the owner of the CVI--the plan is to form another CNCF CVI working group.)