Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
172 lines (102 sloc) 7.17 KB

Runtime PMC Meeting 2018-08-07


  • Announcements
  • PMC Lifecycle Activities
  • Backlog Review


  • Call for vote on Preethi Varambally as Project Lead for Container Networking

    • no objections
  • Call for vote on Peter Goetz as Project Lead for Bits-Service

    • no objections

PMC Lifecycle Activities


Backlog Reviews

CLI - Abby Chau

  • No major updates - still working on releasing cf CLI v6.38.0 which will include using multiple buildpacks, invocation health check timeout configuration, bump to Golang 1.10.3, changes to the app display which will now be backed by the v3 endpoint, support for SOCKS5, support for adding tags for user provided service instances, cf events now displays the Diego cell ID and instance guid, and new translations.
  • Continuing work on buildpacks refactoring and the buildpack association with stacks feature
  • Continuing work on changing all commands that display app information to use the new cf app display

Garden - Julz Friedman

  • Work begun on new 'CPU Entitlements' (more sane CPU metrics and sharing for CF) epic, first milestone underway
    • Milestone 0 (Underway): Make memory->cpu share mapping easy to understand for operators, by flowing it through 1:1.
    • Milestone 1 (Next): Expose new cpu metric which is relative to a cpu entitlement rather than host cpu
    • Milestone 2 (Future): Produce operator tooling showing which apps are exceeding their entitlement over a rolling window
    • Milestone 3 (Future): Throttle apps which consistently exceed entitlement such that other apps are favoured when attempting to burst over entitlement
  • Fixed some bugs in BPM support (last blocker before being able to enable rootless experimentally in production)
  • Containerd now on 10% of cells on PWS!
    • Work progressing on Containerd Milestone 2 (Using Containerd for Process creation)

Eirini (incubating) - Julz Friedman

  • Smoke tests pass!
    • Had to use StatefulSets instead of Deployments so that INSTANCE_INDEX works, decided to defer decision to use Deployments (and deprecate INSTANCE_INDEX) for later.
  • Struggling to get logcache working again - worked when we spiked it a couple months ago :(
  • Next up: get logcache working again, run the cats(!)

Garden-Windows - A William Martin

Diego - Eric Malm

  • Finished initial work on BBS API and LRP convergence changes to support maintaining routability of app instances when cells lose presence temporarily, on opt-in basis for now
  • Finished work to allow operators to restrict container ingress only to authenticated clients, building on top of route integrity
  • Container Envoy proxies get gorouters to reject them during graceful shutdown by presenting invalid certs
  • Xenial integration: made kernel-tuning behavior explicit on other Diego jobs
  • Adjusted rep directory structure to integrate correctly with garden-runc when both run in BPM
  • Documented more details of BBS API endpoint revisioning scheme

Routing - Shannon Coen

  • Integration between CF and istio-release has been tested to scale of 500 routes and 500 apps, in order to deploy to PWS we must support 20,000
  • Scaling has been temporarily put down while we add support to CC and Copilot for a weight attribute of route mapping. This will enable app developers to manage the proportion of requests sent to apps mapped to the same route.
  • Our community pair is contributing support for the Mesh Configuration Protocol to Istio Pilot, which will enable us to remove our in-process plugin for CF.

Infrastructure - Evan Farrar


  • No changes

bosh-bootloader (a.k.a bbl)

  • As of newly released v6.9.0, bbl print-env supports --name and --bucket for using state directories stored in s3 (to make it easier to target states created by bbl-state-resource)
  • BBL can set default runtime config on the director based on a default from bosh-deployment (so that all users get bosh-dns by default)
    • Will be introduced in v6.10.0
    • BBL v6.11.0 will allow ops files for the base runtime config

Release Integration - Josh Collins





postgres-release - Valeria Perticara

HAProxy - Geoff Franks

v8.9.0 was released:

- X-Forwarded-Client-Cert header is now added if client certificate is present during mutual tls
  Thanks @jgf for the addition!
- Fixed a path typo for the ttar package. Thanks @ntdt for the fix!
- HTTP health check ports are now configurable, thanks to @lowlatency!

MySQL - Marco Nicosia

Loggregator - Adam Hevenor

  • Go Routine leak discovered by SAP Partners.
  • Upgrade issues for BlueMix.
  • Configured isolated Loggregator w/expected failures
  • Implemented a gRPC Gateway for Loggregator v2 API
    • This has removed a big blocker we have seen for v2 API adoption - Mutual TLS

UAA - Sree Tummidi

  • Fixed a CVE with refresh tokens
  • Working toward next release that will have
  • Default Identity Provider support
  • OIDC external group mappings
  • ID Token Refresh for k8s

CAPI - Zach Robinson

  • Finishing server side application manifests
  • Enabling ccdb encryption key rotation
  • Encrypting traffic between gorouter and cc
  • Working on rolling application updates
  • Working on integrating perm with cc

Services API - Matthew McNeeney

  • Async binding and unbinding work is PR'd into CC!
  • Some edge cases to finish off, but about to start work on multi-service registration

Permissions (incubating) - Christopher Brown

  • CAPI integration paused while we do a little design of the fine-grained permissions to make sure there are no suprises down the road.

  • Looking into if/how we can expose our gRPC API externally to start on a CLI.

  • Adding BBR support.

PERSI - Julian Hjortshoj

Container Networking - Preethi Varambally

  • We are continuing to work on adding support for dynamic egress policies to address concerns around ASGs needing app restarts to be applied. Egress policy configuration at the app level is completed and we are currently working on supporting space level egress policies.
  • We are working towards making Polyglot Service Discovery GA.

Bits-Service (incubating) - Peter Goetz

  • Completed correctness and performance of cf push and cf v3-push. cf push is now equally fast with and without Bits-Service. v3-push had a couple of issues before it worked correctly (see release notes below).
  • Currently rolling out Bits-Service in Bluemix internal production.

New Bits-Service releases:

  • 2.8.0: Returns SHA1 and SHA256 in the response JSON payload after uploading a package.
  • 2.7.0: Fixes a bug where an uploaded package zip with many files causes an Internal Server Error due to "too many open files". This happens usually when the number of files in the zip is close to or exceeds the maximum number of file descriptors per process (defaults to 4096 on Ubuntu Trusty) (#158973873)