Releases: cloudfoundry/diego-release
Releases · cloudfoundry/diego-release
2.79.0
Changes
- [Feature Improvement]: Use routing_info for desired_lrp's when there are missing actual_lrp's cloudfoundry/route-emitter#26. Thank you for this contribution @klapkov!
- [Feature]: Support distributed tracing cloudfoundry/route-emitter#24. Thank you @mariash for this contribution!
- [Bug Fix]: Fix bug with cachedownloader in PR cloudfoundry/cacheddownloader#26. Fixes issue #773. Thank you @vlast3k for this contribution!
- [Bug Fix]: Resolves a race condition in BBS when the replacement for a suspect LRP has started.
✨ Built with go 1.20.5
Full Changelog: v2.78.0...v2.79.0
Resources
Contributors
mariash, vlast3k, and klapkov
Assets 3
2.78.0
Changes
- Bumped to golang 1.20.5
- Vizzini now defaults to cflinuxfs4
Bosh Job Spec changes:
diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
index 40b5eb74b..6ff53c654 100644
--- a/jobs/vizzini/spec
+++ b/jobs/vizzini/spec
@@ -73,7 +73,7 @@ properties:
default_rootfs:
description: "Default preloaded rootfs to target for running Tasks and LRPs"
- default: "preloaded:cflinuxfs3"
+ default: "preloaded:cflinuxfs4"
grace_tarball_url:
description: "URL for the grace test asset"
✨ Built with go 1.20.5
Full Changelog: v2.77.0...v2.78.0
Resources
2.77.0
Changes
- Adds support for B3 Trace ID logging across diego component requests
- Timeouts in for executor's uploader have been increased to 500ms
- Byte-based logging limits for LRPs and Tasks now emit only once per second
- LRPs can now have liveness and readiness check intervals defined when the LRP is created.
- Dependency Bumps:
- code.cloudfoundry.org/archiver a23cadd462ce
- code.cloudfoundry.org/certsplitter a2c6caf14c29
- code.cloudfoundry.org/cf-tcp-router ecebe81f2c0c
- code.cloudfoundry.org/credhub-cli 439bdb2
- code.cloudfoundry.org/debugserver 70a733dc508f
- code.cloudfoundry.org/diego-logging-client 40495b68ac2e
- code.cloudfoundry.org/durationjson 7a601daf48ee
- code.cloudfoundry.org/eventhub 8efdeac72e14
- code.cloudfoundry.org/garden 8444ff5a31d7
- code.cloudfoundry.org/goshims v0.17.0
- code.cloudfoundry.org/grootfs 79fecf24
- code.cloudfoundry.org/guardian 98f55817772e
- code.cloudfoundry.org/idmapper a410520
- code.cloudfoundry.org/localip 2ea90d997658
- github.com/aws/aws-sdk-go v1.44.269
- github.com/awslabs/amazon-ecr-credential-helper/ecr-login 7f2db5bd753e
- github.com/cloudfoundry/dropsonde v1.1.0
- github.com/docker/docker v24.0.1+incompatible
- github.com/envoyproxy/go-control-plane ba92d50b6596
- github.com/nats-io/nats-server/v2 v2.9.17
- github.com/nats-io/nats.go v1.26.0
- github.com/onsi/ginkgo/v2 v2.9.5
- github.com/onsi/gomega v1.27.7
- github.com/tedsuo/ifrit 7862c310ad26
- golang.org/x/sys v0.8.0
- google.golang.org/grpc v1.55.0
✨ Built with go 1.20.4
Full Changelog: v2.76.0...v2.77.0
Resources
2.76.0
Changes
- Bump to Go 1.20.4
- Bump dependencies
Bosh Job Spec changes:
diff --git a/jobs/auctioneer/spec b/jobs/auctioneer/spec
index ae685ceb9..1fac48936 100644
--- a/jobs/auctioneer/spec
+++ b/jobs/auctioneer/spec
@@ -88,6 +88,12 @@ properties:
diego.auctioneer.locket.api_location:
description: "Hostname and port of the Locket server. When set, the auctioneer attempts to claim a lock from the Locket API."
default: locket.service.cf.internal:8891
+ diego.auctioneer.locket.client_keepalive_time:
+ description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
+ default: 10
+ diego.auctioneer.locket.client_keepalive_timeout:
+ description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
+ default: 22
locks.locket.enabled:
description: When set, the auctioneer attempts to claim a lock from the Locket API.
diff --git a/jobs/bbs/spec b/jobs/bbs/spec
index b6f1040c2..9204a8d4c 100644
--- a/jobs/bbs/spec
+++ b/jobs/bbs/spec
@@ -140,6 +140,12 @@ properties:
diego.bbs.locket.api_location:
description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API."
default: locket.service.cf.internal:8891
+ diego.bbs.locket.client_keepalive_time:
+ description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
+ default: 10
+ diego.bbs.locket.client_keepalive_timeout:
+ description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
+ default: 22
limits.open_files:
description: Maximum number of files (including sockets) the BBS process may have open.
diff --git a/jobs/rep/spec b/jobs/rep/spec
index df7bd7c49..1383b67c0 100644
--- a/jobs/rep/spec
+++ b/jobs/rep/spec
@@ -217,6 +217,12 @@ properties:
diego.rep.locket.api_location:
description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API."
default: locket.service.cf.internal:8891
+ diego.rep.locket.client_keepalive_time:
+ description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
+ default: 10
+ diego.rep.locket.client_keepalive_timeout:
+ description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
+ default: 22
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+"
diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
index 4fc4504bf..023d76f18 100644
--- a/jobs/rep_windows/spec
+++ b/jobs/rep_windows/spec
@@ -227,7 +227,13 @@ properties:
diego.rep.locket.api_location:
description: "Hostname and port of the locket server"
default: locket.service.cf.internal:8891
-
+ diego.rep.locket.client_keepalive_time:
+ description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
+ default: 10
+ diego.rep.locket.client_keepalive_timeout:
+ description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
+ default: 22
+
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action."
default: false
diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
index fa6c8d0d0..40b5eb74b 100644
--- a/jobs/vizzini/spec
+++ b/jobs/vizzini/spec
@@ -47,9 +47,6 @@ properties:
vizzini.verbose:
description: Run tests in verbose mode
default: false
- vizzini.stream:
- description: Stream output from parallel test nodes. This option will lead to less coherent output but is useful when debugging
- default: false
enable_declarative_healthcheck:
description: "When set, enables the declarative check tests in vizzini"
✨ Built with go 1.20.4
Full Changelog: v2.75.0...v2.76.0
Resources
2.75.0
Changes
- Bump ginkgo to v2 and lager to v3
- [Bug fix] Rep does not clean up resources when deleting container fails
✨ Built with go 1.20.3
Full Changelog: v2.73.0...v2.75.0
Resources
2.73.0
Changes
- Bumps github.com/golang-jwt/jwt/v4 from
4.2.0to4.5.0. - Update diego-logging-client to SendSpikeMetrics with EmitTimer instead of EmitGauge (#714)
Bosh Job Spec changes:
diff --git a/jobs/rep/spec b/jobs/rep/spec
index 8591fb6ba..df7bd7c49 100644
--- a/jobs/rep/spec
+++ b/jobs/rep/spec
@@ -182,7 +182,7 @@ properties:
description: "Environment variables to use when running the garden health check"
default: ""
diego.executor.post_setup_hook:
- description: "Experimental: arbitrary command to run after setup action"
+ description: "Experimental: arbitrary command to run after setup action. WARNING: this applies to both buildpack + docker app lifecycles. Any commands specified here *MUST* exist in any docker image being run, or the app will fail to start"
diego.executor.post_setup_user:
description: "Experimental: user to run post setup hook command"
diego.executor.volman.driver_paths:
diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
index 57feb767a..fa6c8d0d0 100644
--- a/jobs/vizzini/spec
+++ b/jobs/vizzini/spec
@@ -80,11 +80,11 @@ properties:
grace_tarball_url:
description: "URL for the grace test asset"
- default: "https://storage.googleapis.com/diego-assets-bucket/grace.tar.gz"
+ default: "https://storage.googleapis.com/diego-assets/grace.tar.gz"
grace_tarball_checksum:
description: "grace test asset sha1 checksum"
grace_busybox_image_url:
description: "grace test asset busybox container image"
- default: "docker:///cfdiegodocker/grace"
+ default: "docker:///cloudfoundry/grace"
✨ Built with go 1.20.2
Full Changelog: v2.72.0...v2.73.0
Resources
2.72.0
Changes
- Envoy bump to 1.25.1
- Metric tags can be updated for running containers
- Support for configurable entrypoints in buildpackapplifecycle (cloudfoundry/buildpackapplifecycle#58)
Bosh Job Spec changes:
diff --git a/jobs/auctioneer/spec b/jobs/auctioneer/spec
index 4fd93c8b2..ae685ceb9 100644
--- a/jobs/auctioneer/spec
+++ b/jobs/auctioneer/spec
@@ -88,13 +88,6 @@ properties:
diego.auctioneer.locket.api_location:
description: "Hostname and port of the Locket server. When set, the auctioneer attempts to claim a lock from the Locket API."
default: locket.service.cf.internal:8891
- diego.auctioneer.skip_consul_lock:
- default: false
- description: "Set to 'true' for the auctioneer to skip acquiring a Consul lock. Requires 'diego.auctioneer.locket.api_location' to be set."
-
- enable_consul_service_registration:
- description: "Enable the auctioneer to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
locks.locket.enabled:
description: When set, the auctioneer attempts to claim a lock from the Locket API.
diff --git a/jobs/bbs/spec b/jobs/bbs/spec
index 11cd996f0..b6f1040c2 100644
--- a/jobs/bbs/spec
+++ b/jobs/bbs/spec
@@ -140,16 +140,6 @@ properties:
diego.bbs.locket.api_location:
description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API."
default: locket.service.cf.internal:8891
- diego.bbs.skip_consul_lock:
- default: false
- description: "Set to 'true' for the BBS to skip acquiring a Consul lock. Requires 'diego.bbs.locket.api_location' to be set."
- diego.bbs.detect_consul_cell_registrations:
- default: true
- description: "Whether the BBS should detect Diego cell registrations present in the Consul key-value store. To prevent unexpected loss of capacity, set to 'false' only when the BBS uses Locket and when all Diego cells in the cluster maintain their registrations via Locket."
-
- enable_consul_service_registration:
- description: "Enable the BBS to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
limits.open_files:
description: Maximum number of files (including sockets) the BBS process may have open.
diff --git a/jobs/file_server/spec b/jobs/file_server/spec
index 7d50581a3..dddda86c2 100644
--- a/jobs/file_server/spec
+++ b/jobs/file_server/spec
@@ -59,10 +59,6 @@ properties:
tls.key:
description: "PEM-encoded tls key"
- enable_consul_service_registration:
- description: "Enable the file-server to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
-
logging.format.timestamp:
description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
default: "unix-epoch"
diff --git a/jobs/locket/spec b/jobs/locket/spec
index 0bbcc4c7b..640651ffb 100644
--- a/jobs/locket/spec
+++ b/jobs/locket/spec
@@ -66,9 +66,6 @@ properties:
default: false
diego.locket.sql.ca_cert:
description: "Bundle of CA certificates for the Locket to verify the SQL server SSL certificate when connecting via SSL"
- enable_consul_service_registration:
- description: "Enable the Locket server to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
logging.format.timestamp:
description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
diff --git a/jobs/rep/spec b/jobs/rep/spec
index e2d40d28c..8591fb6ba 100644
--- a/jobs/rep/spec
+++ b/jobs/rep/spec
@@ -9,9 +9,6 @@ templates:
trusted_ca_certificates.json.erb: config/certs/rep/trusted_ca_certificates.json
instance_identity.crt.erb: config/certs/rep/instance_identity.crt
instance_identity.key.erb: config/certs/rep/instance_identity.key
- consul_ca.crt.erb: config/certs/consul/ca.crt
- consul_client.crt.erb: config/certs/consul/client.crt
- consul_client.key.erb: config/certs/consul/client.key
rep.json.erb: config/rep.json
bpm.yml.erb: config/bpm.yml
bpm-pre-start.erb: bin/bpm-pre-start
@@ -106,16 +103,6 @@ properties:
tls.ca_cert:
description: "REQUIRED: PEM-encoded tls client CA certificate for asset upload/download"
- diego.rep.consul.require_tls:
- description: "Require mutual TLS to talk to the local consul API"
- default: false
- diego.rep.consul.ca_cert:
- description: "PEM-encoded CA certificate"
- diego.rep.consul.client_cert:
- description: "PEM-encoded client certificate"
- diego.rep.consul.client_key:
- description: "PEM-encoded client key"
-
diego.executor.memory_capacity_mb:
description: "the memory capacity the executor should manage. this should not be greater than the actual memory on the VM"
default: "auto"
@@ -228,12 +215,9 @@ properties:
default: "rep"
diego.rep.locket.api_location:
- description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API instead of in the Consul key-value store."
+ description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API."
default: locket.service.cf.internal:8891
- enable_consul_service_registration:
- description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+"
default: false
diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
index 2933d2dbc..4fc4504bf 100644
--- a/jobs/rep_windows/spec
+++ b/jobs/rep_windows/spec
@@ -9,9 +9,6 @@ templates:
trusted_ca_certificates.json.erb: config/certs/rep/trusted_ca_certificates.json
instance_identity.crt.erb: config/certs/rep/instance_identity.crt
instance_identity.key.erb: config/certs/rep/instance_identity.key
- consul_ca.crt.erb: config/certs/consul/ca.crt
- consul_client.crt.erb: config/certs/consul/client.crt
- consul_client.key.erb: config/certs/consul/client.key
rep.json.erb: config/rep.json
loggregator_ca.crt.erb: config/certs/loggregator/ca.crt
loggregator_client.crt.erb: config/certs/loggregator/client.crt
@@ -102,16 +99,6 @@ properties:
tls.ca_cert:
description: "REQUIRED: PEM-encoded tls client CA certificate for asset upload/download"
- diego.rep.consul.require_tls:
- description: "Require mutual TLS to talk to the local consul API"
- default: false
- diego.rep.consul.ca_cert:
- description: "PEM-encoded CA certificate"
- diego.rep.consul.client_cert:
- description: "PEM-encoded client certificate"
- diego.rep.consul.client_key:
- description: "PEM-encoded client key"
-
diego.executor.memory_capacity_mb:
description: "the memory capacity the executor should manage. this should not be greater than the actual memory on the VM"
default: "auto"
@@ -241,9 +228,6 @@ properties:
description: "Hostname and port of the locket server"
default: locket.service.cf.internal:8891
- enable_consul_service_registration:
- description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
- default: true
enable_declarative_healthcheck:
description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action."
default: false
diff --git a/jobs/route_emitter/spec b/jobs/route_emitter/spec
index 7c84cbba4..faac3b0c5 100644
--- a/jobs/route_emitter/spec
+++ b/jobs/route_emitter/spec
@@ -146,9 +146,6 @@ properties:
description: "Cert used to communicate with local metron agent over gRPC"
loggregator.key:
description: "Key used to communicate with local metron agent over gRPC"
- locks.consul.enabled:
- description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Consul API."
- default: true
locks.locket.enabled:
description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Locket API."
default: true
diff --git a/jobs/route_emitter_windows/spec b/jobs/route_emitter_windows/spec
index d86340e8f..404c9f518 100644
--- a/jobs/route_emitter_windows/spec
+++ b/jobs/route_emitter_windows/spec
@@ -146,9 +146,6 @@ properties:
description: "Cert used to communicate with local metron agent over gRPC"
loggregator.key:
description: "Key used to communicate with local metron agent over gRPC"
- locks.consul.enabled:
- description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Consul API."
- default: true
locks.locket.enabled:
description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Locket API."
default: true
diff --git a/jobs/ssh_proxy/spec b/jobs/ssh_proxy/spec
index a2919c5ab..cd39dbd52 100644
--- a/jobs/ssh_proxy/spec
+++ b/jobs/ssh_proxy/spec
@@ -119,9 +119,6 @@ properties:
connect_to_instance_address:
description: "Connect directly to container IP instead of to the host IP and external port. Suitabl...2.71.0
Changes
- Removed legacy code relating to consul in diego components. This was long ago replaced by locket.
- Added helpful logging to cacheddownloader for when it retries/fails downloads. Thanks @vlast3k!
- Bumped ginkgo dependencies
- Bumps golang to 1.19.4
✨ Built with go 1.19.4
Full Changelog: v2.70.0...v2.71.0
Resources
Contributors
vlast3k
Assets 3
2.70.0
2.69.1
[Bug Fix] Remove extra host port that mapped to c2c TLS port.
[Bug Fix] Report crash event after crash reset timeout