Changes from v0.1490.0 to v0.1491.0
- Verified with garden-runc-release v1.0.3.
- Verified with garden-windows-bosh-release v0.0.9.
- Verified with etcd-release v86.
- Verified with cf-mysql-release v32.
- Verified with cflinuxfs2-rootfs-release v1.40.0.
IMPORTANT: This version of Diego removes support for the experimental Docker image “caching” feature. The CAPI team has also already effectively ended support for this feature in their work to merge the ‘stager’ CC-Bridge component into Cloud Controller and to submit all Diego workloads as unprivileged containers. If your Docker-image-based app fails to stage correctly, try unsetting its
DIEGO_DOCKER_CACHE environment variable. In practice, developers have been interested in the “caching” staging process primarily because it allowed them to run Docker images from registries that required authentication, and we hope to have first-class support for that use case soon.
BBS Relational Datastore
- As a Diego operator, I expect to have comprehensive documentation about using a Postgres data store for the BBS (in flight)
- SQL encryption db should re-encrypt routes data
- As a Diego operator, I expect the rep always to shut down when destroying residual containers after evacuation times out
- cloudfoundry/diego-ssh #25: Additional Security Logging Requested
- cloudfoundry/diego-ssh #26: Extract username, userid from token and use for additional security logging
- As a Diego operator, I expect the docker app lifecycle no longer to support the image-caching staging option
- Pull consul_agent and metron_agent from cf-release
- cloudfoundry/diego-release #223: Pull windows job from CF instead of garden-windows
Component Logging and Metrics
- cloudfoundry/diego-release #224: Add syslog for rep_windows job
- Fix regression in new garden container creation/deletion metrics
- As a Diego operator, I would like to observe each cell to report metrics about how long garden takes to destroy a container or to fail to create a container
Test Suites and Tooling
- Potential race condition in fake_clock
- cloudfoundry/clock #1: Fixes a race condition that can happen when timers are used as tickers
- As a Diego security auditor, I expect not to observe credentials in the ssh-proxy command line
- As a Diego operator, I would like to ensure that TLS communication to Diego components uses strong ciphers and protocols
- As a CF operator, I expect the diego-release AWS example instructions to deploy a secure BOSH director
- As a Diego operator, I expect to be able to override the instance types of the Diego VMs in the AWS example instructions
BOSH job changes
BOSH property changes
Upload this release version to the Director:
$ bosh upload-release https://bosh.io/d/github.com/cloudfoundry/diego-release?v=0.1491.0 --sha1 b30c9ad37e3ff5da6a65bd5852127ea27ff1b278
Modify deployment manifest to use this release in addition to any other used releases:
releases: - name: diego version: "0.1491.0"
Finally add needed deployment jobs and specify values for required properties.
Optionally download sha1: b30c9ad37e3ff5da6a65bd5852127ea27ff1b278 release tarball locally:
# ...or download it directly using curl $ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/diego-release?v=0.1491.0 # or with wget... $ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/diego-release?v=0.1491.0