Diego v1.27.0
Changes from v1.26.2 to v1.27.0
- Verified with garden-runc-release v1.9.4.
- Verified with garden-windows-bosh-release v0.8.0.
- Verified with etcd-release v117.
- Verified with cf-mysql-release v35.
- Verified with cflinuxfs2-release v1.158.0.
Significant changes
BBS Benchmarks
Container Execution
Polyglot Service Discovery Support (Experimental)
v2 Loggregator API Adoption (Experimental)
- As a Diego operator, I expect the route-emitter to emit its component and Golang metrics via the v2 loggregator API if so configured
- As a Diego operator, I expect the ssh-proxy to emit its component and Golang metrics and app logs via the v2 loggregator API if so configured (in flight)
- cloudfoundry/diego-logging-client #3: Create README.md
Per-Instance Proxy (Experimental)
- As a Diego operator, I expect the in-container Envoy proxy to terminate TLS using the instance-identity credentials so that I can verify instance-identity in-band on the connection
- Envoy proxy causes some tasks to fail to exit
Windows Support
- Users can run cf ssh to enter powershell sessions within app containers on windows 2016 cells
- cloudfoundry/diego-ssh #35: Add windows support using WinPTY
- cloudfoundry/diego-release #358: windows2016 supports cf ssh
- buildpackapplifecycle can build and launch applications on Windows 2012R2 cells
- cloudfoundry/diego-release #359: Use BAL on windows2012R2
- rep_windows should have a property to enable/disable securing bind mounted IIC/cache directories
Component Logging and Metrics
Test Suites and Tooling
- Investigate why moving to image_resource/removing diego user caused units-mysql to be really slow
- Fix flaky inigo executor tests
BOSH job changes
None.
BOSH property changes
rep_windows
- Added
diego.rep.open_bindmounts_acl
: Whether to add more permissive access controls to files that are bind-mounted to containers. Required for Windows 2016 cells. - Added
container_proxy.enabled
: Experimental property. Does not yet function on Windows cells. When set totrue
, runs an Envoy proxy per container.
route_emitter
and route_emitter_windows
- Added
internal_routes.enabled
: Experimental. When set totrue
, the route-emitter emits registration messages for internal service-discovery routes over the NATS message bus. - Added
loggregator.use_v2_api
: Whether to use the v2 Loggregator API when sending component metrics to the local metron agent. - Added
loggregator.v2_api_port
: Port for the v2 Loggregator API. - Added
loggregator.ca_cert
: CA certificate to use to validate the v2 Loggregator API connection to metron. - Added
loggregator.cert
: Certificate to present when connecting to the v2 Loggregator API. - Added
loggregator.key
: Private key for the v2 Loggregator API client.
ssh_proxy
- Added
loggregator.use_v2_api
: Whether to use the v2 Loggregator API when sending component metrics to the local metron agent. - Added
loggregator.v2_api_port
: Port for the v2 Loggregator API. - Added
loggregator.ca_cert
: CA certificate to use to validate the v2 Loggregator API connection to metron. - Added
loggregator.cert
: Certificate to present when connecting to the v2 Loggregator API. - Added
loggregator.key
: Private key for the v2 Loggregator API client.
BOSH link changes
None.