1.54.0

1.54.0

Release Date: July 31, 2024

Changes

• Bump to golang 1.22.5
• Bump libnftnl to 1.2.8

✨ Built with go 1.22.5

Full Changelog: v1.53.0...v1.54.0

Resources

• Download release 1.54.0 from bosh.io.

1.53.0

Changes

• DEPRECATION NOTICE The garden.experimental_use_containerd_mode_for_processes property and usage of Garden when run in containerd mode for processes is now deprecated and no longer tested.
• DEFAULT CHANGE - The default mode for garden containers is now containerd. This has been the default in cf-deployment since 2018.
• REMOVAL OF EXPERIMENTAL FUNCTIONALITY NOTICE The experimental option to run the garden server process in rootless mode has been removed, as it did not work as expected and was an abandoned feature.
• Go package dependency bumps

Bosh Job Spec changes:

diff --git a/jobs/garden-binaries/spec b/jobs/garden-binaries/spec
index 0433639a..a8a96bae 100644
--- a/jobs/garden-binaries/spec
+++ b/jobs/garden-binaries/spec
@@ -15,7 +15,6 @@ packages:
   - grootfs
   - xfs-progs
   - thresholder
-  - netplugin-shim
   - dontpanic
   - tini
 
diff --git a/jobs/garden/spec b/jobs/garden/spec
index 027df351..093e53e1 100644
--- a/jobs/garden/spec
+++ b/jobs/garden/spec
@@ -36,7 +36,6 @@ packages:
   - grootfs
   - xfs-progs
   - thresholder
-  - netplugin-shim
   - dontpanic
   - tini
 
@@ -199,10 +198,6 @@ properties:
     description: AppArmor profile to use for unprivileged container processes
     default: garden-default
 
-  garden.experimental_rootless_mode:
-    description: A boolean stating whether or not to run garden-server as a non-root user
-    default: false
-
   # We believe this defaults to false to help concourse: https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.5.0
   # For diego/cf, this should be set to true
   garden.cleanup_process_dirs_on_wait:
@@ -210,8 +205,8 @@ properties:
     default: false
 
   garden.containerd_mode:
-    description: "Use containerd for container lifecycle management. NOTE: cannot be used in combination with bpm or rootless"
-    default: false
+    description: "Use containerd for container lifecycle management. NOTE: cannot be used in combination with bpm"
+    default: true
 
   garden.tcp_keepalive_time:
     description: Sets the `net.ipv4.tcp_keepalive_time` kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
@@ -229,7 +224,7 @@ properties:
     description: Sets the `net.ipv4.tcp_retries2` kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
 
   garden.experimental_use_containerd_mode_for_processes:
-    description: "(Under development) Use containerd for container process management. Must be used with containerd_mode also set to true. NOTE: cannot be used in combination with bpm or rootless"
+    description: "(Deprecated) No longer used/tested."
     default: false
 
   garden.experimental_cpu_throttling:
diff --git a/jobs/gats/spec b/jobs/gats/spec
index 916a35eb..065e3ace 100644
--- a/jobs/gats/spec
+++ b/jobs/gats/spec
@@ -22,12 +22,6 @@ properties:
   garden_test_rootfs:
     description: Test rootfs to use
     default: 'docker:///cloudfoundry/garden-rootfs'
-  containerd_for_processes:
-    description: Run GATS with CONTAINERD_FOR_PROCESSES_ENABLED
-    default: false
-  rootless:
-    description: Run GATS with ROOTLESS env var
-    default: false
   cpu_throttling:
     description: Run GATS with CPU_THROTTLING_ENABLED
     default: false

✨ Built with go 1.22.3

Full Changelog: v1.52.0...v1.53.0

Resources

• Download release 1.53.0 from bosh.io.

1.52.0

Changes

• Bump Golang to 1.22

✨ Built with go 1.22.2

Full Changelog: v1.51.0...v1.52.0

Resources

• Download release 1.52.0 from bosh.io.

1.51.0

Changes

• Bumped Golang to 1.21.8
• Golang package dependency bumps
• Many updates to get codebase passing the staticcheck linker
• Updated garden-integration-tests to be a little less flakey

✨ Built with go 1.21.8

Full Changelog: v1.50.0...v1.51.0

Resources

• Download release 1.51.0 from bosh.io.

1.50.0

Changes

• Adds grootfs.routine_gc property, which allows operators to configure garden to grootfs to clean up unused container image layers whenever new containers are created.
  • Previously, to achieve this, operators had to set grootfs.reserved_space_for_other_jobs_in_mb to the same value as the ephemeral disk, which is not always easy to obtain programatically.
• Bump go dependencies

Bosh Job Spec changes:

diff --git a/jobs/garden/spec b/jobs/garden/spec
index c84b5c43..027df351 100644
--- a/jobs/garden/spec
+++ b/jobs/garden/spec
@@ -292,6 +292,10 @@ properties:
   grootfs.tls.ca_cert:
     description: "PEM-encoded tls client CA certificate for asset upload/download"
 
+  grootfs.routine_gc:
+    description: "Set to true if you want grootfs to perform garbage collection on unused container image layers whenever a new container is created."
+    default: false
+
   grootfs.reserved_space_for_other_jobs_in_mb:
     description: "Amount of space that will be kept free for other jobs. The GrootFS store will be able to grow up to a maximum size of its disk minus this reserved space. Where the reserved space does not allow sufficient size for GrootFS to store container images and root filesystems (currently 15GB), the limit will be a soft limit, and garbage collection will attempt to keep disk space available for other jobs. -1 disables GC and allows GrootFS to potentially use the whole disk."
     default: 15360

✨ Built with go 1.21.7

Full Changelog: v1.49.0...v1.50.0

Resources

• Download release 1.50.0 from bosh.io.

1.49.0

Changes

• ✨guardian is a little more helpful when logging messages about containers that could not be killed, even after sending multiple SIGKILLs. In situations such as this, the only recourse is to reboot the VM, if the container processes are stuck in an unkillable state in the kernel. In addition to making this error stand out more, we've added a new metric for UnkillableContainers that guardian emits. When nonzero, there is a container that cannot be killed. See the CloudFoundrydocs for Component metrics for more info.
• Golang package dependency bumps
• Bumped to Golang 1.21.7

✨ Built with go 1.21.7

Full Changelog: v1.48.0...v1.49.0

Resources

• Download release 1.49.0 from bosh.io.

1.48.0

Changes

• 🔒runc + container have been bumped to address CVE-2024-21626
• ✈️Many updates to get garden-runc-release's CI configuration working in the wg-app-platform-runtime-ci repo Thank you @winkingturtle-vmw @ebroberson @MarcPaquette !!!
• Docs updates - Thank you @MarcPaquette !!!
• Many golang package dependency bumps

✨ Built with go 1.21.6

Full Changelog: v1.47.0...v1.48.0

Resources

• Download release 1.48.0 from bosh.io.

1.47.0

Changes

• Revert "Add max_containers bosh link

Bosh Job Spec changes:

diff --git a/jobs/garden/spec b/jobs/garden/spec
index abf22f8a..c84b5c43 100644
--- a/jobs/garden/spec
+++ b/jobs/garden/spec
@@ -45,11 +45,6 @@ provides:
   type: iptables
   properties:
   - garden.iptables_bin_dir
-  
-- name: max_containers
-  type: max_containers
-  properties:
-  - garden.max_containers
 
 properties:
   garden.listen_network:

✨ Built with go 1.21.5

Full Changelog: v1.46.0...v1.47.0

Resources

• Download release 1.47.0 from bosh.io.

1.46.0

Changes

• #314 - Add max_containers property. It is provided in a link so it is used in rep as well. Now you can increase containers past 250! Thanks @klapkov!
• #323 - Lots of refactoring by @winkingturtle-vmw, including the ability to run the test suite in parallel! Thank you!

Bosh Job Spec changes:

diff --git a/jobs/garden/spec b/jobs/garden/spec
index c84b5c43..abf22f8a 100644
--- a/jobs/garden/spec
+++ b/jobs/garden/spec
@@ -45,6 +45,11 @@ provides:
   type: iptables
   properties:
   - garden.iptables_bin_dir
+  
+- name: max_containers
+  type: max_containers
+  properties:
+  - garden.max_containers
 
 properties:
   garden.listen_network:
diff --git a/jobs/gats/spec b/jobs/gats/spec
index 4f59d675..916a35eb 100644
--- a/jobs/gats/spec
+++ b/jobs/gats/spec
@@ -19,6 +19,9 @@ properties:
   garden_port:
     description: Port Garden is listening on
     default: 7777
+  garden_test_rootfs:
+    description: Test rootfs to use
+    default: 'docker:///cloudfoundry/garden-rootfs'
   containerd_for_processes:
     description: Run GATS with CONTAINERD_FOR_PROCESSES_ENABLED
     default: false
@@ -28,6 +31,9 @@ properties:
   cpu_throttling:
     description: Run GATS with CPU_THROTTLING_ENABLED
     default: false
+  limits_test_uri:
+    description: Limists Test rootfs to use
+    default: 'docker:///busybox'
   windows_rootfs:
     description: URL to pull the windows rootfs from
     default: ""

✨ Built with go 1.21.5

Full Changelog: v1.45.0...v1.46.0

Resources

• Download release 1.46.0 from bosh.io.

1.45.0

Changes

• Resolved an issue where container networking statistics could not be retrieved for apps running in containers that did not have a bash executable. Thanks @JVecsei1!
• Removed the garden-healthchecker package after it had been removed from the boshrelease in v1.43.0

Bosh Job Spec changes:

diff --git a/jobs/garden/spec b/jobs/garden/spec
index 0d2a8fb4..c84b5c43 100644
--- a/jobs/garden/spec
+++ b/jobs/garden/spec
@@ -39,7 +39,6 @@ packages:
   - netplugin-shim
   - dontpanic
   - tini
-  - garden-runc-healthchecker
 provides:
 - name: iptables

✨ Built with go 1.21.4

Full Changelog: v1.44.0...v1.45.0

Resources

• Download release 1.45.0 from bosh.io.