Changes from v1.34.0 to v1.35.0
- Verified with garden-runc-release v1.11.1.
- Verified with garden-windows-bosh-release v0.13.0.
- Verified with etcd-release v117.
- Verified with cf-mysql-release v35.
- Verified with cflinuxfs2-release v1.187.0.
IMPORTANT: This version of diego-release is the last in the v1.x series, and we plan to release v2.0.0 as our next release with some breaking changes to job properties. We will also use the major version as license to remove some API endpoints and fields that have been deprecated since Diego v1.0.0. Please see the v2.0.0 proposal that was circulated on the cf-dev mailing list for more details. Users of cf-deployment will already be prepared to adopt these changes.
Significant changes
BBS API
- As a Diego operator, I expect to be able to configure the BBS to have a larger number of file descriptors so it can operate successfully in very large environments
- As a CF operator, I expect to see a complete list of the BBS API endpoints and fields deprecated before Diego v1.0.0 so that I can verify no other deployments are using them before upgrading to Diego v2.0.0
- As a Diego BBS API client, I expect BBS API fields that are no longer relevant to Diego v1.0.0 deployments to be deprecated so that I can stop using them
Container Placement
- As a Diego operator, I expect to see more complete cell and instance identifiers in the state response so that I can understand the live state of the cell and its workload
- As a Diego operator, I expect the auctioneer to validate that the cell state response comes from the intended cell so that it does not make placement decisions with incorrect information about the available cells
Container Execution
cfdot
Instance Identity Credentials
Volume Support
- volman gets csi plugin identity from the csi identity service
- make volman/voldriver units work on windows as well as ubuntu
- volman driver discovery doesn't appear to recover if a driver connection hangs
- csi local pats failing on missing VolumeAttributes
v2 Loggregator API Adoption
Per-Instance Proxy (Experimental)
Test Suites and Tooling
- sync-submodule-config should run in CI
- As a Diego contributor, I expect to be able to run the initial or latest vizzini test suite against a locally deployed Diego with different combinations of v1.25.2 and latest components
- Investigate port allocation flake in units/inigo
- increase the wait time for processes in inigo and dusts
- Remove "HTTP" mode simulation test and related code
Security
- As a Diego operator, I expect to be able to opt the cell rep into using the new TLS BOSH properties for all HTTP client and server communication
- As a Diego operator, I expect the Diego cell to fail to deploy if the Diego cell opts into requiring TLS for its admin API but does not contain the correct SAN metadata in its TLS certificate
Documentation
BOSH job changes
None.
BOSH property changes
auctioneer
diego.auctioneer.bbs.require_ssl
is deprecated and will be removed in Diego v2.diego.auctioneer.dropsonde_port
is deprecated and will be removed in Diego v2.
bbs
- Added
limits.open_files
: Number of open files (including sockets) that each BBS API instance may hold open. Defaults to100,000
. diego.bbs.desired_lrp_creation_timeout
is deprecated and will be removed in Diego v2.diego.bbs.dropsonde_port
is deprecated and will be removed in Diego v2.diego.bbs.etcd.ca_cert
is deprecated and will be removed in Diego v2.diego.bbs.etcd.client_cert
is deprecated and will be removed in Diego v2.diego.bbs.etcd.client_key
is deprecated and will be removed in Diego v2.diego.bbs.etcd.client_session_cache_size
is deprecated and will be removed in Diego v2.diego.bbs.etcd.machines
is deprecated and will be removed in Diego v2.diego.bbs.etcd.max_idle_conns_per_host
is deprecated and will be removed in Diego v2.diego.bbs.etcd.require_ssl
is deprecated and will be removed in Diego v2.diego.bbs.require_ssl
is deprecated and will be removed in Diego v2.
benchmark-bbs
benchmark-bbs.bbs.require_ssl
is deprecated and will be removed in Diego v2.benchmark-bbs.etcd.ca_cert
is deprecated and will be removed in Diego v2.benchmark-bbs.etcd.client_cert
is deprecated and will be removed in Diego v2.benchmark-bbs.etcd.client_key
is deprecated and will be removed in Diego v2.benchmark-bbs.etcd.client_session_cache_size
is deprecated and will be removed in Diego v2.benchmark-bbs.etcd.machines
is deprecated and will be removed in Diego v2.benchmark-bbs.etcd.max_idle_conns_per_host
is deprecated and will be removed in Diego v2.benchmark-bbs.etcd.require_ssl
is deprecated and will be removed in Diego v2.
cfdot
diego.cfdot.bbs.use_ssl
is deprecated and will be removed in Diego v2.
file_server
- Added
loggregator.ca_cert
: CA certificate bundle to use to verify the local metron agent certificate. - Added
loggregator.cert
: Client certificate to present to the local metron agent for the v2 API. - Added
loggregator.key
: Private key associated to the v2 API client certificate. - Added
loggregator.use_v2_api
: Whether to use the v2 Loggregator API to emit component metrics. Defaults tofalse
. - Added
loggregator.v2_api_port
: Port on which to connect to the local metron agent for the v2 API. Defaults to3458
. diego.file_server.dropsonde_port
is deprecated and will be removed in Diego v2.
locket
dropsonde_port
is deprecated and will be removed in Diego v2.
rep
and rep_windows
- Added
use_v2_tls
: Whether to use thetls.ca_cert
,tls.cert
, andtls.key
for most of the rep's client and server communications, excepting the Loggregator v2 API and Consul. Also deprecated, to be removed in Diego v2, but added for the purpose of validating configuration before upgrading to v2. admin_api.require_tls
is deprecated and will be removed in Diego v2.diego.executor.export_network_env_vars
is deprecated and will be removed in Diego v2.diego.executor.instance_identity_ca_cert
is no longer experimental.diego.executor.instance_identity_private_key
is no longer experimental.diego.executor.instance_identity_validity_period_in_hours
is no longer experimental.diego.rep.bbs.ca_cert
is deprecated and will be removed in Diego v2 in favor oftls.ca_cert
.diego.rep.bbs.client_cert
is deprecated and will be removed in Diego v2 in favor oftls.cert
.diego.rep.bbs.client_key
is deprecated and will be removed in Diego v2 in favor oftls.key
.diego.rep.bbs.require_ssl
is deprecated and will be removed in Diego v2.diego.rep.ca_cert
is deprecated and will be removed in Diego v2 in favor oftls.ca_cert
.diego.rep.dropsonde_port
is deprecated and will be removed in Diego v2.diego.rep.enable_legacy_api_endpoints
is deprecated and will be removed in Diego v2, as the workload and admin APIs will always be on separate ports in Diego v2.diego.rep.listen_addr
is deprecated and will be removed in Diego v2 in favor ofdiego.rep.listen_addr_admin
anddiego.rep.listen_addr_securable
.diego.rep.require_tls
is deprecated and will be removed in Diego v2.diego.rep.server_cert
is deprecated and will be removed in Diego v2 in favor oftls.cert
.diego.rep.server_key
is deprecated and will be removed in Diego v2 in favor oftls.key
.
route_emitter
and route_emitter_windows
diego.route_emitter.bbs.require_ssl
is deprecated and will be removed in Diego v2.diego.route_emitter.dropsonde_port
is deprecated and will be removed in Diego v2.
ssh_proxy
diego.ssh_proxy.bbs.require_ssl
is deprecated and will be removed in Diego v2.diego.ssh_proxy.dropsonde_port
is deprecated and will be removed in Diego v2.
vizzini
vizzini.bbs.require_ssl
is deprecated and will be removed in Diego v2.
BOSH link changes
None.