cloudfoundry/diego-release v2.41.0

Diego v2.41.0

on GitHub

Resources

• Download release v2.41.0 from bosh.io.
• Verified with cloudfoundry/cf-deployment @ edd69407ed538b140526b654c47c2f3a84a197b7.

Changes from v2.40.0 to v2.41.0

Significant changes

Local Route Emitters

• As a CF operator, I expect the route-emitter to publish routing information for apps to NATS over TLS so I can be confident about the security of my foundation

Per-Instance Proxy

• Envoy proxy binary bumped to 373af7564f4e943112456bf40084a7f43d5e9d96

Windows Support

• Bugfix: rep-windows drain script swallows gocurl errors

App Logging and Metrics

• cloudfoundry/executor #50: Send cpu spike metric on every reporter interation
• As an app dev, I can see my app has spiked in the past even when log-cache no longer has metrics that old

Component Logging and Metrics

• As a cf operator I want the "lock loss" log messages to be obvious/clear so I'm not confused by or ignore these important messages and I take appropriate action when they occur
• As a platform operator I want to observe the bbs master election metric as part of the bbs indicator dashboard so that I can take appropriate action if/when the bbs master is swapping outside of platform upgrades
• add logging in the rep when curling for azure metadata fails

Dependencies

• bump NATS go client in diego-release
• Bump go to 1.13.4

Test Suites and Tooling

• Migrate BenchmarkBBS to consume instance events because the non-instance events are deprecated
• Bugfix: inigo should clean up test artifacts in the temp directory etc. after it finishes

Documentation

• As a CF operator, I would like a document that describes the process for rotating the Diego intermediate instance identity ca cert and CF application ca cert so I can reliably rotate the certs in my foundation without application downtime
• As a platform operator I want to know which KPIs/metrics/platform-behaviors would indicate diego component/jobs, other than diego-cell, should be scaled up/out so that I can maintain optimum platform health

BOSH property changes

route_emitter and route_emitter_windows

• diego.route_emitter.nats.tls.enabled - Enables route_emitter to connect to NATS server via TLS (default value: false)
• diego.route_emitter.nats.tls.client_cert - PEM-encoded certificate for the route-emitter to present to NATS for verification when connecting via TLS
• diego.route_emitter.nats.tls.client_key - PEM-encoded private key for the route-emitter to present to NATS for verification when connecting via TLS