Cloud Foundry Release Notes Report: January – March 2019
Hello Cloud Foundry community! In case you didn’t know, there are a lot of different project teams working on Cloud Foundry, who are constantly pushing out a ton of new technical features and fixes in myriad releases. This can be a lot to keep track of, so we thought it might be valuable to compile a semi-comprehensive list of these features on a quarterly basis.
We’ve pored over the release notes of the major CF projects and attempted to highlight some important features that came out in the first quarter of 2019.
As this is the first time we’ve done this, we’d love your feedback! Please let us know if you find this valuable, if there are ways we can improve, or if you see any glaring omissions. Note these are releases from January, February and March of this year only.
Cloud Foundry Application Runtime
- Consistent download experience similar to init containers as opposed to tar files from docker image.
- Continued interoperability efforts; support for containerd clients.
Cloud Foundry API
- The v3 Acceleration Team sought feedback on proposals for resources to be exposed on the v3 API. Read about that here.
- CAPI team announced App Container Metrics Changes. They also requested feedback on newly written documentation which gives operators some guidance regarding when and how to scale their Cloud Controllers (and related jobs in capi-release). See: “Scaling Cloud Controller.”
- Cloud Foundry users that are evaluating or considering a service mesh approach for networking can now use cloud controller API to define and deploy sidecars to their Cloud Foundry environment.
- Perform selective backups to reduce the size of backup artifacts.
- Added ability to roll back to a previous app revision.
- Service brokers can now set polling intervals and maximum polling durations for how often and for how long the platform will poll the broker during an operation.
- Logcache requests for container metrics should have retry logic. This mitigates push downtime during logcache upgrades.
- Ability to create a revision for an app when a new droplet is deployed and/or environment variables are applied and deployed.
- App Metrics can now be correlated for multiple processes into a single app.
Cloud Foundry CLI
- Multi-Service Registration allows users from multiple spaces within one Cloud Foundry org to use services with the same name. The two primary benefits of multi-service registration are:
- Development teams can try out different Service Brokers for development (databases are commonly used) and register these as space-scoped.
- Different lines of business in company can register the same service broker (but using different credentials for billing purposes) into their Cloud Foundry orgs or spaces.
- Container to Container feature for cf add-network-policy to enable adding network policies between spaces.
- cf curl supports –fail flag to help developers easily identify server errors.
- cf delete-orphaned-routes ensures that when two users are simultaneously deleting orphaned route, it uses a different endpoint to eliminate race condition, thereby ensuring they do not associate currently orphaned routes with applications.
- cf-services now faster as it hits a single endpoint, instead of making individual API calls.
- Revised “minimum version policy” means CF CLI now supports C API 2.100 /3.35.
- The Routing and CF Networking projects have merged into one, Networking. Read about this here.
- The Routing component logs have been changed to have a more human readable timestamp. Read about that here.
- Supports Go 1.11.5.
Operator Experience Enhancements:
- cf-tcp-router now supports seamless reloads, ensuring that none of the tcp routes receive a connection reset error during reload.
- URL parsing enhancement ignores any characters such as # or % when a request reaches the go router the second time. Instead of the users receiving Failed to validate Route Service Signature error message, the parsed url is delivered correctly.
- cf-tcp-router, route-registrar, and routing-api components format the timestamps in their logs in human-readable format rather than the machine-friendly Unix epoch timestamp.
- Cloud providers do not always include a valid hostname in their database server certification, which makes it challenging for operators managing a multi-cloud environment. Operator can now ensure that components validate that they are not or can be configured to skip checking hostname of the server certificate when connecting via TLS to external database.
- Request timeouts are now aligned with Istio default setting of 15 seconds without having to wait for longer time period for a request to be processed. The timeout default might be made editable in the future releases.
Operator Experience (and Performance benefit):
- Envoy sidecar memory restrictions prevent operators from running many apps simultaneously. Cloud Foundry operators can now disable stats logging (as these metrics are not used anywhere by Cloud Foundry) to scale to 1000s of applications.
Performance and Security benefit:
- Operators can also scale the number of applications deployed without having to worry about running out of resources as only internal routes are published to sidecar envoys and external routes are published to the envoy gateway.
- There is now a Contributors guide to help those in Cloud Foundry community that would like to start contributing to istio-release project. https://github.com/cloudfoundry/istio-release#contributing-to-istio-release
- On Azure, operators can use Azure availability zone (AZ) fault domains to point BOSH AZs to point to Azure AZs to prevent application downtime when the AZ goes down.
- (related to the networking-istio update) Temporarily disabled stats logging to ensure scale and performance.
- Access to more metrics (per-request-type request rate and API endpoint latency, number of cells flagged by BBS as present/missing, etc.) to operators to identify anomaly in cell behavior or to understand control plane instability in the Cloud Foundry environment.
- BBS will now always generate suspect actual LRPs (long running processes) when the cell for the actual LRP temporarily loses its presence for increased routing stability.
- Diego now supports schema version 1 and 2 so that app developers using Docker image registries can ensure Docker image staging to request schema version 2 image manifests along with schema 1 manifests. This helps the app developers to stage images from Docker registries that support only this version of manifests.
- Eirini is now available as tech preview with IBM Cloud.
- Project team is working on fully native staging.
- Support BOSH workflows for operators to reduce development burden.
- Added support for containerd logs.
- Creates garden directory on start, if it doesn’t exist.
- Merged containerd job into a garden job.
- The new experimental CPU entitlement plugin exposes an actionable cpu metric that users can understand and auto-scale on.
HAProxy BOSH Release
- HAProxy uses BPM
- Default value for the haproxy keep-alive timeout is now 6 seconds to improve compatibility with various HTTP clients.
- For AWS deployments, bbl switches from classic load balancers (CLBs) to network load balancers.
- Improved support to openstack deployment
- The loggregator team announced the removal of the /containermetrics endpoint on the loggregator_trafficcontroller. Same for the /firehose endpoint.
- Compatibility with the latest Ruby buildpack
- upgrades PostgreSQL version to 11.2
- Foundations currently backed by cf-mysql must migrate to PXC. New foundations or existing foundations that use an external database or postgres can skip the migration.
- cflinuxfs3 replaces cflinuxfs2 as default stack.
- Use 10 reservable ports instead of 100 to reduce the spending on public IaaS resources.
- nginx-buildpack and R-Buildpack releases for cflinuxfs3 available.
- SMB volume service is now generally available.
User Account & Authentication
- Unit tests can now run in parallel. The updates also address test pollution. This reduced the test execution time by 400+%.
The BOSH PMC is now holding monthly meetings! 8am PST on the third Thursday of each month. Read about that here, and the PMC Notes repository (hot tip: this is also a great resource for keeping up with changes in other PMC projects). The BOSH team has announced the removal of support for v1 manifests, and has asked for feedback on this.
- BOSH Backup and Restore is the recommended way to orchestrate the backup and restore of BOSH directors and deployments. Accordingly, we removed the deprecated backup and restore feature of the director, and the /backup and /restore API endpoints (#163435459)
- Add exported_from to releases array for specifying exact stemcell used in compilation (#163832588)
- Enable operators to see all configs, not just active configs (#161907105)
- enable_post_deploy now defaults to true (#161970878)
- When draining director, allow urgent tasks to run until all other tasks are idle (#163869051)
- Improve visibility into the time spent during a deploy (#161975698)
- Stratos cut one release with dozens of improvements and bug fixes. Check out the release notes for V2.3 for a full rundown.
- Some highlights include:
- The Buildpack team announced the end of support for various buildpack dependencies. The .NET buildpack will no longer include any version of .NET Core v2.0.x, as these .NET Core versions are no longer supported upstream. Read about that here. The newer version of the PHP buildpack will no longer include PHP v5.0.x or v7.0.x. Read about that here. Go versions 1.8x and 1.9x. Here. Node v6.x will no longer be supported, and the default version in the Node Buildpack will now be v10.x. Read about that here.
- Performance improvements and reduced memory footprint: CF Dev can now install and start in under 30 minutes and with 5 GB RAM. Start with no services -s none in 15 minutes. Reduced storage: now requires 50G disk space.
- Add cf dev deploy-service command which allows the ad hoc deployment of services.
- v0.19.0 includes a complete refactoring of CF Local and forge to use packs. Packs are buildpack builder images that provide a simple, generic, image-based interface for using buildpacks with a variety of tools that support Docker images.
- Log files created when using BBR to do a multi-deployment backup can now be read while BBR is running
- Release authors can now tell BBR to backup from one instance of a job (bootstrap node) and restore to all instances by using the BOSH property bbr.backup_one_restore_all.
- Release authors can now specify job dependencies for BOSH director jobs using the metadata hook.