[INFO] Bi-Weekly Runtime PMC Notes 2017-09-20

Dieu Cao <dcao@...>

Hello all,

The Runtime PMC meets on a bi-weekly basis to share current status with
each other and notes are hosted in a repo here [1]
You'll find update notes there dating back to 2015!

Copying the updates from this weeks meeting [2] below to increase
visibility into current tracks of work and I plan to continue this with
future bi-weekly updates.

Would appreciate feedback on whether this is useful, spammy, or other

CF Runtime PMC Lead

[1] https://github.com/cloudfoundry/pmc-notes/tree/master/Runtime

Runtime PMC Meeting 2017-09-20

- Announcements
- PMC Lifecycle Activities
- Backlog Review

Lifecycle Activities

- Discussed inclusion of CFF Roadmap section at the end of these notes
that each PM will be responsible for keeping up to date for the week.
- Agreed to try it with the next bi-weekly PMC notes

- Dies Köper

- Released cf CLI 6.31.0 with Docker image support in the app
manifest. (Release
notes <https://github.com/cloudfoundry/cli/releases/tag/v6.31.0>)
- Planning to release late this week/early next week our experimental V3
commands (for multiple processes, granular push control and multiple
buildpack support). (Draft release notes
- Continuing work on V3 commands (v3-env, v3-unset-env) and preparation
for v3-ssh
- Expecting subsequent releases to apply user feedback, as well as
taking advantage of post-GA CC V3 API improvements.
- Progress on push refactor:
- Exploring calling back to old push implementation for outstanding
features so we can start releasing it for user evaluation (and in
particular, consumption by CATS and other test sets).
Outstanding push features
include app manifest with global attributes, "inherit" or route
other than "routes", as well as route related flags (-d, --hostname,
...). (Draft release notes
- Further out:
- Authentication with client id & secret (no user)
- TCP port range support for router groups. (Draft release notes
- Droplet upload
- Service instance sharing
- Last login time displayed on login

- Julz Friedman

- Let's get ready to rootless: rootless garden work complete, going to
attempt to enable feature flag on PWS and - if stable - will start
transitioning to this as new default.
- OCI phase one: still blocked on groot, hopefully unblocked tomorrow
then ready to be enabled experimentally.
- Sidecar containers: design document circulating, intend to incept on
this in next 2-3 weeks (taking the space opened up by completion of
rootless track)
- Umask-hardened stemcell compatibility: current release makes garden
compatible with umask-hardened stemcell, next garden release makes garden
fully take advantage of new umask hardening rules

- George Lestaris
couple of weeks

- Rootless: Still wrapping up some rough edges with rootless.
- Few things came up (thankfully) by having Garden fully integrate
with rootless GrootFS.
- Exploring the removal of the BTRFS driver from GrootFS.
- OCI Buildpacks: Spiking and working on integration with the blobstore
to have GrootFS download the droplets (part of OCI Buildpacks phase 1).
- Cache Management: Added some cache management metrics.
- grootfs create returns a partial OCI runtime spec JSON. This is part
of our last iteration on the Garden - Image Plugin interface.

couple of weeks

- Cache Management: We had a feature kickoff with the team today. We
should be able to complete the work for the new cache management
configuration in the next couple of weeks.
- OCI Buildpacks / Rootless: Last (rootless) story is currently
in-flight. We should be cutting a release after that. No new work on these
tracks is expected.

- Colin Jackson

- PR to cf-deployment for experimental windows 2016 opsfile.
- Found a technical difficulty with mounting SMB shares onto the host
and then through to Windows Server Containers. Exploring alternative
- Started work on backporting the buildpackapplifecycle to work on the
windows2012R2 stack for multi-buildpack support and credhub ref resolution.

- Eric Malm

- Running a Consul-independent environment in Diego CI: BOSH DNS, no
Consul service registrations or locks
- Integrated option to use BOSH Process Manager to containerize Diego
- Integrated latest Loggregator client as part of v2 adoption
- Fixed bug preventing Tasks from completing with Envoy present
- Upcoming:
- Start implementing APIs for rolling updates of LRPs
- Investigate rebalancing strategies for "boulder" app instance

- Shannon Coen

- Continuing support for TLS to backends and validation of app identity
- Working with Infrastructure team to enable config of IaaS networking,
firewall rules, and load balancers for dedicated routing to isolation
segments, using bbl

- Evan Farrar

- consul clients will not fail if the servers are scaled to zero to
support migration to BOSH DNS


- no changes

bosh-bootloader (a.k.a bbl)

- Exposing the terraform internals of BBL a little more
- Exposing more control over the bosh create-env, ops files, cloud
configs, etc
- Azure load balancers in flight
- Setting up an openstack env

Integration - David Sabeti

- Upcoming release will include cf-syslog-drain-release


- IaaS compatibility validated for vSphere and Azure
- cf-deployment has some early validation for BOSH DNS
- TCP Router deployed in cf-deployment by default


- Tasks are compatible with BOSH directors that include CredHub


- Improvements to logic for measuring log uptime when cells are draining


- Most widely-used app in CATs has been replaced with a Golang
application to reduce test flakiness
- ASG tests updated to be able to pass on Azure


- No update


- No update

- Valeria Perticara

- Fixing bug found during DB minor upgrade
- Investigating an issue with monit when start phase is long (due to
- Reinforcing client authentication configuration by optionally disable
the trust authentication for local connections
- Spiking on providing some hooks

- Geoff Franks

- Bugfix for the newly added cert_chain + private_key configuration
logic related to newlines, to make life easier for operators
- The TCP backends now consume the health_check_http link property,
failing back to values configured in the manifest (like other tcp backend
link properties).
- New release forthcoming to support mutual TLS on frontend + backend

- Marco Nicosia
- Adam Hevenor

- Renamed scalable syslog to cf-sylog-drain release and posted to bosh.io
- Cut several releases to allow for inclusion of cf-syslog-drain into
- Finalized several updates with our go-loggregator client
- one of these broke container metrics for users running cf app
- additional test coverage has been added to CATs for this
- Investigated the use of BOSH DNS instead of CONSUL
- Removing UDP from Doppler notice.
- Removing rsyslog configuration from Metron delayed.


- Experimental feature: container metrics in syslog drains.
- Defining an event type for Loggregator v2

Operator/Developer Feedback:

- We are seeking feedback about potential large feature narratives.
Please get in touch if you have particular pain points or ideas.

We are looking for opreator feedback.
- Sree Tummidi

- UAA 4.6.0 released. Detail here
- UAA Docs are live @ http://docs.cloudfoundry.org/uaa/index.html
- In Progress
- Performance & Scaling Metrics
- Multifactor Auth with Google Authenticator
- Read Only Mode for UAA API

- Zach Robinson

- Working on support for service brokers that use Credhub to store
service bindings and service keys
- Working on scripts to provide BBR functionality for CCDB

API - Matthew McNeeney

- Designed a number of CC API endpoint options for service instance
sharing and discussing with CAPI team which one to proceed with
- Changed service broker catalog validation logic to stop requiring "type":
"object" and $schema fields to improve support for service authors
wanting to use draft 6 of JSON schema (instead of the recommended draft 4)
- Added a context object to the request made to service brokers to
create new service bindings (contains platform-specific information -
space_guid and organization_guid)
- Updated CC API documentation to include schemas
<https://github.com/cloudfoundry/cloud_controller_ng/pull/890> changes

- Chris Brown

- Added a feature flag to CC which causes it to use perm
- Send all of the new role assignments to perm (un-assignments not done
- Investigated the cf-mgmt tool which customers are using at the moment

Next steps:

- Send all un-assignments to perm too
- Persist the assignments in perm
- Migrate existing assignments to perm in the background

- Julian Hjortshoj

- 95% complete on BBR changes (blocked on CAPI for final commits)
- First pass of POC level Container Storage Interface implementation is
done and passing our acceptance tests end-to-end
- Microsoft has completed legal review of their CIFS/SMB volume release
for Azure and is ready to donate that to CFF. We will work with them to get
it into the cloudfoundry org and tested in a CI pipeline here. We will also
look at making a separate broker for mounting existing shares (like we have
for NFS)

Networking - Usha Ramachandran

- Working on a technical design document for polyglot service discovery
- Spike on using BOSH DNS for service discovery
- Added support for rootless mode and completed transitioning tests to
use the CLI instead of plugin

- Simon Moser

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.