Re: [INFO] Bi-Weekly Runtime PMC Notes 2017-09-20


Simon D Moser
 

late to the party ... added the bits-service part in the end



From: Dieu Cao <dcao(a)pivotal.io>
To: cf-dev <cf-dev(a)lists.cloudfoundry.org>
Date: 21/09/2017 10:11
Subject: [cf-dev] [INFO] Bi-Weekly Runtime PMC Notes 2017-09-20



Hello all,

The Runtime PMC meets on a bi-weekly basis to share current status with
each other and notes are hosted in a repo here [1]
You'll find update notes there dating back to 2015!

Copying the updates from this weeks meeting [2] below to increase
visibility into current tracks of work and I plan to continue this with
future bi-weekly updates.

Would appreciate feedback on whether this is useful, spammy, or other
suggestions/comments.

-Dieu
CF Runtime PMC Lead

[1] https://github.com/cloudfoundry/pmc-notes/tree/master/Runtime
[2]
https://github.com/cloudfoundry/pmc-notes/blob/master/Runtime/2017/2017-09-20-runtime.md
-----

Runtime PMC Meeting 2017-09-20
Agenda
Announcements
PMC Lifecycle Activities
Backlog Review
Announcements
PMC Lifecycle Activities
Discussion
Discussed inclusion of CFF Roadmap section at the end of these notes that
each PM will be responsible for keeping up to date for the week.
Agreed to try it with the next bi-weekly PMC notes
Backlog Reviews
CLI - Dies Köper
Released cf CLI 6.31.0 with Docker image support in the app manifest. (
Release notes)
Planning to release late this week/early next week our experimental V3
commands (for multiple processes, granular push control and multiple
buildpack support). (Draft release notes)
Continuing work on V3 commands (v3-env, v3-unset-env) and preparation for
v3-ssh
Expecting subsequent releases to apply user feedback, as well as taking
advantage of post-GA CC V3 API improvements.
Progress on push refactor:
Exploring calling back to old push implementation for outstanding features
so we can start releasing it for user evaluation (and in particular,
consumption by CATS and other test sets). Outstanding push features
include app manifest with global attributes, "inherit" or route attributes
other than "routes", as well as route related flags (-d, --hostname, ...).
(Draft release notes)
Further out:
Authentication with client id & secret (no user)
TCP port range support for router groups. (Draft release notes)
Droplet upload
Service instance sharing
Last login time displayed on login
Garden - Julz Friedman
Let's get ready to rootless: rootless garden work complete, going to
attempt to enable feature flag on PWS and - if stable - will start
transitioning to this as new default.
OCI phase one: still blocked on groot, hopefully unblocked tomorrow then
ready to be enabled experimentally.
Sidecar containers: design document circulating, intend to incept on this
in next 2-3 weeks (taking the space opened up by completion of rootless
track)
Umask-hardened stemcell compatibility: current release makes garden
compatible with umask-hardened stemcell, next garden release makes garden
fully take advantage of new umask hardening rules
GrootFS - George Lestaris
Past couple of weeks
Rootless: Still wrapping up some rough edges with rootless.
Few things came up (thankfully) by having Garden fully integrate with
rootless GrootFS.
Exploring the removal of the BTRFS driver from GrootFS.
OCI Buildpacks: Spiking and working on integration with the blobstore to
have GrootFS download the droplets (part of OCI Buildpacks phase 1).
Cache Management: Added some cache management metrics.
grootfs create returns a partial OCI runtime spec JSON. This is part of
our last iteration on the Garden - Image Plugin interface.
Next couple of weeks
Cache Management: We had a feature kickoff with the team today. We should
be able to complete the work for the new cache management configuration in
the next couple of weeks.
OCI Buildpacks / Rootless: Last (rootless) story is currently in-flight.
We should be cutting a release after that. No new work on these tracks is
expected.
Garden-Windows - Colin Jackson
PR to cf-deployment for experimental windows 2016 opsfile.
Found a technical difficulty with mounting SMB shares onto the host and
then through to Windows Server Containers. Exploring alternative
solutions.
Started work on backporting the buildpackapplifecycle to work on the
windows2012R2 stack for multi-buildpack support and credhub ref
resolution.
Diego - Eric Malm
Running a Consul-independent environment in Diego CI: BOSH DNS, no Consul
service registrations or locks
Integrated option to use BOSH Process Manager to containerize Diego jobs
Integrated latest Loggregator client as part of v2 adoption
Fixed bug preventing Tasks from completing with Envoy present
Upcoming:
Start implementing APIs for rolling updates of LRPs
Investigate rebalancing strategies for "boulder" app instance placement
Routing - Shannon Coen
Continuing support for TLS to backends and validation of app identity
Working with Infrastructure team to enable config of IaaS networking,
firewall rules, and load balancers for dedicated routing to isolation
segments, using bbl
Infrastructure - Evan Farrar
consul-release
consul clients will not fail if the servers are scaled to zero to support
migration to BOSH DNS
etcd-release
no changes
bosh-bootloader (a.k.a bbl)
Exposing the terraform internals of BBL a little more
Exposing more control over the bosh create-env, ops files, cloud configs,
etc
Azure load balancers in flight
Setting up an openstack env
Release Integration - David Sabeti
cf-release
Upcoming release will include cf-syslog-drain-release
cf-deployment
IaaS compatibility validated for vSphere and Azure
cf-deployment has some early validation for BOSH DNS
TCP Router deployed in cf-deployment by default
cf-deployment-concourse-tasks
Tasks are compatible with BOSH directors that include CredHub
uptimer
Improvements to logic for measuring log uptime when cells are draining
cf-acceptance-tests
Most widely-used app in CATs has been replaced with a Golang application
to reduce test flakiness
ASG tests updated to be able to pass on Azure
cf-smoke-tests
No update
nats-release
No update
postgres-release - Valeria Perticara
postgres-release
Fixing bug found during DB minor upgrade
Investigating an issue with monit when start phase is long (due to
upgrade)
Reinforcing client authentication configuration by optionally disable the
trust authentication for local connections
Spiking on providing some hooks
HAProxy - Geoff Franks
Bugfix for the newly added cert_chain + private_key configuration logic
related to newlines, to make life easier for operators
The TCP backends now consume the health_check_http link property, failing
back to values configured in the manifest (like other tcp backend link
properties).
New release forthcoming to support mutual TLS on frontend + backend
connections
MySQL - Marco Nicosia
Loggregator - Adam Hevenor
Renamed scalable syslog to cf-sylog-drain release and posted to bosh.io
Cut several releases to allow for inclusion of cf-syslog-drain into
cf-release
Finalized several updates with our go-loggregator client
one of these broke container metrics for users running cf app
additional test coverage has been added to CATs for this
Investigated the use of BOSH DNS instead of CONSUL
Removing UDP from Doppler notice.
Removing rsyslog configuration from Metron delayed.
Upcoming:
Experimental feature: container metrics in syslog drains.
Defining an event type for Loggregator v2
Operator/Developer Feedback:
We are seeking feedback about potential large feature narratives. Please
get in touch if you have particular pain points or ideas.
We are looking for opreator feedback.
UAA - Sree Tummidi
UAA 4.6.0 released. Detail here
UAA Docs are live @ http://docs.cloudfoundry.org/uaa/index.html
In Progress
Performance & Scaling Metrics
Multifactor Auth with Google Authenticator
Read Only Mode for UAA API
CAPI - Zach Robinson
Working on support for service brokers that use Credhub to store service
bindings and service keys
Working on scripts to provide BBR functionality for CCDB
Services API - Matthew McNeeney
Designed a number of CC API endpoint options for service instance sharing
and discussing with CAPI team which one to proceed with
Changed service broker catalog validation logic to stop requiring "type":
"object" and $schema fields to improve support for service authors wanting
to use draft 6 of JSON schema (instead of the recommended draft 4)
Added a context object to the request made to service brokers to create
new service bindings (contains platform-specific information - space_guid
and organization_guid)
Updated CC API documentation to include schemas changes
Permissions - Chris Brown
Added a feature flag to CC which causes it to use perm
Send all of the new role assignments to perm (un-assignments not done
yet!)
Investigated the cf-mgmt tool which customers are using at the moment
Next steps:
Send all un-assignments to perm too
Persist the assignments in perm
Migrate existing assignments to perm in the background
PERSI - Julian Hjortshoj
95% complete on BBR changes (blocked on CAPI for final commits)
First pass of POC level Container Storage Interface implementation is done
and passing our acceptance tests end-to-end
Microsoft has completed legal review of their CIFS/SMB volume release for
Azure and is ready to donate that to CFF. We will work with them to get it
into the cloudfoundry org and tested in a CI pipeline here. We will also
look at making a separate broker for mounting existing shares (like we
have for NFS)
Container Networking - Usha Ramachandran
Working on a technical design document for polyglot service discovery
Spike on using BOSH DNS for service discovery
Added support for rootless mode and completed transitioning tests to use
the CLI instead of plugin
Bits-Service - Simon Moser
reworked OPS-files for cf-deployment for bits-service to work around a
BOSH limitation for now
publish bits-releases into github so CAPI pipeline can pick then up
various smaller bug fixes

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.