|
Re: Feature Narrative: Fine-granular & custom platform roles for Cloud Foundry
Peter Burkholder
This is really a promising step. cloud.gov uses "service accounts", https://cloud.gov/docs/services/cloud-gov-service-account/, which are implemented with: https://github.com/cloudfoundry-community/uaa-credentials-broker. Usually these are used in CI/CD systems for deployments. The service accounts are way too over-powered using the Developer role, so this is a great step to scoping deployer accounts to, well, deployments in a CD system. However, I think the Operator account is too restrictive for any real human operator, and too expansive for a CI deployer account. I'd like to see Operator renamed to Deployer and have some further rights removed, like viewing other spaces or or other users and roles, perhaps. Or if there's a real need for the Operator role, then maybe add yet another role for Deployers (but that seems to be getting into IAM-level scope creep). --Peter On Wed, Dec 2, 2020 at 11:27 AM Klevenz, Stephan <stephan.klevenz@...> wrote:
-- - Peter Burkholder | cloud.gov compliance & security please use cloud-gov-compliance@... for cloud.gov matters |
|||||
|
|
|||||
|
Feature Narrative: Fine-granular & custom platform roles for Cloud Foundry
Klevenz, Stephan <stephan.klevenz@...>
Hi CF,
Here is a feature narrative and it is called "Fine-granular & custom platform roles for Cloud Foundry".
https://docs.google.com/document/d/1isfsSWvF8xDU0G69k4MqB3o5c2vB0P3Vbi79W0yvqFQ/edit?usp=sharing
This proposal is the result of direct feedback we have received from many CF users. It addresses the problem that every space developer can delete a service. And there may be important data attached to this service. Oops. Comments, feedback, suggestions, and questions very welcome and appreciated!
Regards, Stephan
|
|||||
|
|
|||||
|
CF Contributor Survey
Chris Clark
Dear Cloud Foundry community, If you could, please fill out this very short survey for the Cloud Foundry Foundation! This is an opportunity for you to speak your mind about the direction of Cloud Foundry, the job the CFF has been doing this year, and anything else that might be on your mind. This is for everyone, not just CF committers, and it should just take 2-3 minutes. Oh, and a hearty congratulations on getting through 11 months of 2020. https://www.surveymonkey.com/r/ZGS7BNW Chris Clark Technical Operations Manager Cloud Foundry Foundation |
|||||
|
|
|||||
|
Re-usable Concourse Tasks
Daniel Jones
Hi folks, Slightly off-topic, but I know a lot of you use Concourse. We've made a an open source repo of small, reusable, side-effect-free Concourse tasks: https://github.com/EngineerBetter/concourse-tasks These are tested using a YAML-based spec and associated test runner called Ironbird. It has a few rough edges, but it allows folks to test simple tasks without needing to know Ginkgo, or break out a 'proper' programming language. I got annoyed when I realised that EngineerBetter must have collectively written a 'tar the files' task about a bazillion times, often without tests because "it's just a tar task, how hard can it be?" When you're deploying critical infrastructure, that's not good enough, and I'm sure everyone on this mailing list knows how frustrating it is when a simple task fails at the end of a four-hour infrastructure pipeline. Anyway, I thought you might find the above useful. Contributions are very welcome, and perhaps if we all contribute to the same repo, we can achieve economies of scale, make our pipelines a bit more robust, and avoid duplicated effort. Regards, Daniel 'Deejay' Jones - CEO +44 (0)79 8000 9153 EngineerBetter Ltd - More than cloud platform specialists |
|||||
|
|
|||||
|
Re: CF Bi-Weekly Roundup
Chris Clark
Hi folks, Reminder: there are a ton of great talks from CF Summit live now on YouTube. From the Last Few Weeks:
Notable Releases:
|
|||||
|
|
|||||
|
CFF Technical Governance Working Group - Call for participation
Chip Childers <cchilders@...>
|
|||||
|
|
|||||
|
Re: Thoughts on cf-for-k8s Use Cases
Daniel Jones
Thanks for the clarifications! I think in my narrow perspective I forgot that y'all probably have a lot of other things to manage, so you really do get economies of scale from internal Kubernetes knowledge. Regards, Daniel 'Deejay' Jones - CEO +44 (0)79 8000 9153 EngineerBetter Ltd - More than cloud platform specialists On Mon, 16 Nov 2020 at 07:58, Simon D Moser <smoser@...> wrote: +1 to what Bernd wrote - this exactly echoes my thinking as well on the points made |
|||||
|
|
|||||
|
Re: Thoughts on cf-for-k8s Use Cases
Simon D Moser
+1 to what Bernd
wrote - this exactly echoes my thinking as well on the points made
Mit freundlichen Grüßen / Kind regards Simon Moser Senior Technical Staff Member / IBM Master Inventor Bluemix Application Platform Lead Architect Dept. C727, IBM Research & Development Boeblingen ------------------------------------------------------------------------------------------------------------------------------------------- IBM Deutschland Research & Development GmbH Schoenaicher Str. 220 71032 Boeblingen Phone: +49-7031-16-4304 Fax: +49-7031-16-4890 E-Mail: smoser@... ------------------------------------------------------------------------------------------------------------------------------------------- Vorsitzender des Aufsichtsrats: Gregor Pillen Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 ******* ITIL has led people to think in siloes ("go fix change management"). Project Management has led people to think in finite units of work instead of streams of product. Both are fundamental dysfunctions of the framework model, not failures of execution. ⁃ Rob England From: "Krannich, Bernd" <bernd.krannich@...> To: "cf-dev@..." <cf-dev@...> Date: 16/11/2020 08:15 Subject: [EXTERNAL] Re: [cf-dev] Thoughts on cf-for-k8s Use Cases Sent by: cf-dev@... Hi Daniel, Thank you very much for your additional questions....
Hi Daniel,
Thank you very much for your additional questions. Let me try and answer some of them from my perspective (this is me talking, not necessarily the “official voice” of my employer):
> It sounds like there are a lot of overheads for SAP in adopting cf-for-k8s. More operational complexity managing many clusters, and then the effort of migrating from cf-for-VMs to the new world. Is this all worth it?
We actually approach the topic from a different angle: We have much more to manage than „just“ CF – but many other services – and so the question for us is which common layers we establish as basis for our offering. One decision SAP has taken (and I hear that VMware, IBM, and Suse aren’t maybe that much different) is to use Kubernetes as one such layer. And taking that decision at our scale means a huge task in managing many clusters anyways. Our answer for this is Gardener (shameless advertisement for an SAP-initiated Open Source project: https://gardener.cloud/), but YMMV.
> Are end-users clamouring to be able to deploy things to Kubernetes alongside their CF apps? > […] > I wonder if all the migration efforts required to adopt cf-for-k8s are worthwhile to existing users.
I believe I referred to this topic during our CF Summit panel discussion: I think there’s more than one group of end-users to consider:
> The notion of specifying different target runtime environments per isolation segment is intriguing. If this were possible, would it be simpler to stick with cf-for-VMs, and have a Kubernetes cluster for each tenant that runs apps and user workloads?
Not for us, because it would still leave us with both BOSH-based deployments as well as having to manage a huge fleet of K8s-clusters, so all of the work with none of the benefits.
Regards, Bernd
From:
cf-dev@... <cf-dev@...> Hey all!
Thanks for sharing your thoughts, Bernd.
It sounds like there are a lot of overheads for SAP in adopting cf-for-k8s. More operational complexity managing many clusters, and then the effort of migrating from cf-for-VMs to the new world. Is this all worth it? Are end-users clamouring to be able to deploy things to Kubernetes alongside their CF apps?
The notion of specifying different target runtime environments per isolation segment is intriguing. If this were possible, would it be simpler to stick with cf-for-VMs, and have a Kubernetes cluster for each tenant that runs apps and user workloads? This would be exactly the same as running Eirini on cf-for-VMs (which VMware published as an offering), except there'd be the option for one-Kubernetes-per-tenant.
As an aside, I do sincerely hope that the large CF vendors are intending to heavily market CF as the easy mode for Kubernetes. I wonder if all the migration efforts required to adopt cf-for-k8s are worthwhile to existingusers.
Regards, Daniel 'Deejay' Jones - CEO +44 (0)79 8000 9153 EngineerBetterLtd- More than cloud platform specialists
On Thu, 12 Nov 2020 at 17:34, Wayne E. Seguin <wayneeseguin@...> wrote: Bernd,
Fantastic! I'm looking forward to reading it over, thank you for putting your thoughts down! Thanks,
~Wayne
Wayne E. Seguin CTO, Stark & Wayne LLC
On Thu, Nov 12, 2020 at 11:37 AM Krannich, Bernd <bernd.krannich@...> wrote: Hello all,
With cf-for-k8s turning 1.0, I started putting my thoughts around “what’s next after what’s next for cf-for-k8s?” in writing.
I wanted to share the resulting document with the community to get feedback, additional perspectives and maybe even to inspire thinking around the topics I collected: https://docs.google.com/document/d/1Hk19MkUOGQmP_dkoCwkogRQqlBwGE0Bpgr2U96JhW3I/edit?usp=sharing
Thanks, Bernd
Bernd Krannich SAP Cloud Platform SAP SE Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany
Pflichtangaben/Mandatory Disclosure Statement: www.sap.com/impressum
Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt. Bitte benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.
This e-mail may contain trade secrets or privileged, undisclosed, or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying, or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation. |
|||||
|
|
|||||
|
Re: Thoughts on cf-for-k8s Use Cases
Krannich, Bernd
Hi Daniel,
Thank you very much for your additional questions. Let me try and answer some of them from my perspective (this is me talking, not necessarily the “official voice” of my employer):
> It sounds like there are a lot of overheads for SAP in adopting cf-for-k8s. More operational complexity managing many clusters, and then the effort of migrating from cf-for-VMs to the new world. Is this all worth it?
We actually approach the topic from a different angle: We have much more to manage than „just“ CF – but many other services – and so the question for us is which common layers we establish as basis for our offering. One decision SAP has taken (and I hear that VMware, IBM, and Suse aren’t maybe that much different) is to use Kubernetes as one such layer. And taking that decision at our scale means a huge task in managing many clusters anyways. Our answer for this is Gardener (shameless advertisement for an SAP-initiated Open Source project: https://gardener.cloud/), but YMMV.
> Are end-users clamouring to be able to deploy things to Kubernetes alongside their CF apps? > […] > I wonder if all the migration efforts required to adopt cf-for-k8s are worthwhile to existing users.
I believe I referred to this topic during our CF Summit panel discussion: I think there’s more than one group of end-users to consider:
> The notion of specifying different target runtime environments per isolation segment is intriguing. If this were possible, would it be simpler to stick with cf-for-VMs, and have a Kubernetes cluster for each tenant that runs apps and user workloads?
Not for us, because it would still leave us with both BOSH-based deployments as well as having to manage a huge fleet of K8s-clusters, so all of the work with none of the benefits.
Regards, Bernd
From:
cf-dev@... <cf-dev@...> Hey all!
Thanks for sharing your thoughts, Bernd.
It sounds like there are a lot of overheads for SAP in adopting cf-for-k8s. More operational complexity managing many clusters, and then the effort of migrating from cf-for-VMs to the new world. Is this all worth it? Are end-users clamouring to be able to deploy things to Kubernetes alongside their CF apps?
The notion of specifying different target runtime environments per isolation segment is intriguing. If this were possible, would it be simpler to stick with cf-for-VMs, and have a Kubernetes cluster for each tenant that runs apps and user workloads? This would be exactly the same as running Eirini on cf-for-VMs (which VMware published as an offering), except there'd be the option for one-Kubernetes-per-tenant.
As an aside, I do sincerely hope that the large CF vendors are intending to heavily market CF as the easy mode for Kubernetes. I wonder if all the migration efforts required to adopt cf-for-k8s are worthwhile to existing users.
Regards, Daniel 'Deejay' Jones - CEO +44 (0)79 8000 9153 EngineerBetter Ltd - More than cloud platform specialists
On Thu, 12 Nov 2020 at 17:34, Wayne E. Seguin <wayneeseguin@...> wrote:
|
|||||
|
|
|||||
|
Re: Thoughts on cf-for-k8s Use Cases
Daniel Jones
Hey all! Thanks for sharing your thoughts, Bernd. It sounds like there are a lot of overheads for SAP in adopting cf-for-k8s. More operational complexity managing many clusters, and then the effort of migrating from cf-for-VMs to the new world. Is this all worth it? Are end-users clamouring to be able to deploy things to Kubernetes alongside their CF apps? The notion of specifying different target runtime environments per isolation segment is intriguing. If this were possible, would it be simpler to stick with cf-for-VMs, and have a Kubernetes cluster for each tenant that runs apps and user workloads? This would be exactly the same as running Eirini on cf-for-VMs (which VMware published as an offering), except there'd be the option for one-Kubernetes-per-tenant. As an aside, I do sincerely hope that the large CF vendors are intending to heavily market CF as the easy mode for Kubernetes. I wonder if all the migration efforts required to adopt cf-for-k8s are worthwhile to existing users. Regards, Daniel 'Deejay' Jones - CEO +44 (0)79 8000 9153 EngineerBetter Ltd - More than cloud platform specialists On Thu, 12 Nov 2020 at 17:34, Wayne E. Seguin <wayneeseguin@...> wrote:
|
|||||
|
|
|||||
|
Re: Thoughts on cf-for-k8s Use Cases
Wayne E. Seguin
Bernd, Fantastic! I'm looking forward to reading it over, thank you for putting your thoughts down! On Thu, Nov 12, 2020 at 11:37 AM Krannich, Bernd <bernd.krannich@...> wrote:
|
|||||
|
|
|||||
|
Thoughts on cf-for-k8s Use Cases
Krannich, Bernd
Hello all,
With cf-for-k8s turning 1.0, I started putting my thoughts around “what’s next after what’s next for cf-for-k8s?” in writing.
I wanted to share the resulting document with the community to get feedback, additional perspectives and maybe even to inspire thinking around the topics I collected: https://docs.google.com/document/d/1Hk19MkUOGQmP_dkoCwkogRQqlBwGE0Bpgr2U96JhW3I/edit?usp=sharing
Thanks, Bernd
Bernd Krannich SAP Cloud Platform SAP SE Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany
Pflichtangaben/Mandatory Disclosure Statement: www.sap.com/impressum
Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt. Bitte benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.
This e-mail may contain trade secrets or privileged, undisclosed, or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying, or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation. |
|||||
|
|
|||||
|
Stratos 4.3.0
Richard Cox
Hi All,
It gives me great pleasure to announce the release of Stratos 4.3.0.
This release contains a small treasure trove of improvements and bug fixes.
Highlights include...
Full release notes are available from -
https://github.com/cloudfoundry/stratos/blob/master/CHANGELOG.md#430
We welcome your feedback, comments and bug reports. Please feel free to raise them in github (https://github.com/cloudfoundry/stratos) or reach out directly to us in slack (#stratos)
Regards,
Richard Cox
on behalf of the Stratos team |
|||||
|
|
|||||
|
fmartini@...
Hi all,
We are now closer to having most of the SAPI functionality migrated into v3 and would like to make sure that there is no critical use case that we are missing. We have appreciated all your previous feedback on our proposals and it would be great if you can find time to give us some feedback on what is implemented via this form: https://forms.gle/RYcsz2AdLDznrmMCA . Ideally, we are looking for feedback in the next few weeks to allow us to prioritise any missed use cases. Thanks, Services Enablement |
|||||
|
|
|||||
|
can i ask you to how to upgrade cf-deployment?
il Kwon <il.kwon@...>
Hello i'm wondering how to upgrade cf-deployment. If i use cf-deployment v9.5 and want to use v12.5.0, how can i upgrade cf deployment version? Do i have to v12.5.0 one copy more? and backup the ccdb, uaadb, blobstore of v9.5 and recovery to v12.5.0? (like dump old db and import to new db and backup all old blobstore and import to new blobstore) If you have guide or i can have any information, can you tell me the guide? Thanks in advance -- |
|||||
|
|
|||||
|
Bionic is here!
dlemos@...
Hi, The BOSH team is introducing a new Stemcell line based on Ubuntu 18.04 LTS (Bionic Beaver). The new Stemcell can be found on https://bosh.io/. We will support Xenial Stemcells on bosh.io until April 2021, when Ubuntu 16.04 Xenial Xerus will reach end-of-life as per Canonical's official support lifecycle policy. Bionic Stemcells are currently beta and we invite the community to share feedback on the #bosh-bionic Slack channel, raise issues on Github or engage with us using the community resources available. Marco Völz & Diego Lemos |
|||||
|
|
|||||
|
CF Bi-Weekly Roundup
Chris Clark
Hi all! Thank you for making CF EU Summit a success!I missed seeing you all in person, and dearly hope that can happen again soon. In the meantime, I suppose we’ll have to be content with virtual perks like wearing sweat pants to meetings, perpetual access to coffee brewed to your liking, and live-streamed alpacas. Videos from Summit are up on YouTube! Here’s the 32 video playlist from the event. There are a lot of great talks here, so when you’ve got some time, dig in. Notable Releases:
From the Last Few Weeks:
Community Updates:
(And if you are hiring, please do share the info in that channel.) Dates To Remember (All times US Pacific):
Check the community calendar for updates and meeting details here: https://www.cloudfoundry.org/community-calendar/Ecosystem and General News:
Chris Clark Technical Operations Manager Cloud Foundry Foundation |
|||||
|
|
|||||
|
IMPORTANT NOTICE: [php-buildpack] End of Support for PHP versions 7.2.x after 2020-12-02
Kashyap Vedurmudi <kvedurmudi@...>
The first release of the PHP buildpack after December 2, 2020 will no longer include PHP versions 7.2.x. These PHP versions will no longer be supported upstream.[1] Please migrate your PHP apps to supported versions of PHP before that time. Note: As 7.2.x is the current default version of PHP in the buildpack, the default PHP version will be updated to 7.4.x as a part of this removal. If you’d like to use a different PHP version, please configure your application to select that version[2]. As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel. [1] - https://www.php.net/supported-versions.php [2] - https://docs.cloudfoundry.org/buildpacks/php/gsg-php-config.html Thanks, Kashyap Vedurmudi, Buildpacks PM |
|||||
|
|
|||||
|
Upcoming DockerHub policy changes
Chris Clark
DockerHub has been planning a few policy changes they’ll be implementing Nov 1st, some of which might impact various Cloud Foundry projects:
In short, if you need to be added to the cloudfoundry DockerHub org to avoid pull rate limiting, please email contributors@.... All other changes are not happening in the immediate future.
One last thing to mention: some projects have been using the new GitHub Container Registry, I believe with some success. Chris Clark Technical Operations Manager Cloud Foundry Foundation |
|||||
|
|
|||||
|
Re: Farewell
Dieu,
Thank you for everything you've done for the CFF community over the past 6+ years, and for how much you've championed engagement and inclusivity in the community. We'll miss your presence here immensely, but we're glad to know you're not going too far away.
Please stay in touch with all of us!
Thanks again,
Eric
From: cf-dev@... <cf-dev@...> on behalf of Daniel Jones via lists.cloudfoundry.org <daniel.jones=engineerbetter.com@...>
Sent: Thursday, October 29, 2020 9:13 AM To: Discussions about Cloud Foundry projects and the system overall. <cf-dev@...> Subject: Re: [cf-dev] Farewell Dieu,
Thanks for being awesome. You'll be missed, and I hope you enjoy what you do next. Stay in touch!
Regards,
Daniel 'Deejay' Jones - CEO
+44 (0)79 8000 9153
EngineerBetter
Ltd - More than cloud platform specialists
On Wed, 28 Oct 2020 at 19:22, Troy Topnik <troy.topnik@...> wrote:
Thank you so much for everything you've done. |
|||||
|
|