|
Oratos Incubation Proposal
#loggregator
As many of you know, the Loggregator team has been experimenting with containerizing the Loggregator and Log cache components for use in a K8s context. I posted about these efforts previously[1], and we would like to officially nominate these efforts for incubation within the Runtime PMC (we have also considered extensions - but this would mean twice as many meetings for me ;-) ). We feel that assigning a specific team to this effort is worthwhile to formalize the efforts around product research and design and also want better communicate our intentions to the CF community to gather feedback. Additionally we have identified a first up feature proposal[2] to focus on.
Please review this proposal and FAQ[3] and provide your feedback and comments here or in the document. 1. https://lists.cloudfoundry.org/g/cf-dev/topic/oratos_containerized/18106811?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,40,18106811 2. https://docs.google.com/document/d/1PjbaImDrSs3qj1oqu46lSChGgJ6ka_N5AuQv0HVkBbI/edit# 3. https://docs.google.com/document/d/1oX4f3VLbTB9AXHOGUA8auGdwK19OVv1dRcKQYc8QsWk/edit#
|
|
|
|
Re: Deprecation Notice: bosh-hm-forwarder is moving
Mike -
I am not sure, but probably. I'll ping some folks that would know and have them chime in. Adam
|
|
|
|
Re: CF CLI v6.37.0 Released Today: Variable Substitution
Ronak Banka
Hi Abby, Going forward is there something on roadmap to use ops files for cf CLI too, like we do for Bosh CLI or yaml patch? Use case can be CI/CD pipelines where part of manifest can be injected for different environment. Thanks Ronak
On Thu, 31 May 2018 at 7:37 AM, Abby Chau <achau@...> wrote:
|
|
|
|
Re: CF CLI v6.37.0 Released Today: Variable Substitution
Abby Chau
Hey Carlo, thanks for reaching out. Arrays and hashes are not supported for the Variable Substitution feature. Let us know if you have any additional questions. Thanks. Best, Abby
On Wed, May 30, 2018 at 7:48 PM, Carlo Alberto Ferraris <carloalberto.ferraris@...> wrote:
|
|
|
|
Re: Deprecation Notice: bosh-hm-forwarder is moving
Mike Youngstrom
Hi Adam, Is it possible to tell bosh-system-metrics to only forward metrics from certain deployments to loggregator? We deploy multiple CFs on a single bosh and would like to only forward metrics related to a given CF onto that CF's loggregator stream. Thanks, Mike
On Thu, May 31, 2018 at 7:50 AM, Adam Hevenor <ahevenor@...> wrote: Hi Benjamin -
|
|
|
|
Re: Deprecation Notice: bosh-hm-forwarder is moving
Hi Benjamin -
The bosh-hm-fowrarder is still available outside of the Loggregator repo, just not supported by the Loggregator team any longer. The supported replacement called bosh-system-metrics forwarder has gone through OSS approval and should be available very soon as well. Adam
|
|
|
|
Re: CF CLI v6.37.0 Released Today: Variable Substitution
Carlo Alberto Ferraris
Abby, Is inserting arrays/hashes also supported? If that's the case it may be a good idea to show it in the examples. Carlo
On Thu, May 31, 2018, 09:37 Abby Chau <achau@...> wrote:
|
|
|
|
Re: CF CLI v6.37.0 Released Today: Variable Substitution
Abby Chau
Hi Benjamin, Thanks for reaching out; we will update the documentation for clarification. The partial value use case, for example, is a manifest.yml with the following: and a variable.yml file which invokes the value by passing in the hostname: When you push with the manifest and variable file, the route test.example.com will be created. Hope that makes sense. Best, Abby On Wed, May 30, 2018 at 7:30 AM, Benjamin Gandon <benjamin@...> wrote:
|
|
|
|
rep fd keep increasing until 'too many open files' and cell in bad status
Qiu Jie QJ Li <liqiujie@...>
Hi, CF developers
We met a problem that rep fd keep increasing until 'too many open files'. Our cloudfoundry env was built on kubenetes cluster, it had 3 VMs under it. 1 for diego-cell (4core * 16G) and 2 for others. When we did stress test, we used 10+ threads to push/start/stop/../delete apps continuously with 10s thinktime between each step. It began with 0 errors, but always ended with cell in bad status hours later. App stage failed with 'can't communicate with compatible cells' and 'too many open files' in rep.stdout.log . We began to monitor the # of files under /proc/<rep-pid>/fd due to the 'too many open files' hint and noticed that the # of files was steady at first, then from a point, it kept increasing, even after the push app test was completely stopped, the increasing file number seems like the cause of 'too many open files' and most likely would cause the node(VM) unreachable in the end. Why would this fd keep increasing? Was there some leak or something couldn't be released? I had opened an issue in rep repository https://github.com/cloudfoundry/rep/issues/21with more details. Please let us know what extra detailed info you need to know. Thanks a lot. Regards, Qiu Jie (Sophy) Li
|
|
|
|
Re: CF CLI v6.37.0 Released Today: Variable Substitution
Hi Abby,
In the documentation for variable substitution, when it’s said: Template variables can also be used as partial values, such as in: It’s quite unclear what is meant by “partial values”, and the example doesn’t bring an illustration to this. Indeed, correct me if I’m wrong but this second example looks the same as the first one, because using --vars-file <(cat secrets.yml) should be quite the same as writing --vars-file secrets.yml. Maybe “partial values” was a way to say that multiple --vars-file arguments can be used? Benjamin
|
|
|
|
CF CLI v6.37.0 Released Today: Variable Substitution
Abby Chau
Hi all, Highlights include:
Bug Fixes:
Let us know if you have any comments or feedback, thanks! Best, Abby Chau Product Manager, CF CLI
|
|
|
|
Re: Is anyone successfully using IPSec along with Windows Server 2016 (1709)?
Pivotal has a commercial offering providing IPSec integration for the Windows stack. As a first stab, perhaps our public docs may contain some configuration clues for you?
On Sun, May 27, 2018 at 8:18 PM Aaron Huber <aaron.m.huber@...> wrote: We're testing out the new Windows version and everything appears to be working correctly with the exception of traffic from the routers to the containers via the NAT on the Windows cells. The IPSec session is working between the router and the Windows host itself but there is just no response when connecting to a mapped port inside a container. For example:
|
|
|
|
Re: Deprecation Notice: bosh-hm-forwarder is moving
Benjamin Gandon <benjamin@...>
Hi Adam,
toggle quoted messageShow quoted text
I understand that this BOSH Health Monitor Forwarder (that was donated to OSS in July 2016) is now deprecated. I also saw that PCF has moved away from it in v2.0. So I guess this bosh-hm-forwarder is replaced by something else. Could you give us more insights (or pointers) about why this component is now deprecated, what is replacing it, and whether it is OSS? Thanks for your answers.
|
|
|
|
Is anyone successfully using IPSec along with Windows Server 2016 (1709)?
Aaron Huber
We're testing out the new Windows version and everything appears to be working correctly with the exception of traffic from the routers to the containers via the NAT on the Windows cells. The IPSec session is working between the router and the Windows host itself but there is just no response when connecting to a mapped port inside a container. For example:
router (10.10.10.10) -> windows2016-cell (10.10.10.11) - works fine for any open port (rep, consul etc.) on the cell itself router (10.10.10.10) -> windows2016-cell (10.10.10.11) -> container (172.30.0.10) - no response to the external port for either HTTP or SSH (for example, 40000 and 40001) As soon as we turn off IPSec the traffic works just fine and we can access the app via the gorouter and cf ssh is connecting successfully. The error message from the router looks like this: curl http://10.10.10.11:40000/
curl: (7) Failed to connect to 10.10.10.11 port 40000: Connection refused Please let me know if you were able to get this working correctly. Aaron
|
|
|
|
Cloud Foundry Swift Client
Dwayne Forde <dwayne.forde@...>
Ahoy,
wanted to let everyone know that I made a small Cloud Foundry Swift Client. I've been using the code in a small iOS application to help monitor some applications on a Cloud Foundry foundation for a couple of years now. Finally got around to separating it into its own code base. I'm not sure how many Swift use cases are floating around the Cloud Foundry ecosystem, but it has come in handy for me. Feel free to use if the need come up. Cheers
|
|
|
|
[cfcr] Deprecation of ABAC authorization mode
Sean O'Sullivan
What We are looking to drop support Attribute Based Access Control as an authorization mode for Cloud Foundry Container Runtime in the near term planned release v0.18 Why RBAC is considered to have significant security advantages over ABAC, thus we don't see value in continuing to support this as a solution. We reached out to our user base and there is no feedback anyone has ABAC implemented. Sean O'Sullivan Product Manager - Cloud Foundry Container Runtime (CFCR) Dublin, Ireland
|
|
|
|
Re: 1 of 3 pre-start scripts failed. Failed Jobs: cloud_controller_ng. Successful Jobs: route_registrar, consul_agent.
PulPham <hungfq@...>
|
|
|
|
CF+K8S SIG Call tomorrow
Chip Childers <cchilders@...>
All, -- Tomorrow at 6 PM CET, 12 AM ET, 9 AM PT is our next CF+k8s SIG call. I've reached out to several projects to see if they want to provide a demo tomorrow, but schedules aren't aligning. The following call does have some demos scheduled already (two weeks from now). That said, we will still have a brief call tomorrow. Agenda will be: 1) Any project status updates worth highlighting 2) Open discussion on k8s + CF efforts Since there isn't a demo, I won't be switching to Zoom this time around. Expect the call to be fast. Join if interested! Join the call: www.uberconference.com/cchilders Dial in number: 215-315-3487 No PIN needed International Callers Dial the local number below based on your location. When prompted, enter your host's conference number (215-315-3487), then the "#" key. -Germany: 030 30807999 -Ireland: (01) 525 5652 -United Kingdom: 020 3514 1993 Other international numbers available here: https://www.uberconference.com/international -chip Chip Childers CTO, Cloud Foundry Foundation 1.267.250.0815
|
|
|
|
Re: Istio router on container overlay network
Mike Youngstrom
This is exciting work. Thanks for raising it here Gabe! Mike
On Mon, May 21, 2018 at 12:26 PM, Gabriel Rosenhouse <grosenhouse@...> wrote:
|
|
|
|
Istio router on container overlay network
Gabriel Rosenhouse <grosenhouse@...>
Hi all, The Cloud Foundry Networking team is planning to move the Istio Router (eventual replacement for gorouter) onto the overlay network used by app containers. If this interests you, please read our proposal here. We welcome feedback via comments on that doc, or reply to this email. Sincerely, Gabe & the CF Networking Team
|
|
|