Hi Guillaume, I'd put it like this: running containers with 'privileged: false' makes them safe /even if/ a user gets root. With a docker image this is essential, because getting root is trivial. With

Hi cf-dev, I’d like to discuss some exciting changes the Garden team is planning to make in Diego’s container subsystem, Garden. Garden? What’s that? Garden is the containerisation layer used by Diego

This is ridiculously cool - nice work Persils!

Hi cf-dev, This is a very exciting email to write! I'm extremely proud to announce that garden-runC <https://github.com/cloudfoundry/garden-runc-release>, the new cloud foundry container runtime for L

The use case seems reasonable to me. Even if it's technically free (no marginal cost) to let processes consume the whole machine when it's available, I can easily see a commercial and technical case f

Hi John, Unfortunately memory usage inside containers is a bit of a painful topic. I've linked to a really great blog by Heroku on this topic below that goes in to more detail but tl;dr there's not a

Hi CF-Devs! A few of us have been working on a proposal to explore using OCI Images (a standardised format for container images) to allow more standard, more flexible and potentially more performant m

I can't wait to try out the new log-in com-mand [image: Gemoji image for :trollface:] (Srsly great work bosh folks! :))

Garden does have (currently not very well documented) support for setting hard cpu maximums as well as the fair share limits described above. This is off by default but can be enabled via the 'garden.

Hi cf-dev! Garden is planning to incept on a feature narrative to bring proper support for sidecar processes (i.e. processes that share some but not all namespaces and cgroups with the main container

Hi cf-dev! I’d like to discuss some new security features we’re adding to Garden, and what they mean for operators. Tl;dr: Garden, Cloud Foundry’s container creation and management engine, now has exp

Hi Stanislav -- cpu usage is not currently unlimited, quotas are already enforced in proportion to a container's memory limit. If multiple containers on a cell each try to use all resources, they will

#cf

Hi cf-dev garden and groot fans! I'd like to quickly discuss some changes we're making to garden (the cloud foundry app runtime’s container api) and groot (the next generation rootfs management librar

Hi cf devvers, the garden team have a proposal about using Containerd to run containers in garden-runc. It's called "Proposal: Use Containerd to run containers in Garden-RunC". The link is here [0]. [

\o/ Yassss. Nice.

+1 to Eric's view also. I like being able to (sort of) filter version tags. Thanks,

Hi cf-dev, I wanted to write a quick email to make sure the community is aware that we are planning to remove the btrfs driver from Garden/Grootfs in the next Garden release (and to explain why). Expo

Hi cf-dev, I wanted to give everyone a quick update on the progress of the application autoscaler project as we’ve recently hit some nice milestones. WHAT IS THIS? The app autoscaler is a cloud foundr

Hi cf-dev! After quite a successful presentation of our CF and K8s integration work at cf summit, we are now excited to get started on it “for real”! There’s a long proposal document linked below [0]

Happy to demo Eirini (the artist formerly known as Cube), too. Thanks!