Hi, all,

When the Diego team creates its next final version of diego-release,
v0.1488.0, it will no longer support or function correctly with
garden-linux. In addition to the work already in flight to remove official
support for garden-linux from the release tooling, this version of Diego
uses a new "BulkNetOut" call on the Garden API to set network egress rules
on the Garden containers. This API call is supported on garden-runc-release
as of v1.0.2 and garden-windows-bosh-release as of v0.0.9, but not on any
version of garden-linux. As the Garden team has not stated any plans to
implement this new API call on garden-linux, this API change effectively
ends support for garden-linux on this and future Diego versions.

The Diego manifest-generation script in diego-release will also now
default to using garden-runc-release, making the existing `-g` opt-in flag
a harmless no-op. *Please note that garden-linux cannot be upgraded to
garden-runc in place, so switching between them requires recreating the
Diego cell VMs (either explicitly via `bosh deploy --recreate` or as a
side-effect of a stemcell upgrade).*

As the Garden team has already mentioned[1], an additional reason for the
aggressive end-of-life schedule for garden-linux is that it does not
function correctly on 4.4 kernels, and future ubuntu-trusty BOSH stemcells
will contain only kernels on that line.

As with the configuration to secure the cell rep API, the release notes
for this forthcoming Diego version will also include this information about
the lack of compatibility with garden-linux and support for only
garden-runc. We on the Diego team are also happy to answer questions about
this matter here on cf-dev as well as in the #diego channel on the CF OSS
Slack instance.

Thanks,
Eric, CF Runtime Diego PM

[1]: https://lists.cloudfoundry.org/archives/list/cf-dev(a)lists.
cloudfoundry.org/thread/WY6HKOWQ5YTIHZXLTG2SMNMO2FKH3ORA/#
PSPAAZYP2XUJ3XMPZHU5ZZH3RCZEMBEB