2.72.0

Changes

• Envoy bump to 1.25.1
• Metric tags can be updated for running containers
• Support for configurable entrypoints in buildpackapplifecycle (cloudfoundry/buildpackapplifecycle#58)

Bosh Job Spec changes:

diff --git a/jobs/auctioneer/spec b/jobs/auctioneer/spec
index 4fd93c8b2..ae685ceb9 100644
--- a/jobs/auctioneer/spec
+++ b/jobs/auctioneer/spec
@@ -88,13 +88,6 @@ properties:
   diego.auctioneer.locket.api_location:
     description: "Hostname and port of the Locket server. When set, the auctioneer attempts to claim a lock from the Locket API."
     default: locket.service.cf.internal:8891
-  diego.auctioneer.skip_consul_lock:
-    default: false
-    description: "Set to 'true' for the auctioneer to skip acquiring a Consul lock. Requires 'diego.auctioneer.locket.api_location' to be set."
-
-  enable_consul_service_registration:
-    description: "Enable the auctioneer to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
-    default: true
 
   locks.locket.enabled:
     description: When set, the auctioneer attempts to claim a lock from the Locket API.
diff --git a/jobs/bbs/spec b/jobs/bbs/spec
index 11cd996f0..b6f1040c2 100644
--- a/jobs/bbs/spec
+++ b/jobs/bbs/spec
@@ -140,16 +140,6 @@ properties:
   diego.bbs.locket.api_location:
     description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API."
     default: locket.service.cf.internal:8891
-  diego.bbs.skip_consul_lock:
-    default: false
-    description: "Set to 'true' for the BBS to skip acquiring a Consul lock. Requires 'diego.bbs.locket.api_location' to be set."
-  diego.bbs.detect_consul_cell_registrations:
-    default: true
-    description: "Whether the BBS should detect Diego cell registrations present in the Consul key-value store. To prevent unexpected loss of capacity, set to 'false' only when the BBS uses Locket and when all Diego cells in the cluster maintain their registrations via Locket."
-
-  enable_consul_service_registration:
-    description: "Enable the BBS to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
-    default: true
 
   limits.open_files:
     description: Maximum number of files (including sockets) the BBS process may have open.
diff --git a/jobs/file_server/spec b/jobs/file_server/spec
index 7d50581a3..dddda86c2 100644
--- a/jobs/file_server/spec
+++ b/jobs/file_server/spec
@@ -59,10 +59,6 @@ properties:
   tls.key:
     description: "PEM-encoded tls key"
 
-  enable_consul_service_registration:
-    description: "Enable the file-server to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
-    default: true
-
   logging.format.timestamp:
     description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
     default: "unix-epoch"
diff --git a/jobs/locket/spec b/jobs/locket/spec
index 0bbcc4c7b..640651ffb 100644
--- a/jobs/locket/spec
+++ b/jobs/locket/spec
@@ -66,9 +66,6 @@ properties:
     default: false
   diego.locket.sql.ca_cert:
     description: "Bundle of CA certificates for the Locket to verify the SQL server SSL certificate when connecting via SSL"
-  enable_consul_service_registration:
-    description: "Enable the Locket server to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
-    default: true
 
   logging.format.timestamp:
     description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
diff --git a/jobs/rep/spec b/jobs/rep/spec
index e2d40d28c..8591fb6ba 100644
--- a/jobs/rep/spec
+++ b/jobs/rep/spec
@@ -9,9 +9,6 @@ templates:
   trusted_ca_certificates.json.erb: config/certs/rep/trusted_ca_certificates.json
   instance_identity.crt.erb: config/certs/rep/instance_identity.crt
   instance_identity.key.erb: config/certs/rep/instance_identity.key
-  consul_ca.crt.erb: config/certs/consul/ca.crt
-  consul_client.crt.erb: config/certs/consul/client.crt
-  consul_client.key.erb: config/certs/consul/client.key
   rep.json.erb: config/rep.json
   bpm.yml.erb: config/bpm.yml
   bpm-pre-start.erb: bin/bpm-pre-start
@@ -106,16 +103,6 @@ properties:
   tls.ca_cert:
     description: "REQUIRED: PEM-encoded tls client CA certificate for asset upload/download"
 
-  diego.rep.consul.require_tls:
-    description: "Require mutual TLS to talk to the local consul API"
-    default: false
-  diego.rep.consul.ca_cert:
-    description: "PEM-encoded CA certificate"
-  diego.rep.consul.client_cert:
-    description: "PEM-encoded client certificate"
-  diego.rep.consul.client_key:
-    description: "PEM-encoded client key"
-
   diego.executor.memory_capacity_mb:
     description: "the memory capacity the executor should manage.  this should not be greater than the actual memory on the VM"
     default: "auto"
@@ -228,12 +215,9 @@ properties:
     default: "rep"
 
   diego.rep.locket.api_location:
-    description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API instead of in the Consul key-value store."
+    description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API."
     default: locket.service.cf.internal:8891
 
-  enable_consul_service_registration:
-    description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
-    default: true
   enable_declarative_healthcheck:
     description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+"
     default: false
diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
index 2933d2dbc..4fc4504bf 100644
--- a/jobs/rep_windows/spec
+++ b/jobs/rep_windows/spec
@@ -9,9 +9,6 @@ templates:
   trusted_ca_certificates.json.erb: config/certs/rep/trusted_ca_certificates.json
   instance_identity.crt.erb: config/certs/rep/instance_identity.crt
   instance_identity.key.erb: config/certs/rep/instance_identity.key
-  consul_ca.crt.erb: config/certs/consul/ca.crt
-  consul_client.crt.erb: config/certs/consul/client.crt
-  consul_client.key.erb: config/certs/consul/client.key
   rep.json.erb: config/rep.json
   loggregator_ca.crt.erb: config/certs/loggregator/ca.crt
   loggregator_client.crt.erb: config/certs/loggregator/client.crt
@@ -102,16 +99,6 @@ properties:
   tls.ca_cert:
     description: "REQUIRED: PEM-encoded tls client CA certificate for asset upload/download"
 
-  diego.rep.consul.require_tls:
-    description: "Require mutual TLS to talk to the local consul API"
-    default: false
-  diego.rep.consul.ca_cert:
-    description: "PEM-encoded CA certificate"
-  diego.rep.consul.client_cert:
-    description: "PEM-encoded client certificate"
-  diego.rep.consul.client_key:
-    description: "PEM-encoded client key"
-
   diego.executor.memory_capacity_mb:
     description: "the memory capacity the executor should manage.  this should not be greater than the actual memory on the VM"
     default: "auto"
@@ -241,9 +228,6 @@ properties:
     description: "Hostname and port of the locket server"
     default: locket.service.cf.internal:8891
 
-  enable_consul_service_registration:
-    description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
-    default: true
   enable_declarative_healthcheck:
     description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action."
     default: false
diff --git a/jobs/route_emitter/spec b/jobs/route_emitter/spec
index 7c84cbba4..faac3b0c5 100644
--- a/jobs/route_emitter/spec
+++ b/jobs/route_emitter/spec
@@ -146,9 +146,6 @@ properties:
     description: "Cert used to communicate with local metron agent over gRPC"
   loggregator.key:
     description: "Key used to communicate with local metron agent over gRPC"
-  locks.consul.enabled:
-    description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Consul API."
-    default: true
   locks.locket.enabled:
     description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Locket API."
     default: true
diff --git a/jobs/route_emitter_windows/spec b/jobs/route_emitter_windows/spec
index d86340e8f..404c9f518 100644
--- a/jobs/route_emitter_windows/spec
+++ b/jobs/route_emitter_windows/spec
@@ -146,9 +146,6 @@ properties:
     description: "Cert used to communicate with local metron agent over gRPC"
   loggregator.key:
     description: "Key used to communicate with local metron agent over gRPC"
-  locks.consul.enabled:
-    description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Consul API."
-    default: true
   locks.locket.enabled:
     description: "Whether the route-emitter in global mode should attempt to claim its activity lock via the Locket API."
     default: true
diff --git a/jobs/ssh_proxy/spec b/jobs/ssh_proxy/spec
index a2919c5ab..cd39dbd52 100644
--- a/jobs/ssh_proxy/spec
+++ b/jobs/ssh_proxy/spec
@@ -119,9 +119,6 @@ properties:
   connect_to_instance_address:
     description: "Connect directly to container IP instead of to the host IP and external port. Suitabl...

2.71.0

Changes

• Removed legacy code relating to consul in diego components. This was long ago replaced by locket.
• Added helpful logging to cacheddownloader for when it retries/fails downloads. Thanks @vlast3k!
• Bumped ginkgo dependencies
• Bumps golang to 1.19.4

✨ Built with go 1.19.4

Full Changelog: v2.70.0...v2.71.0

Resources

• Download release v2.71.0 from bosh.io.

2.70.0

Changes

• CI updates

✨ Built with go 1.19.3

Full Changelog: v2.69.1...v2.70.0

Resources

• Download release v2.70.0 from bosh.io.

2.69.1

[Bug Fix] Remove extra host port that mapped to c2c TLS port.
[Bug Fix] Report crash event after crash reset timeout

v2.69.0

Changes

• Bump Golang to go1.19.2 @cf-diego (#642)

✨ Built with go 1.19.2

Full Changelog: v2.68.0...v2.69.0

Resources

• Download release v2.69.0 from bosh.io.
• Verified with cloudfoundry/cf-deployment @ 6ec2aca405f23a2eb32ec4108d3385edcfdb9b22.

v2.68.0

Changes

• Bump to go 1.19.1! Thanks @mariash!
• Add buildvcs=false to all windows package compilation. Thanks @geofffranks!

✨ Built with go 1.19.1

Full Changelog: v2.67.0...v2.68.0

Diego v2.67.0

Changes

• cacheddownloader now has a backoff algorithm when retrying failed downloads. This was provided as a way to work around thundering herds of cells downloading and overwhelming rate-limited blobstores. Thanks for the PR @prycey77!
• Bump natsclient + route-emitter dependencies

✨ Built with go 1.18.5

Resources

• Download release v2.67.0 from bosh.io.
• Verified with cloudfoundry/cf-deployment @ e639b051fdd968f5931f1c14e80cb7d4cbc32ea6.

v266.4 - CI Error

This release was created by mistake via CI. See v2.67.0 instead

Diego v2.66.3

Changes

• Bump x/crypto
• Update garden, guardian, idmapper, and grootfs submodules

✨ Built with go 1.18.5

Resources

• Download release v2.66.3 from bosh.io.
• Verified with cloudfoundry/cf-deployment @ 47f3c89570b73e415af5ccf3f0a93dd293d7ac24.

Diego v2.66.2

Changes

• Cancel other download of other dependencies when one of them fails

✨ Built with go 1.18.5