profile
viewpoint
Simon Johansson simonjohansson @springernature Berlin, DE

simonjohansson/B2G-build 2

Docker image to build B2G.

project-tenjin/backend 1

Java Spring backend for project Tenjin

simonjohansson/cf-concourse-vault 1

Deploy CF, Concourse and Vault in Bosh Lite. Yay

robwhitby/concourse 0

Concourse CI

simonjohansson/anyconnect 0

Connect to anyconnect using a docker container

simonjohansson/archive-resource 0

downloads and extracts an archive (currently tgz) from a uri

simonjohansson/archiver 0

Easily create and extract .zip, .tar, .tar.gz, .tar.bz2, .tar.xz, .tar.lz4, .tar.sz, and .rar (extract-only) files with Go

startedwurunduk/blender-p3d-import-export

started time in 6 hours

startedassimp/assimp

started time in a day

push eventcloudfoundry/cf-for-k8s

relint-ci

commit sha bc040d639d5df357d532796e12135ca49d3987d1

Autobump stack images

view details

push time in 2 days

push eventcloudfoundry/cf-for-k8s

relint-ci

commit sha bc040d639d5df357d532796e12135ca49d3987d1

Autobump stack images

view details

push time in 2 days

startedirfanICMLL/CoupleGenerator

started time in 2 days

issue commentcloudfoundry/cf-for-k8s

Log streaming in Stratos does not work

This may be similar to https://github.com/cloudfoundry/stratos/issues/4742, that case was specifically viewing logs of an application pushed via cf cli 7 and involves https://github.com/cloudfoundry/cf-for-k8s/issues/560 and https://github.com/cloudfoundry/stratos/issues/4741

braunsonm

comment created time in 3 days

pull request commentcloudfoundry/cf-for-k8s

Enable proxy protocol for Ingress Envoy

When using httpbin, please also add "?show_env=1" to the request, see https://github.com/postmanlabs/httpbin/issues/300

b1tamara

comment created time in 3 days

issue commentcloudfoundry/cf-for-k8s

Guidance on how to use AWS ECR as private registry

Related to #345

aad

comment created time in 4 days

pull request commentcloudfoundry/cf-for-k8s

Enable proxy protocol for Ingress Envoy

Hello,

we added an annotation to the istio-ingressgateway service (namespace istio-system):

kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'

To check the "X-Forwarded-For" Header, send some requests to the cf api or any app and take a look at the log:

kubectl logs <istio-ingressgateway-pod> -c istio-proxy -n istio-system

In my case I can see it in the logs as the last entry (it does not matter if the route can be found or not):

{
"referer":"http://operator.operationsconsole.cf.tboehm-pp.<...>/",
"bytes_sent":"0",
"response_duration":"-",
"upstream_cluster":"-",
"x_b3_traceid":"-",
"x_forwarded_proto":"https",
"downstream_remote_address":"<IP>:50532",
"path":"/","authority":"operator.operationsconsole.cf.tboehm-pp.<...>",
"protocol":"HTTP/1.1","upstream_service_time":"-",
"upstream_local_address":"-","duration":"0",
"upstream_transport_failure_reason":"",
"downstream_local_address":"10.250.34.209:443",
"response_code":"404",
"response_flags":"NR",
"response_tx_duration":"-",
"requested_server_name":"operator.operationsconsole.cf.tboehm-pp.<...>",
"organization_id":"-",
"bytes_received":"0",
"app_id":"-",
"x_b3_spanid":"-",
"process_type":"-",
"x_b3_parentspanid":"-",
"space_id":"-",
"user_agent":"Mozilla/5.0 zgrab/0.x",
"start_time":"2020-11-26T13:56:41.894Z",
"method":"GET",
"request_id":"b656b92a-93a9-4efd-ab91-b12914ad59b4",
"upstream_host":"-",
"x_forwarded_for":"<myClientIP>"
}
b1tamara

comment created time in 4 days

issue commentcloudfoundry/cf-for-k8s

Log streaming in Stratos does not work

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/175898203

The labels on this github issue will be updated when the story is started.

braunsonm

comment created time in 5 days

issue openedcloudfoundry/cf-for-k8s

Log streaming in Stratos does not work

Describe the bug

Not sure if the bug should be reported here or on Stratos but Stratos works with regular CF Deployments so I reported here.

It seems that recent logs and log streaming does not work when connecting Stratos to a cf-for-k8s deployment.

To Reproduce*

Steps to reproduce the behavior:

  1. Deploy cf-for-k8s
  2. Connect any recent Stratos instance to it (4.3.0 in my case)
  3. Notice log streaming on every app does not work. Nothing appears.

Expected behavior

Logs should be visible

Additional context

cf-for-k8s SHA

cf-for-k8s v1.0.0 tag

Cluster information

AKS

created time in 5 days

issue commentcloudfoundry/cf-for-k8s

Guidance on how to use AWS ECR as private registry

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/175894512

The labels on this github issue will be updated when the story is started.

aad

comment created time in 5 days

issue openedcloudfoundry/cf-for-k8s

Guidance on how to use AWS ECR as private registry

Is your feature request related to a problem? Please describe. I can not find the document or use case how to use AWS ECR as private registry.

Describe the solution you'd like we can run aws ecr get-login-password to get the authorization token and config the registry like below to deploy cf. But the token is only valid for 12 hours.

system_registry:
  add_image_pull_secrets: true
  hostname: https://${ecr_hostname}
  username: AWS
  password: ${ecr_token}

doc mentioning the expiration: https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login-password.html

Describe alternatives you've considered It would be useful to suggest how to use ecr as private registry or is it an option?

created time in 5 days

issue commentcloudfoundry/cf-for-k8s

fail: reconcile builder/cf-default-builder (kpack.io/v1alpha1) namespace: cf-workloads-staging

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/175894321

The labels on this github issue will be updated when the story is started.

aad

comment created time in 5 days

issue openedcloudfoundry/cf-for-k8s

fail: reconcile builder/cf-default-builder (kpack.io/v1alpha1) namespace: cf-workloads-staging

Describe the bug

we are deploying cf-for-k8s in eks which is an airgaped env in the private subnet, we have relocated the images to ecr and the only error we encountered during the kapp deploy -a cf -f cf-for-k8s-rendered.yml was below. Even though all pods are in ready status.

Would appreciate if someone suggest where to look into this.

10:29:47PM: fail: reconcile builder/cf-default-builder (kpack.io/v1alpha1) namespace: cf-workloads-staging
10:29:47PM:  ^ Encountered failure condition Ready == False:  (message: Get "https://index.docker.io/v2/": dial tcp: lookup index.docker.io on 10.100.0.10:53: no such host)

kapp: Error: waiting on reconcile builder/cf-default-builder (kpack.io/v1alpha1) namespace: cf-workloads-staging:
  Finished unsuccessfully (Encountered failure condition Ready == False:  (message: Get "https://index.docker.io/v2/": dial tcp: lookup index.docker.io on 10.100.0.10:53: no such host))

here is the corresponding message from kapp inspect -a cf --status

Namespace  cf-workloads-staging
Name       cf-default-builder
Kind       Builder
Status     conditions:
           - lastTransitionTime: "2020-11-25T14:29:40Z"
             message: 'Get "https://index.docker.io/v2/": dial tcp: lookup index.docker.io on
               10.100.0.10:53: no such host'
             status: "False"
             type: Ready
           observedGeneration: 1
           stack: {}

To Reproduce*

Steps to reproduce the behavior:

  1. relocate all the images and generate manifest
  2. in an airgap env
  3. deploy the rendered manifest
  4. See error

Expected behavior

i can relocate all the images required to the private registry

Additional context

cf-for-k8s SHA

1.0.0 / 73745a3a9891b0d1ceec646c184b09650c626bdb

Cluster information

EKS (in private subnet)

CLI versions

paste output of the following commands

  1. ytt --version: 0.30.0
  2. kapp --version: 0.34.0
  3. kubectl version: v1.19.3

created time in 5 days

issue commentcloudfoundry/cf-for-k8s

istio-proxy CrashLoopBackOff cf-blobstore-minio, cf-db-postgresql, log-cache

good morning @jamespollard8, i have set the flag enable_automount_service_account_token: true additionally, but no, the problem remains the same. The application only starts when I delete the network policies.

macevil

comment created time in 5 days

push eventcloudfoundry/cf-for-k8s

Eric Promislow

commit sha a11f34de3cd7ef08bb132b0ffa3847fb60d5224e

CI-MAINT - Increase timeout defaults - Set push-timeout to 10 mins - Double other timeouts to 6 mins. - We aren't sure if we haven't allowed a long enough time for these operations to take place. With longer timeouts, this should give us a better idea of which ops are taking a long time and which have actually failed. Story #175885136 calls for futher investigation [#175753486](https://www.pivotaltracker.com/story/show/175753486) Co-authored-by: James Pollard <pollardja@vmware.com>

view details

relint-ci

commit sha e8f3c68d745e78c9c7e1819daf8183a04534d5f0

Bump capi-k8s-release to d98bece861c024df201b4ac8978f62861029c366

view details

push time in 6 days

push eventcloudfoundry/cf-for-k8s

relint-ci

commit sha e8f3c68d745e78c9c7e1819daf8183a04534d5f0

Bump capi-k8s-release to d98bece861c024df201b4ac8978f62861029c366

view details

push time in 6 days

push eventcloudfoundry/cf-for-k8s

Eric Promislow

commit sha a11f34de3cd7ef08bb132b0ffa3847fb60d5224e

CI-MAINT - Increase timeout defaults - Set push-timeout to 10 mins - Double other timeouts to 6 mins. - We aren't sure if we haven't allowed a long enough time for these operations to take place. With longer timeouts, this should give us a better idea of which ops are taking a long time and which have actually failed. Story #175885136 calls for futher investigation [#175753486](https://www.pivotaltracker.com/story/show/175753486) Co-authored-by: James Pollard <pollardja@vmware.com>

view details

push time in 6 days

push eventcloudfoundry/cf-for-k8s

Eric Promislow

commit sha 0a1ff05e73c3248df4692d18996a2d6103e144a2

FIX: Update the eirini image SHAs - the eirini images this replaces were accidentally still based off our fork of eirini from before v2.0.0 [#175238690](https://www.pivotaltracker.com/story/show/175238690) Co-authored-by: James Pollard <pollardja@vmware.com>

view details

James Pollard

commit sha d49f63dd0ca5a57e6fed8619fc3b4f0464fdfd0b

Merge pull request #582 from cloudfoundry/bump-eirini-2.0.0-images FIX: Actually update the eirini images to use Eirini v2.0 Co-authored-by: Eric Promislow <epromislow@suse.com> [finishes #175238690](https://www.pivotaltracker.com/story/show/175238690) [finishes #175881446](https://www.pivotaltracker.com/story/show/175881446)

view details

push time in 6 days

delete branch cloudfoundry/cf-for-k8s

delete branch : bump-eirini-2.0.0-images

delete time in 6 days

push eventcloudfoundry/cf-for-k8s

Eric Promislow

commit sha 0a1ff05e73c3248df4692d18996a2d6103e144a2

FIX: Update the eirini image SHAs - the eirini images this replaces were accidentally still based off our fork of eirini from before v2.0.0 [#175238690](https://www.pivotaltracker.com/story/show/175238690) Co-authored-by: James Pollard <pollardja@vmware.com>

view details

James Pollard

commit sha d49f63dd0ca5a57e6fed8619fc3b4f0464fdfd0b

Merge pull request #582 from cloudfoundry/bump-eirini-2.0.0-images FIX: Actually update the eirini images to use Eirini v2.0 Co-authored-by: Eric Promislow <epromislow@suse.com> [finishes #175238690](https://www.pivotaltracker.com/story/show/175238690) [finishes #175881446](https://www.pivotaltracker.com/story/show/175881446)

view details

push time in 6 days

PR merged cloudfoundry/cf-for-k8s

FIX: Update the eirini image SHAs unscheduled

This PR achieves what #578 was supposed to.

  • the eirini images this replaces were accidentally still based off our fork of eirini from before v2.0.0

This also depends on commit e193bcc , which moved the pipeline off of our temporary eirini 1.9.0+ branch (done while we were waiting for eirini 2.0.0 to ship).

#175238690

Co-authored-by: James Pollard pollardja@vmware.com

Acceptance Steps

  • sufficient for smoke tests and CATs to pass, given how this changes the images for running apps.
+20 -20

1 comment

2 changed files

ericpromislow

pr closed time in 6 days

pull request commentcloudfoundry/cf-for-k8s

FIX: Update the eirini image SHAs

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/175881446

The labels on this github issue will be updated when the story is started.

ericpromislow

comment created time in 6 days

PR opened cloudfoundry/cf-for-k8s

FIX: Update the eirini image SHAs

This PR achieves what #578 was supposed to.

  • the eirini images this replaces were accidentally still based off our fork of eirini from before v2.0.0

This also depends on commit e193bcc , which moved the pipeline off of our temporary eirini 1.9.0+ branch (done while we were waiting for eirini 2.0.0 to ship).

#175238690

Co-authored-by: James Pollard pollardja@vmware.com

Acceptance Steps

  • sufficient for smoke tests and CATs to pass, given how this changes the images for running apps.
+20 -20

0 comment

2 changed files

pr created time in 6 days

create barnchcloudfoundry/cf-for-k8s

branch : bump-eirini-2.0.0-images

created branch time in 6 days

create barnchcloudfoundry/cf-for-k8s

branch : contour-ingress-rebased

created branch time in 6 days

issue commentcloudfoundry/cf-for-k8s

Manifest annotations and labels should be applied to cf-workload pods

I do understand the use-case, but I also share the security concerns. I would recommend that this feature is guarded by explicit configuration, e.g. allow_application_annotations and allow_application_labels. The most convenient config API might be to allow a list of allowed keys (or key prefixes) and support * as an all-in option.

braunsonm

comment created time in 6 days

push eventcloudfoundry/cf-for-k8s

Eric Promislow

commit sha e193bcc78357d6ec60540872769b35b7fe4e40c7

Stop hard-coding the version of the eirini images [#175857954](https://www.pivotaltracker.com/story/show/175857954)

view details

relint-ci

commit sha 91c3d1958ff24c16501d220b92637065c9d5c222

Bump capi-k8s-release to d0bc85ca380e650d465fd39eb87675528364a43c

view details

push time in 7 days

push eventcloudfoundry/cf-for-k8s

Nancy Hsieh

commit sha 9de89e9590eb531d2cc92d64f8cdfa731575cd75

Allow docker auth for smoke tests

view details

James Pollard

commit sha a8726b3e414252c4c6f8a89aadcf22146da20bdc

Merge pull request #581 from nhsieh/pass-docker-creds-smoke-tests Allow docker auth for smoke tests

view details

push time in 7 days

more