Latest Threads

Hey everyone! We're trying something new for this release, by creating a place for discussion around updates we push out for Cycle. It's a more discussion oriented version of our changelog, where we can engage with all of you about what's new.

This release (2025.04.24.02) is a huge release that has been in the works for nearly a month now. It brings with it a lot of stability and performance improvements, but also tons of feature requests we've received from all of you.

New Stuff

We've added a few new goodies to the platform based on your feedback.

A New Network Telemetry Graph

We've added a new graph to the server dashboard, that shows network traffic transmission on a per network interface basis. It's now possible to see data transmitted over the private network, public network, or even SDNs.

You Can Now Restart a Container

Finally, right? Well, you could always stop and start them, but there was one major issue with this method - Cycle would restart all of them at once...

With the new "restart" functionality, the platform will respect the stagger set in the container's configuration, preventing downtime while your restart is in progress.

Instance State Uncertainty

Instance states have a 'normal state', such as running, but also have health checks, migration state, traffic draining, and more. One thing we've heard from our users is that sometimes their instance state will still say 'running', but the server that instance was running on went offline. What gives?

Well, the TL;DR is that we don't actually know that it went offline. Cycle relies on checkins from the underlying host to know what state that instance is in, and if it misses a checkin, or the network drops, the instance may still be running, even if Cycle can't prove it.

This led to some uncertainty, but we didn't want to alert people that an instance was offline just because of a network hiccup. In this release, we've tackled the issue by introducing an 'uncertainty' marker on top of container instances where the underlying host has missed a couple checkins.

Now, you'll be alerted that something may be off about an instance even if we're not sure what state it might be in anymore. Here's what that looks like:

Server Nicknames

Last but certainly not least, we've added the ability to set a custom name on your servers, that will be visible throughout the interface. It will appear anywhere a hostname previously did. If no nickname is set, you'll still see the same hostname from before.

(we wouldn't want to hide Michael T's latest server hostname).

Improvements

Along with the new features, we've improved a handful of things as well.

Source IP Routing

We've introduced a new load balancer routing mode, dubbed Source IP. this mode will attempt to provide sticky sessions for all requests coming from a specific IP address.

Better SFTP Lockdown Intelligence

Cycle has had SFTP lockdown intelligence for over a year now, but some clients would open up dozens of new connections when navigating or transferring files, possibly for better throughput. These clients would quickly put the SFTP connection into lockdown, blocking all new connections.

In this release, we've made it smarter - lockdown will not count new connections from a recently authenticated IP address toward the lockdown criteria. Clients can be greedy with new connections, while bad actors still get locked out.

Scoped Variable Files: Users, Groups, and Permissions

We've added support for a UID, GID, and file permissions to be set on scoped variable files that are injected into the container. Some applications require specific permissions on files to play nice, and this alleviates the need for any funky workarounds that were previously required.

Load Balancer IP Display

Prior to this release, the environment dashboard would show the CIDR (the entire address space) allocated to a load balancer instance. While useful in some circumstances, most people (ourselves included) just wanted to see the specific IP attached to that load balancer instance. Now, when you go to an environment dashboard, you'll see the correct IP.

There were quite a few other minor tweaks and bug fixes, along with a LOT of work on something we'll be revealing very soon. Leave a comment with your thoughts on the latest update, questions you may have, or any issues you run into. (You can also message any of our team in slack)

Our next release will be historic...you won't want to miss it.

One of the deployment patterns we have been using from K8S is to generate unique configmaps per deployment of a service so that we can version variables with the code (but outside of the image). We have been able to achieve that using the existing Stack spec (nice work on this, btw), but it would be great if we could clean them up when the deployments get removed in the pipeline step.

What's the worst that could happen?

Microsoft recommends the XFS filesystem for SQL Server on Linux data volumes. Would it be possible to allow us to specify which filesystem should be used when provisioning volumes?

From https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-performance-best-practices?view=sql-server-ver16:

SQL Server supports both ext4 and XFS filesystems to host the database, transaction logs, and additional files such as checkpoint files for in-memory OLTP in SQL Server. Microsoft recommends using XFS filesystem for hosting the SQL Server data and transaction log files.

The current server view depicts base storage usage and trending over time; however finding out what's consuming that space currently isn't possible. As you reach your threshold, there are no granular views to figure out what might be consuming the space.

Since base storage expansion is possible but decreasing it is not, we're thinking that a way to determine if we need to expand it is necessary to make decisions on whether we have a machine with runaways storage logs (consuming base storage) or too large of images for a given machine.

When pipelines make use of parameters it is sometime cumbersome to fill in all the info to re-run a failed pipeline.

This is especially true when debugging pipelines that were triggered by automatic processes that make use of parameters to identify builds.

For server storage, it would be nice to see the potentially allocated volumes (thin provisioned) that exists for container volumes which reside on that server. If we have an instance A that has thin-provisioned a 30GB disk, and another instance B with 100GB of thin-provisioned space, then we could potentially have overprovisiond according to what physically exists on disk. This is especially crucial if for some reason the workload is placed on a server with other running volumes that we are unaware are taking up chunks of the disk that are unussed.

While thin-provisioning is the way to go, it presents problems if not visible when the disk begins to quickly be consumed. This can cause other resources to starve or the entire machine to go unresponsive.

Hey all, we were wondering whether every load balancer instance gets a separate public IP address. If we have multiple LB instances, do they all have separate public IPs, or are all instances available via the same IP address?

Hey all. We've got a slack channel that has feeds from our main providers in it where any service degradation or outages get sent, like in the attached image.

Given Cycle's a pretty load bearing part of our infrastructure, I'd appreciate a slack feed like the ones we have for other several other providers, as this channel is my first port of call when something weird is happening.

In DNS -> Zones and Cluster Drain JSON data ( as well as other places) it would be super helpful to have cluster ID information. Since environments can be replicated, it is important for the API to carry the cluster ID / name to differentiate environments.

Hey y'all, we recently had a volume growth due to an unexpected internal error on our web app. I know you're working on monitoring. Could you consider adding an alert for volume growth over time if it exceeds some amount set by the user? Thanks!

Hi!

Could you provide more details about WAF, as we are experiencing constant malicious activity attempts?

I’m particularly interested in protection against:

Directory Traversal

Code Injection

SQL Injection

XSS

Hi!

I deployed a container with a high availability deployment strategy on two instances, assigning a tag that I previously associated with the servers.
To manage the containers, I created Scoped Variables using Container Identifiers as the binding. However, the containers share the same identifier. How can I use one of the variables with different values depending on the container instance?

Thx

Hey all,

I wanted to let you know that we are experiencing two GUI issues in the load balancer modal.

1. issue:

• head to the "Controllers" tab of the load balancer modal in environments/dashboard
• define more controllers than visually fit into the height of the controllers list => the last controller of the list is not displayed, because it is hidden "underneath" the input for adding new controllers even when scrolling to the bottom

2. issue:

• head to the "Controllers" tab of the load balancer modal in environments/dashboard
• use the search input to filter controllers
• a list of filtered controllers is visualized seemingly correctly => clicking on one of the controllers opens the configuration of a different controller => it seems as if the controller configuration is opened, that was visualized in the same position before filtering => e.g. use standard list of ports (first two are 80 and 443), filter for port 443, then click on the first controller in the filtered list (port 443) => configuration of port 80 is opened

Best,

Tom

To pull this conversation public, I thought I would throw a question out to the senior staff at Cycle in regards to Kernel/OS updates. Lets kick this thread off with a few questions around server security

1. How are the kernel and service/library updates performed?
2. Do these require downtime? Are we required to run 2N infra or evacuate our nodes to perform kernel upgrades?
3. How often are servers patched?
4. What root OS variant is used to build the OS from track CVSS scorings and potential vulnerabilities and determine compatibility with various workloads?

I think these type of questions serve as a baseline for determining how folks can address security updates and ensure their servers are kept up to date.

Hello, We are experiencing timeouts on our API calls in our system and we are trying to identify the source. We can see that the load balancer in cycle has multiple timeout fields and are unsure of what needs to be set so that a REST API call timeout can be set to 90 seconds.

We see 2 options:

1. Idle timeout (set to 900s currently)
2. Destination connection timeout on ingress traffic (set to 3s currently)

Which one needs to be set such that our timeouts are 90 seconds for calls on port 443?

Thank you!

Hi!

How can I route traffic based on URL?

For example:

https://<my_domain>/ - goes to one container

https://<my_domain>/<path1> - goes to a second container

https://<my_domain>/<path2> - goes to another container

Thanks!

Allow the enforcement of 2FA on member invites and accounts. Ensuring that downline devOps and admins have 2FA enforced is mission critical for compliance.

To complete the notification process for internal/external teams on upgrades to environments, it would be nice to be able to use the pipeline variables. Use cases include posting the previous revision/build ID and the upgraded one or to indicate the cluster/environment modified.

We have a notification on our server saying server storage is almost full.

Server Storage Pool Full There is less than 10% of total storage available on server

But when I look at the Server Details -> base volume on the right it says 16GB/29GB used.

What is the actual usage percentage?

Also, there is an option to increase the storage size. How do I check the maximum storage available for my server?