book

Cloud Foundry: The Definitive Guide

by Duncan C. E. Winn

May 2017

Intermediate to advanced

324 pages

8h 14m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who Should Read This BookWhy I Wrote This BookA Word on Cloud-Native PlatformsOnline ResourcesConventions Used in This BookO’Reilly SafariHow to Contact UsAcknowledgments
Why You Need a Cloud-Native PlatformCloud-Native Platform ConceptsThe Structured PlatformThe Opinionated PlatformThe Open PlatformSummary
Undifferentiated Heavy LiftingThe Cloud Operating SystemDo MoreThe Application as the Unit of DeploymentUsing cf push Command to DeployStagingSelf-Service Application Life CycleThe Twelve-Factor ContractRelease Engineering through BOSHBuilt-In Resilience and Fault ToleranceSelf-Healing ProcessesSelf-Healing VMsSelf-Healing Application Instance CountResiliency Through Availability ZonesAggregated Streaming of Logs and MetricsSecurityDistributed System SecurityEnvironmental Risk Factors for Advanced Persistent ThreatsChallenge of Minimal ChangeThe Three Rs of Enterprise SecurityUAA ManagementOrganizations and SpacesOrgsSpacesResource AllocationDomains Hosts and RoutesRouteDomainsContext Path–Based RoutingRolling Upgrades and Blue/Green DeploymentsSummary
Component OverviewRouting via the Load Balancer and GoRouterUser Management and the UAAThe Cloud ControllerSystem StateThe Application Life-Cycle PolicyApplication ExecutionDiegoGarden and runCMetrics and LoggingMetron AgentLoggregatorMessagingAdditional ComponentsStacksA Marketplace of On-Demand ServicesBuildpacks and Docker ImagesInfrastructure and the Cloud Provider InterfaceThe Cloud Foundry GitHub RepositorySummary
Installation StepsNon-technical ConsiderationsTeam Structure: Platform Operations for the EnterpriseDeployment TopologyCloud Foundry Dependencies and IntegrationsIaaS and Infrastructure DesignDesigning for ResilienceSizing and Scoping the InfrastructureSetting Up an AWS VPCJumpboxNetworking Design and RoutingUsing Static IPsSubnetsSecurity GroupsSetting Up the Load BalancerSetting Up Domains and CertificatesSummary
Installation StepsInstalling Cloud FoundryChanging StacksGrowing the PlatformValidating Platform Integrity in ProductionStart with a SandboxProduction Verification TestingLogical Environment StructurePushing Your First AppSummary
Why Diego?A Brief Overview of How Diego WorksEssential Diego ConceptsAction AbstractionComposable ActionsLayered ArchitectureInteracting with DiegoCAPIStaging WorkflowThe CC-BridgeLogging and Traffic RoutingDiego ComponentsThe BBSDiego Cell ComponentsThe Diego BrainThe Access VMThe Diego State Machine and Workload Life CyclesThe Application Life CycleTask Life CycleAdditional Components and ConceptsThe Route-EmitterConsulApplication Life-Cycle BinariesPutting It All TogetherSummary
Routing PrimitivesRoutesHostnamesDomainsContext Path RoutingRouting Components OverviewRouting FlowRoute-Mapping FlowLoad Balancer ConsiderationsSetting Request Header FieldsWebSocket UpgradesThe PROXY ProtocolTLS Termination and IPSecGoRouter ConsiderationsRouting TableRouter and Route High AvailabilityRouter Instrumentation and LoggingSticky SessionsThe TCPRouterTCP Routing Management PlaneTCPRouter Configuration StepsRoute ServicesRoute Service WorkflowRoute Service Use CasesSummary
What Is a Container?Container FervorLinux ContainersNamespacesCGroupsDisk QuotasFilesystemsContainer Implementation in Cloud FoundryWhy Garden?OCI and runCContainer ScaleContainer Technologies (and the Orchestration Challenge)Summary

Why Buildpacks?Why Docker?Buildpacks ExplainedStagingDetectCompileReleaseBuildpack StructureModifying BuildpacksOverriding BuildpacksUsing Custom or Community BuildpacksForking BuildpacksRestagingPackaging and DependenciesBuildpack and Dependency PipelinesSummary
Release EngineeringWhy BOSH?The Cloud Provider InterfaceInfrastructure as CodeCreating a BOSH EnvironmentSingle-Node versus Distributed BOSHBOSH LiteBOSH Top-Level PrimitivesStemcellsReleasesDeploymentsBOSH 2.0Cloud ConfigurationBOSH LinksOrphaned DisksAddonsSummary
Release OverviewCloud Foundry BOSH ReleaseBOSH Director BOSH ReleaseAnatomy of a BOSH ReleaseJobsPackagesSrc, Blobs, and BlobstoresPackaging a ReleaseCompilation VMsSummary
YAML FilesUnderstanding YAML SyntaxDeployment ManifestsDirector UUID and Deployment NameRelease NamesStemcellInstance GroupsPropertiesUpdateCredentialsSummary
The BOSH DirectorDirector BlobstoreDirector Task, Queue, and WorkersDirector DatabaseDirector RegistryBOSH AgentErrandThe Command Line InterfaceThe Cloud Provider InterfaceHealth MonitorResurrectorMessage Bus (NATS)Creating a New VMDisk CreationNetworking DefinitionThe BOSH CLI v2Basic BOSH CommandsSummary
Cloud Foundry Acceptance TestsLoggingTypical Failure ScenariosConfiguration FailuresInfrastructure FailuresRelease Job Process FailureScenario One: The App Is Not ReachableScenario Two: Network Address Translation Instance Deleted (Network Failure)Scenario Three: Security Group Misconfiguration That Blocks Ingress TrafficScenario Four: Invoking High Memory Usage That Kills a ContainerScenario Five: Route CollisionScenario 6: Release Job Process FailuresScenario 7: Instance Group FailureSummary
Background InformationOAuth 2.0UAA DocumentationUAA ReleaseUAA ResponsibilitiesSecuring Cloud Foundry Components and API EndpointsSecuring Service Access for AppsUAA Architecture and Configuration Within Cloud FoundryInstance Groups Governed by the UAAUAA Instance GroupsUAA DatabaseUAA Runtime ComponentsUAA Logging and MetricsKeys, Tokens, and Certificate RotationUser ImportRoles and ScopesScopesRolesSummary
High Availability ConsiderationsExtending Cloud Foundry’s Built-In ResiliencyResiliency Through Multiple Cloud Foundry DeploymentsResiliency Through PipelinesData Consistency Through ServicesHA IaaS ConfigurationAWS Failure BoundariesvCenter Failure BoundariesBackup and RestoreRestoring BOSHBringing Back Cloud FoundryValidating Platform Integrity in ProductionStart with a SandboxProduction Verification TestingSummary
v3 APIMultiple Droplets per AppMultiple Apps per Droplet (Process Types)TasksDiego SchedulingCell RebalancingBouldersTracingContainersNetwork ShapingContainer SnapshotsContainer-to-Container NetworkingTraffic ResiliencyBuildpacks and StagingMultibuildpacksPost-Staging Policy or StepCompiler-Less Rootfs and StemcellsIsolation SegmentsSummary

Content preview from Cloud Foundry: The Definitive Guide

Chapter 1. The Cloud-Native Platform

Cloud Foundry is a platform for running applications, tasks, and services. Its purpose is to change the way applications, tasks, and services are deployed and run by significantly reducing the develop-to-deployment cycle time.

As a cloud-native platform, Cloud Foundry directly uses cloud-based infrastructure so that applications running on the platform can be infrastructure unaware. Cloud Foundry provides a contract between itself and your cloud-native apps to run them predictably and reliably, even in the face of unreliable infrastructure.

If you need a brief summary of the benefits of the Cloud Foundry platform, this chapter is for you. Otherwise, feel free to jump ahead to Chapter 2.

Why You Need a Cloud-Native Platform

To understand the business reasons for using Cloud Foundry, I suggest that you begin by reading Cloud Foundry: The Cloud-Native Platform, which discusses the value of Cloud Foundry and explores its overall purpose from a business perspective.

Cloud Foundry is an “opinionated” (more on this later in the chapter), structured platform that imposes a strict contract between the following:

The infrastructure layer underpinning it
The applications and services it supports

Cloud-native platforms do far more than provide developers self-service resources through abstracting infrastructure. Chapter 2 discusses at length their inbuilt features, such as resiliency, log aggregation, user management, and security. Figure 1-1