book

Cloud Foundry: The Definitive Guide

Name: Cloud Foundry: The Definitive Guide
Author: Duncan C. E. Winn
ISBN: 9781491932537

by Duncan C. E. Winn

May 2017

Intermediate to advanced

324 pages

8h 14m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface
Who Should Read This BookWhy I Wrote This BookA Word on Cloud-Native PlatformsOnline ResourcesConventions Used in This BookO’Reilly SafariHow to Contact UsAcknowledgments
1. The Cloud-Native Platform
Why You Need a Cloud-Native PlatformCloud-Native Platform ConceptsThe Structured PlatformThe Opinionated PlatformThe Open PlatformSummary
2. Concepts
Undifferentiated Heavy LiftingThe Cloud Operating SystemDo MoreThe Application as the Unit of DeploymentUsing cf push Command to DeployStagingSelf-Service Application Life CycleThe Twelve-Factor ContractRelease Engineering through BOSHBuilt-In Resilience and Fault ToleranceSelf-Healing ProcessesSelf-Healing VMsSelf-Healing Application Instance CountResiliency Through Availability ZonesAggregated Streaming of Logs and MetricsSecurityDistributed System SecurityEnvironmental Risk Factors for Advanced Persistent ThreatsChallenge of Minimal ChangeThe Three Rs of Enterprise SecurityUAA ManagementOrganizations and SpacesOrgsSpacesResource AllocationDomains Hosts and RoutesRouteDomainsContext Path–Based RoutingRolling Upgrades and Blue/Green DeploymentsSummary
3. Components
Component OverviewRouting via the Load Balancer and GoRouterUser Management and the UAAThe Cloud ControllerSystem StateThe Application Life-Cycle PolicyApplication ExecutionDiegoGarden and runCMetrics and LoggingMetron AgentLoggregatorMessagingAdditional ComponentsStacksA Marketplace of On-Demand ServicesBuildpacks and Docker ImagesInfrastructure and the Cloud Provider InterfaceThe Cloud Foundry GitHub RepositorySummary
4. Preparing Your Cloud Foundry Environment
Installation StepsNon-technical ConsiderationsTeam Structure: Platform Operations for the EnterpriseDeployment TopologyCloud Foundry Dependencies and IntegrationsIaaS and Infrastructure DesignDesigning for ResilienceSizing and Scoping the InfrastructureSetting Up an AWS VPCJumpboxNetworking Design and RoutingUsing Static IPsSubnetsSecurity GroupsSetting Up the Load BalancerSetting Up Domains and CertificatesSummary
5. Installing and Configuring Cloud Foundry
Installation StepsInstalling Cloud FoundryChanging StacksGrowing the PlatformValidating Platform Integrity in ProductionStart with a SandboxProduction Verification TestingLogical Environment StructurePushing Your First AppSummary
6. Diego
Why Diego?A Brief Overview of How Diego WorksEssential Diego ConceptsAction AbstractionComposable ActionsLayered ArchitectureInteracting with DiegoCAPIStaging WorkflowThe CC-BridgeLogging and Traffic RoutingDiego ComponentsThe BBSDiego Cell ComponentsThe Diego BrainThe Access VMThe Diego State Machine and Workload Life CyclesThe Application Life CycleTask Life CycleAdditional Components and ConceptsThe Route-EmitterConsulApplication Life-Cycle BinariesPutting It All TogetherSummary
7. Routing Considerations
Routing PrimitivesRoutesHostnamesDomainsContext Path RoutingRouting Components OverviewRouting FlowRoute-Mapping FlowLoad Balancer ConsiderationsSetting Request Header FieldsWebSocket UpgradesThe PROXY ProtocolTLS Termination and IPSecGoRouter ConsiderationsRouting TableRouter and Route High AvailabilityRouter Instrumentation and LoggingSticky SessionsThe TCPRouterTCP Routing Management PlaneTCPRouter Configuration StepsRoute ServicesRoute Service WorkflowRoute Service Use CasesSummary
8. Containers, Containers, Containers
What Is a Container?Container FervorLinux ContainersNamespacesCGroupsDisk QuotasFilesystemsContainer Implementation in Cloud FoundryWhy Garden?OCI and runCContainer ScaleContainer Technologies (and the Orchestration Challenge)Summary

9. Buildpacks and Docker
Why Buildpacks?Why Docker?Buildpacks ExplainedStagingDetectCompileReleaseBuildpack StructureModifying BuildpacksOverriding BuildpacksUsing Custom or Community BuildpacksForking BuildpacksRestagingPackaging and DependenciesBuildpack and Dependency PipelinesSummary
10. BOSH Concepts
Release EngineeringWhy BOSH?The Cloud Provider InterfaceInfrastructure as CodeCreating a BOSH EnvironmentSingle-Node versus Distributed BOSHBOSH LiteBOSH Top-Level PrimitivesStemcellsReleasesDeploymentsBOSH 2.0Cloud ConfigurationBOSH LinksOrphaned DisksAddonsSummary
11. BOSH Releases
Release OverviewCloud Foundry BOSH ReleaseBOSH Director BOSH ReleaseAnatomy of a BOSH ReleaseJobsPackagesSrc, Blobs, and BlobstoresPackaging a ReleaseCompilation VMsSummary
12. BOSH Deployments
YAML FilesUnderstanding YAML SyntaxDeployment ManifestsDirector UUID and Deployment NameRelease NamesStemcellInstance GroupsPropertiesUpdateCredentialsSummary
13. BOSH Components and Commands
The BOSH DirectorDirector BlobstoreDirector Task, Queue, and WorkersDirector DatabaseDirector RegistryBOSH AgentErrandThe Command Line InterfaceThe Cloud Provider InterfaceHealth MonitorResurrectorMessage Bus (NATS)Creating a New VMDisk CreationNetworking DefinitionThe BOSH CLI v2Basic BOSH CommandsSummary
14. Debugging Cloud Foundry
Cloud Foundry Acceptance TestsLoggingTypical Failure ScenariosConfiguration FailuresInfrastructure FailuresRelease Job Process FailureScenario One: The App Is Not ReachableScenario Two: Network Address Translation Instance Deleted (Network Failure)Scenario Three: Security Group Misconfiguration That Blocks Ingress TrafficScenario Four: Invoking High Memory Usage That Kills a ContainerScenario Five: Route CollisionScenario 6: Release Job Process FailuresScenario 7: Instance Group FailureSummary
15. User Account and Authentication Management
Background InformationOAuth 2.0UAA DocumentationUAA ReleaseUAA ResponsibilitiesSecuring Cloud Foundry Components and API EndpointsSecuring Service Access for AppsUAA Architecture and Configuration Within Cloud FoundryInstance Groups Governed by the UAAUAA Instance GroupsUAA DatabaseUAA Runtime ComponentsUAA Logging and MetricsKeys, Tokens, and Certificate RotationUser ImportRoles and ScopesScopesRolesSummary
16. Designing for Resilience, Planning for Disaster
High Availability ConsiderationsExtending Cloud Foundry’s Built-In ResiliencyResiliency Through Multiple Cloud Foundry DeploymentsResiliency Through PipelinesData Consistency Through ServicesHA IaaS ConfigurationAWS Failure BoundariesvCenter Failure BoundariesBackup and RestoreRestoring BOSHBringing Back Cloud FoundryValidating Platform Integrity in ProductionStart with a SandboxProduction Verification TestingSummary
17. Cloud Foundry Roadmap
v3 APIMultiple Droplets per AppMultiple Apps per Droplet (Process Types)TasksDiego SchedulingCell RebalancingBouldersTracingContainersNetwork ShapingContainer SnapshotsContainer-to-Container NetworkingTraffic ResiliencyBuildpacks and StagingMultibuildpacksPost-Staging Policy or StepCompiler-Less Rootfs and StemcellsIsolation SegmentsSummary
Index

Content preview from Cloud Foundry: The Definitive Guide

Chapter 4. Preparing Your Cloud Foundry Environment

This chapter explores the steps you must perform prior to bootstrapping BOSH and deploying Cloud Foundry. Critically, Cloud Foundry is not a “one size fits all” technology, and therefore, you must make some decisions at the outset prior to installing the platform. It is important that you understand the key concerns and decision points that define your environment, including:

Installation steps
Non-technical considerations
Cloud Foundry dependencies and integrations
IaaS and infrastructure design
Networking design and routing

This chapter assumes that you are familiar with the Cloud Foundry components discussed in Chapter 3.

Installation Steps

Following are general steps for deploying Cloud Foundry:

Create and configure your IaaS environment, including all the periphery infrastructure that Cloud Foundry requires, such as networks, security groups, blobstores, and load balancers.
Set up any additional external enterprise services such as LDAP, syslog endpoints or monitoring, and metrics dashboards.
Deploy the BOSH Director.
Create an IaaS/infrastructure-specific BOSH configuration such as cloud configuration.
Create a deployment manifest to deploy Cloud Foundry.
Integrate Cloud Foundry with the required enterprise services (via your deployment manifest).
Deploy Cloud Foundry.¹

The rest of this chapter explores the necessary considerations for each step. Before we dive into those topics, let’s address ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781491932421Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Cloud Foundry: The Definitive Guide

by Duncan C. E. Winn

Chapter 4. Preparing Your Cloud Foundry Environment

Installation Steps

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.