book

Cloud Foundry: The Definitive Guide

Name: Cloud Foundry: The Definitive Guide
Author: Duncan C. E. Winn
ISBN: 9781491932537

by Duncan C. E. Winn

May 2017

Intermediate to advanced

324 pages

8h 14m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface
Who Should Read This BookWhy I Wrote This BookA Word on Cloud-Native PlatformsOnline ResourcesConventions Used in This BookO’Reilly SafariHow to Contact UsAcknowledgments
1. The Cloud-Native Platform
Why You Need a Cloud-Native PlatformCloud-Native Platform ConceptsThe Structured PlatformThe Opinionated PlatformThe Open PlatformSummary
2. Concepts
Undifferentiated Heavy LiftingThe Cloud Operating SystemDo MoreThe Application as the Unit of DeploymentUsing cf push Command to DeployStagingSelf-Service Application Life CycleThe Twelve-Factor ContractRelease Engineering through BOSHBuilt-In Resilience and Fault ToleranceSelf-Healing ProcessesSelf-Healing VMsSelf-Healing Application Instance CountResiliency Through Availability ZonesAggregated Streaming of Logs and MetricsSecurityDistributed System SecurityEnvironmental Risk Factors for Advanced Persistent ThreatsChallenge of Minimal ChangeThe Three Rs of Enterprise SecurityUAA ManagementOrganizations and SpacesOrgsSpacesResource AllocationDomains Hosts and RoutesRouteDomainsContext Path–Based RoutingRolling Upgrades and Blue/Green DeploymentsSummary
3. Components
Component OverviewRouting via the Load Balancer and GoRouterUser Management and the UAAThe Cloud ControllerSystem StateThe Application Life-Cycle PolicyApplication ExecutionDiegoGarden and runCMetrics and LoggingMetron AgentLoggregatorMessagingAdditional ComponentsStacksA Marketplace of On-Demand ServicesBuildpacks and Docker ImagesInfrastructure and the Cloud Provider InterfaceThe Cloud Foundry GitHub RepositorySummary
4. Preparing Your Cloud Foundry Environment
Installation StepsNon-technical ConsiderationsTeam Structure: Platform Operations for the EnterpriseDeployment TopologyCloud Foundry Dependencies and IntegrationsIaaS and Infrastructure DesignDesigning for ResilienceSizing and Scoping the InfrastructureSetting Up an AWS VPCJumpboxNetworking Design and RoutingUsing Static IPsSubnetsSecurity GroupsSetting Up the Load BalancerSetting Up Domains and CertificatesSummary
5. Installing and Configuring Cloud Foundry
Installation StepsInstalling Cloud FoundryChanging StacksGrowing the PlatformValidating Platform Integrity in ProductionStart with a SandboxProduction Verification TestingLogical Environment StructurePushing Your First AppSummary
6. Diego
Why Diego?A Brief Overview of How Diego WorksEssential Diego ConceptsAction AbstractionComposable ActionsLayered ArchitectureInteracting with DiegoCAPIStaging WorkflowThe CC-BridgeLogging and Traffic RoutingDiego ComponentsThe BBSDiego Cell ComponentsThe Diego BrainThe Access VMThe Diego State Machine and Workload Life CyclesThe Application Life CycleTask Life CycleAdditional Components and ConceptsThe Route-EmitterConsulApplication Life-Cycle BinariesPutting It All TogetherSummary
7. Routing Considerations
Routing PrimitivesRoutesHostnamesDomainsContext Path RoutingRouting Components OverviewRouting FlowRoute-Mapping FlowLoad Balancer ConsiderationsSetting Request Header FieldsWebSocket UpgradesThe PROXY ProtocolTLS Termination and IPSecGoRouter ConsiderationsRouting TableRouter and Route High AvailabilityRouter Instrumentation and LoggingSticky SessionsThe TCPRouterTCP Routing Management PlaneTCPRouter Configuration StepsRoute ServicesRoute Service WorkflowRoute Service Use CasesSummary
8. Containers, Containers, Containers
What Is a Container?Container FervorLinux ContainersNamespacesCGroupsDisk QuotasFilesystemsContainer Implementation in Cloud FoundryWhy Garden?OCI and runCContainer ScaleContainer Technologies (and the Orchestration Challenge)Summary

9. Buildpacks and Docker
Why Buildpacks?Why Docker?Buildpacks ExplainedStagingDetectCompileReleaseBuildpack StructureModifying BuildpacksOverriding BuildpacksUsing Custom or Community BuildpacksForking BuildpacksRestagingPackaging and DependenciesBuildpack and Dependency PipelinesSummary
10. BOSH Concepts
Release EngineeringWhy BOSH?The Cloud Provider InterfaceInfrastructure as CodeCreating a BOSH EnvironmentSingle-Node versus Distributed BOSHBOSH LiteBOSH Top-Level PrimitivesStemcellsReleasesDeploymentsBOSH 2.0Cloud ConfigurationBOSH LinksOrphaned DisksAddonsSummary
11. BOSH Releases
Release OverviewCloud Foundry BOSH ReleaseBOSH Director BOSH ReleaseAnatomy of a BOSH ReleaseJobsPackagesSrc, Blobs, and BlobstoresPackaging a ReleaseCompilation VMsSummary
12. BOSH Deployments
YAML FilesUnderstanding YAML SyntaxDeployment ManifestsDirector UUID and Deployment NameRelease NamesStemcellInstance GroupsPropertiesUpdateCredentialsSummary
13. BOSH Components and Commands
The BOSH DirectorDirector BlobstoreDirector Task, Queue, and WorkersDirector DatabaseDirector RegistryBOSH AgentErrandThe Command Line InterfaceThe Cloud Provider InterfaceHealth MonitorResurrectorMessage Bus (NATS)Creating a New VMDisk CreationNetworking DefinitionThe BOSH CLI v2Basic BOSH CommandsSummary
14. Debugging Cloud Foundry
Cloud Foundry Acceptance TestsLoggingTypical Failure ScenariosConfiguration FailuresInfrastructure FailuresRelease Job Process FailureScenario One: The App Is Not ReachableScenario Two: Network Address Translation Instance Deleted (Network Failure)Scenario Three: Security Group Misconfiguration That Blocks Ingress TrafficScenario Four: Invoking High Memory Usage That Kills a ContainerScenario Five: Route CollisionScenario 6: Release Job Process FailuresScenario 7: Instance Group FailureSummary
15. User Account and Authentication Management
Background InformationOAuth 2.0UAA DocumentationUAA ReleaseUAA ResponsibilitiesSecuring Cloud Foundry Components and API EndpointsSecuring Service Access for AppsUAA Architecture and Configuration Within Cloud FoundryInstance Groups Governed by the UAAUAA Instance GroupsUAA DatabaseUAA Runtime ComponentsUAA Logging and MetricsKeys, Tokens, and Certificate RotationUser ImportRoles and ScopesScopesRolesSummary
16. Designing for Resilience, Planning for Disaster
High Availability ConsiderationsExtending Cloud Foundry’s Built-In ResiliencyResiliency Through Multiple Cloud Foundry DeploymentsResiliency Through PipelinesData Consistency Through ServicesHA IaaS ConfigurationAWS Failure BoundariesvCenter Failure BoundariesBackup and RestoreRestoring BOSHBringing Back Cloud FoundryValidating Platform Integrity in ProductionStart with a SandboxProduction Verification TestingSummary
17. Cloud Foundry Roadmap
v3 APIMultiple Droplets per AppMultiple Apps per Droplet (Process Types)TasksDiego SchedulingCell RebalancingBouldersTracingContainersNetwork ShapingContainer SnapshotsContainer-to-Container NetworkingTraffic ResiliencyBuildpacks and StagingMultibuildpacksPost-Staging Policy or StepCompiler-Less Rootfs and StemcellsIsolation SegmentsSummary
Index

Content preview from Cloud Foundry: The Definitive Guide

Chapter 7. Routing Considerations

This chapter looks at Cloud Foundry’s routing mechanisms in more detail. User-facing apps need to be accessed by a URL, often referred to in Cloud Foundry parlance as a route. End users target the URL for the app that they want to access. The app then hopefully returns the correct response. However, there is often a lot more going on behind that simple request–response behavior.

Operators can use routing mechanisms for reasons such as to provide additional security, ease deployment across a microservices architecture, and avoid downtime during upgrades through well-established techniques such as deploying canaries and establishing blue/green deployments. For these reasons, an understanding of Cloud Foundry’s routing mechanisms along with an appreciation of the routing capabilities is an important operational concern. Additionally, understanding how different Cloud Foundry components dynamically handle routing is important for debugging platform- or app-routing issues.

Routing Primitives

The Cloud Foundry operator deals with the following:

Routes
Hostnames
Domains
Context paths
Ports

The Cloud Foundry documentation explores these concepts at length. This chapter explores the key considerations for establishing routing best practices. We begin with a brief introduction to the terms and then move on to the routing mechanisms and capabilities.

Routes

To enable traffic from external clients, apps require a specific URL, known as a route. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781491932421Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design