O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cloud Foundry: The Definitive Guide, 1st Edition

Book Description

How can Cloud Foundry help you develop and deploy business-critical applications and tasks with velocity? This practical guide demonstrates how this open source, cloud-native application platform not only significantly reduces the develop-to-deploy cycle time, but also raises the value line for application operators by changing the way applications and supporting services are deployed and run. Learn how Cloud Foundry can help you improve your product velocity by handling many of essential tasks required to run applications in production.

Author Duncan Winn shows DevOps and operations teams how to configure and run Cloud Foundry at scale. You’ll examine Cloud Foundry’s technical concepts—including how various platform components interrelate—and learn how to choose your underlying infrastructure, define the networking architecture, and establish resiliency requirements.

This book covers:

  • Cloud-native concepts that make the app build, test, deploy, and scale faster
  • How to deploy Cloud Foundry and the BOSH release engineering toolchain
  • Concepts and components of Cloud Foundry’s runtime architecture
  • Cloud Foundry’s routing mechanisms and capabilities
  • The platform’s approach to container tooling and orchestration
  • BOSH concepts, deployments, components, and commands
  • Basic tools and techniques for debugging the platform
  • Recent and soon-to-emerge features of Cloud Foundry

Table of Contents

  1. Foreword
  2. Preface
    1. Who Should Read This Book
    2. Why I Wrote This Book
    3. A Word on Cloud-Native Platforms
    4. Online Resources
    5. Conventions Used in This Book
    6. O’Reilly Safari
    7. How to Contact Us
    8. Acknowledgments
  3. 1. The Cloud-Native Platform
    1. Why You Need a Cloud-Native Platform
    2. Cloud-Native Platform Concepts
    3. The Structured Platform
    4. The Opinionated Platform
    5. The Open Platform
    6. Summary
  4. 2. Concepts
    1. Undifferentiated Heavy Lifting
    2. The Cloud Operating System
    3. Do More
    4. The Application as the Unit of Deployment
    5. Using cf push Command to Deploy
    6. Staging
    7. Self-Service Application Life Cycle
    8. The Twelve-Factor Contract
    9. Release Engineering through BOSH
    10. Built-In Resilience and Fault Tolerance
      1. Self-Healing Processes
      2. Self-Healing VMs
      3. Self-Healing Application Instance Count
      4. Resiliency Through Availability Zones
    11. Aggregated Streaming of Logs and Metrics
    12. Security
      1. Distributed System Security
      2. Environmental Risk Factors for Advanced Persistent Threats
      3. Challenge of Minimal Change
      4. The Three Rs of Enterprise Security
    13. UAA Management
    14. Organizations and Spaces
      1. Orgs
      2. Spaces
      3. Resource Allocation
    15. Domains Hosts and Routes
      1. Route
      2. Domains
      3. Context Path–Based Routing
    16. Rolling Upgrades and Blue/Green Deployments
    17. Summary
  5. 3. Components
    1. Component Overview
    2. Routing via the Load Balancer and GoRouter
    3. User Management and the UAA
    4. The Cloud Controller
      1. System State
      2. The Application Life-Cycle Policy
    5. Application Execution
      1. Diego
      2. Garden and runC
    6. Metrics and Logging
      1. Metron Agent
      2. Loggregator
    7. Messaging
    8. Additional Components
      1. Stacks
      2. A Marketplace of On-Demand Services
      3. Buildpacks and Docker Images
      4. Infrastructure and the Cloud Provider Interface
    9. The Cloud Foundry GitHub Repository
    10. Summary
  6. 4. Preparing Your Cloud Foundry Environment
    1. Installation Steps
    2. Non-technical Considerations
      1. Team Structure: Platform Operations for the Enterprise
      2. Deployment Topology
    3. Cloud Foundry Dependencies and Integrations
    4. IaaS and Infrastructure Design
      1. Designing for Resilience
      2. Sizing and Scoping the Infrastructure
      3. Setting Up an AWS VPC
      4. Jumpbox
    5. Networking Design and Routing
      1. Using Static IPs
      2. Subnets
      3. Security Groups
      4. Setting Up the Load Balancer
      5. Setting Up Domains and Certificates
    6. Summary
  7. 5. Installing and Configuring Cloud Foundry
    1. Installation Steps
    2. Installing Cloud Foundry
    3. Changing Stacks
    4. Growing the Platform
    5. Validating Platform Integrity in Production
      1. Start with a Sandbox
      2. Production Verification Testing
    6. Logical Environment Structure
    7. Pushing Your First App
    8. Summary
  8. 6. Diego
    1. Why Diego?
    2. A Brief Overview of How Diego Works
    3. Essential Diego Concepts
      1. Action Abstraction
      2. Composable Actions
    4. Layered Architecture
    5. Interacting with Diego
      1. CAPI
      2. Staging Workflow
      3. The CC-Bridge
      4. Logging and Traffic Routing
    6. Diego Components
      1. The BBS
      2. Diego Cell Components
      3. The Diego Brain
      4. The Access VM
    7. The Diego State Machine and Workload Life Cycles
      1. The Application Life Cycle
      2. Task Life Cycle
    8. Additional Components and Concepts
      1. The Route-Emitter
      2. Consul
      3. Application Life-Cycle Binaries
    9. Putting It All Together
    10. Summary
  9. 7. Routing Considerations
    1. Routing Primitives
      1. Routes
      2. Hostnames
      3. Domains
      4. Context Path Routing
    2. Routing Components Overview
    3. Routing Flow
    4. Route-Mapping Flow
    5. Load Balancer Considerations
      1. Setting Request Header Fields
      2. WebSocket Upgrades
      3. The PROXY Protocol
      4. TLS Termination and IPSec
    6. GoRouter Considerations
      1. Routing Table
      2. Router and Route High Availability
      3. Router Instrumentation and Logging
    7. Sticky Sessions
    8. The TCPRouter
      1. TCP Routing Management Plane
      2. TCPRouter Configuration Steps
    9. Route Services
      1. Route Service Workflow
      2. Route Service Use Cases
    10. Summary
  10. 8. Containers, Containers, Containers
    1. What Is a Container?
    2. Container Fervor
    3. Linux Containers
      1. Namespaces
      2. CGroups
      3. Disk Quotas
      4. Filesystems
    4. Container Implementation in Cloud Foundry
      1. Why Garden?
      2. OCI and runC
      3. Container Scale
    5. Container Technologies (and the Orchestration Challenge)
    6. Summary
  11. 9. Buildpacks and Docker
    1. Why Buildpacks?
    2. Why Docker?
    3. Buildpacks Explained
    4. Staging
      1. Detect
      2. Compile
      3. Release
    5. Buildpack Structure
    6. Modifying Buildpacks
      1. Overriding Buildpacks
      2. Using Custom or Community Buildpacks
      3. Forking Buildpacks
      4. Restaging
    7. Packaging and Dependencies
    8. Buildpack and Dependency Pipelines
    9. Summary
  12. 10. BOSH Concepts
    1. Release Engineering
    2. Why BOSH?
    3. The Cloud Provider Interface
    4. Infrastructure as Code
    5. Creating a BOSH Environment
      1. Single-Node versus Distributed BOSH
      2. BOSH Lite
    6. BOSH Top-Level Primitives
      1. Stemcells
      2. Releases
      3. Deployments
    7. BOSH 2.0
      1. Cloud Configuration
      2. BOSH Links
      3. Orphaned Disks
      4. Addons
    8. Summary
  13. 11. BOSH Releases
    1. Release Overview
    2. Cloud Foundry BOSH Release
    3. BOSH Director BOSH Release
    4. Anatomy of a BOSH Release
      1. Jobs
      2. Packages
      3. Src, Blobs, and Blobstores
    5. Packaging a Release
    6. Compilation VMs
    7. Summary
  14. 12. BOSH Deployments
    1. YAML Files
      1. Understanding YAML Syntax
      2. Deployment Manifests
      3. Director UUID and Deployment Name
      4. Release Names
      5. Stemcell
      6. Instance Groups
      7. Properties
      8. Update
    2. Credentials
    3. Summary
  15. 13. BOSH Components and Commands
    1. The BOSH Director
      1. Director Blobstore
      2. Director Task, Queue, and Workers
      3. Director Database
      4. Director Registry
    2. BOSH Agent
    3. Errand
    4. The Command Line Interface
    5. The Cloud Provider Interface
    6. Health Monitor
    7. Resurrector
    8. Message Bus (NATS)
    9. Creating a New VM
    10. Disk Creation
    11. Networking Definition
    12. The BOSH CLI v2
    13. Basic BOSH Commands
    14. Summary
  16. 14. Debugging Cloud Foundry
    1. Cloud Foundry Acceptance Tests
    2. Logging
    3. Typical Failure Scenarios
      1. Configuration Failures
      2. Infrastructure Failures
      3. Release Job Process Failure
    4. Scenario One: The App Is Not Reachable
    5. Scenario Two: Network Address Translation Instance Deleted (Network Failure)
    6. Scenario Three: Security Group Misconfiguration That Blocks Ingress Traffic
    7. Scenario Four: Invoking High Memory Usage That Kills a Container
    8. Scenario Five: Route Collision
    9. Scenario 6: Release Job Process Failures
    10. Scenario 7: Instance Group Failure
    11. Summary
  17. 15. User Account and Authentication Management
    1. Background Information
      1. OAuth 2.0
      2. UAA Documentation
      3. UAA Release
    2. UAA Responsibilities
      1. Securing Cloud Foundry Components and API Endpoints
      2. Securing Service Access for Apps
    3. UAA Architecture and Configuration Within Cloud Foundry
      1. Instance Groups Governed by the UAA
      2. UAA Instance Groups
      3. UAA Database
      4. UAA Runtime Components
      5. UAA Logging and Metrics
      6. Keys, Tokens, and Certificate Rotation
    4. User Import
    5. Roles and Scopes
      1. Scopes
      2. Roles
    6. Summary
  18. 16. Designing for Resilience, Planning for Disaster
    1. High Availability Considerations
    2. Extending Cloud Foundry’s Built-In Resiliency
      1. Resiliency Through Multiple Cloud Foundry Deployments
      2. Resiliency Through Pipelines
      3. Data Consistency Through Services
    3. HA IaaS Configuration
      1. AWS Failure Boundaries
      2. vCenter Failure Boundaries
    4. Backup and Restore
      1. Restoring BOSH
      2. Bringing Back Cloud Foundry
    5. Validating Platform Integrity in Production
      1. Start with a Sandbox
      2. Production Verification Testing
    6. Summary
  19. 17. Cloud Foundry Roadmap
    1. v3 API
      1. Multiple Droplets per App
      2. Multiple Apps per Droplet (Process Types)
      3. Tasks
    2. Diego Scheduling
      1. Cell Rebalancing
      2. Boulders
    3. Tracing
    4. Containers
      1. Network Shaping
      2. Container Snapshots
      3. Container-to-Container Networking
      4. Traffic Resiliency
    5. Buildpacks and Staging
      1. Multibuildpacks
      2. Post-Staging Policy or Step
      3. Compiler-Less Rootfs and Stemcells
    6. Isolation Segments
    7. Summary
  20. Index