Transcription
Cloud Foundry:The Definitive GuideDevelop, Deploy,and ScaleDuncan C. E. WinnBeijing Boston Farnham Sebastopol TokyoO'REILLY
Table of ContentsForewordxvPrefacexvii1. The Cloud-Native PlatformWhy2.You Needa1Cloud-Native Platform1Cloud-Native Platform ConceptsThe Structured Platform2TheOpinionated PlatformThe Open PlatformSummary4Concepts7Undifferentiated Heavy Lifting7The Cloud8455Operating SystemDo More9The Applicationasthe Unit of Deployment10Using cf push Command to DeployStaging11Self-Service Application Life12CycleThe Twelve-Factor ContractReleaseEngineering through1113BOSHBuilt-in Resilience and Fault Tolerance1415Self-Healing Processes16Self-Healing VMs16Self-Healing Application Instance CountResiliency Through Availability Zones16Streaming of Logs and Metrics17Aggregated16v
19SecurityDistributedSystem Security19Environmental Risk Factors for Advanced Persistent ThreatsChallenge of Minimal ChangeThe Three Rs of Enterprise SecurityUAA Management20Organizations and Spaces23Spaces24Resource Allocation2525Route26Domains26Rolling UpgradesSummary26Routingand Blue/GreenDeployments29Overview30via the Load Balancer and GoRouterRoutingUser Managementand the UAAThe Cloud ControllerSystemTheApplication3234Life-Cycle PolicyApplication ExecutionDiego343535Garden and runCMetrics ng36AgentLoggregatorMessaging36Additional Components3737StacksA37Marketplace of On-Demand ServicesBuildpacksand DockerImagesInfrastructure and the Cloud Provider InterfaceThe CloudFoundry GitHub Repository3739404041SummaryPreparing Your Cloud Foundry Environment43Installation43StepsNon-technical Considerationsvi2324Context Path-Based4.21OrgsDomains Hosts and Routes3.20 Table of Contents44
Team Structure: Platform44Operations for the Enterprise46Deployment TopologyFoundry Dependencies and Integrations47CloudIaaS and Infrastructure48Designfor Resilience50DesigningSizing and Scoping the InfrastructureSetting Upan5055AWS VPC57JumpboxNetworking Design and Routing5.58Using Static IPs59Subnets60Security Groups61Setting Upthe Load Balancer62Setting UpDomains and Certificates62Summary63Installing and Configuring Cloud Foundry65InstallationStepsInstalling Cloud FoundryChanging Stacks66Growing the Platform73ValidatingPlatformStart witha677373Integrity in Production73SandboxProduction Verification74Testing75Environment StructureLogicalPushing YourFirst77App77Summary6.Diego79Why Diego?79A Brief Overview of HowEssential82Diego Works83Diego ConceptsAction Abstraction84Composable ActionsLayered ArchitectureInteracting with Logging and Traffic RoutingDiego Components9798The BBSTable of Contents vii
Diego Cell ComponentsDiego Brain101The Access VM106TheTheDiegoState Machine and Workload LifeThe Application LifeTask LifeAdditional104CycleCycleComponents and ConceptsIt AllPuttingSummaryBinariesTogether112114117Routing 2Domains123Context PathRoutingRouting Components OverviewRouting FlowRoute-Mapping FlowLoad Balancer ConsiderationsSetting124125127127128Request Header FieldsWebSocket128Upgrades129The PROXY Protocol130TLS Termination and IPSec130GoRouter Considerations131Routing TableRouter and Route131High AvailabilityRouter Instrumentation andStickyLoggingSessionsThe TCPRouterTCPRouting Management PlaneConfiguration StepsTCPRouterRoute Servicesviii111112Application Life-Cycle8.111112ConsulRouting107109The Route-Emitter7.Cycles131132133134134135136Route Service Workflow137Route Service Use Cases138Summary139Containers, Containers, Containers141What Is141 aContainer?Table of Contents
Container Fervor143Linux Containers144Namespaces145CGroupsDisk Quotas148Filesystems148148Container Implementation in CloudFoundry150Garden?Why150OCIandrunC151Container ScaleContainer9.153Technologies(and the OrchestrationChallenge)153Summary154Buildpacks and Docker155Why Buildpacks?Why Docker?Buildpacks ease162StructureBuildpackModifying BuildpacksOverriding BuildpacksCustomUsingor162163164Community Buildpacks164Forking Buildpacks164Restaging165Packaging and DependenciesBuildpack and Dependency PipelinesSummary10. BOSHConceptsRelease165167167169,169EngineeringWhy BOSH?170The Cloud Provider Interface172Infrastructure172CreatingaasCodeBOSH EnvironmentSingle-Nodeversus174Distributed BOSH174BOSH ses177Table of Contentsjix
Deployments179BOSH 2.0180Cloud180ConfigurationBOSH Links188Orphaned188DisksAddons189Summary18911. BOSH Releases191Release Overview191CloudBOSH Release192BOSH Director BOSH Release192Anatomy of a192FoundryBOSH ReleaseJobs193Packages196Src, Blobs, and BlobstoresReleasePackagingCompilationSummarya12. BOSH199VMs200200Deployments201YAML Files201UnderstandingDeployment Syntaxand Deployment Name202204204Release pdate208Credentials209Summary211BOSH Components and Commands213The BOSH Director214Director Blobstore215Director Task,215Queue, and WorkersDirector Database215Director Registry215BOSHxYAMLManifestsDirector UUID13.197Agent215Errand216The Command Line Interface216Table of Contents
The Cloud Provider Interface216Health Monitor216Resurrector217MessageCreatingBus (NATS)a217New VM217Disk CreationNetworking14.219Definition220The BOSH CLIv2221Basic BOSH Commands221Summary223Debugging Cloud FoundryCloudFoundry AcceptanceLoggingTypical Failure ScenariosConfiguration Failures225Tests225226228228Infrastructure Failures229Release Job Process FailureScenario One: The229Is Not ReachableApp230Scenario Two: Network Address Translation Instance Deleted (Network231Failure)Scenario Three:234Scenario Four:Security Group Misconfiguration That Blocks Ingress TrafficInvoking High Memory Usage That Kills a Container236Scenario Five: Route Collision241Scenario 6: Release Job Process Failures245Scenario 7: InstanceGroup Failure247250Summary15. User Account and 2OAuth 2.0252UAA Documentation252UAA Release253ResponsibilitiesSecuring Cloud Foundry Components andSecuring Service Access for AppsUAAUAA Architecture andInstanceConfiguration WithinGroups Governed byUAA Instance253APIEndpoints253254CloudFoundry255the UAA255255GroupsUAA Database256UAA Runtime256UAA256ComponentsLogging and MetricsTable of Contents xi
Keys, Tokens, and Certificate16.Rotation258Roles and259ScopesScopes259Roles259Summary261Designing for Resilience, Planning for Disaster263High Availability ConsiderationsExtending Cloud Foundry's Built-in ResiliencyResiliency Through Multiple Cloud Foundry DeploymentsResiliency Through PipelinesData Consistency Through ServicesHA IaaS Configuration263265266267267268AWS Failure Boundaries268vCenter Failure Boundaries269Backup and RestoreRestoring BOSH272273Bringing Back Cloud FoundryValidatingPlatformStart withaIntegrity in ProductionSandboxProduction Verification274274275TestingSummary27527617. Cloud FoundryRoadmapv3 API277277Multiple Droplets per AppMultiple Apps per Droplet (Process Types)277Tasks280Diego SchedulingCell s283Network yBuildpacksMultibuildpacksPost-Staging Policy or StepCompiler-Less Rootfs and Stemcells 283Container-to-Container Networkingand Stagingxii257User ImportTable of Contents284285285285
285IsolationSegmentsSummary286289IndexTable of Contents xiii
DebuggingCloudFoundry 225 CloudFoundryAcceptanceTests 225 Logging 226 TypicalFailureScenarios 228 ConfigurationFailures 228 InfrastructureFailures 229 ReleaseJobProcessFailure 229 ScenarioOne:TheAppIs NotReachable 230 ed(Network Failure) 231 ScenarioThree:
