Cloud Foundry Overview
Page last updated:
This topic describes Cloud Foundry and how it works.
Cloud platforms let anyone deploy network apps or services and make them available to the world in a few minutes. When an app becomes popular, the cloud scales it to handle more traffic, replacing build-out and migration efforts that once took months with a few keystrokes. Cloud platforms enable you to focus exclusively on your apps and data without worrying about underlying infrastructure.
The following diagram shows the layers of a typical technology stack, and compares the traditional IT model to the cloud platform model:
See the following sections in this topic:
This section describes why Cloud Foundry is an industry-standard cloud platform.
Not all cloud platforms are created equal. Some have limited language and framework support, lack key app services, or restrict deployment to a single cloud.
As an industry-standard cloud platform, Cloud Foundry offers the following:
Open source code: The platform’s openness and extensibility prevent its users from being locked into a single framework, set of app services, or cloud. For more information, see the Cloud Foundry project on GitHub.
Deployment automation: Developers can deploy their apps to Cloud Foundry using their existing tools and with zero modification to their code.
Flexible infrastructure: You can deploy Cloud Foundry to run your apps on your own computing infrastructure, or deploy on an IaaS like vSphere, AWS, Azure, GCP, or OpenStack.
Commercial options: You can also use a PaaS deployed by a commercial Cloud Foundry cloud provider. For more information, see Cloud Foundry Certified Platforms.
Community support: A broad community contributes to and supports Cloud Foundry. See Welcome to the Cloud Foundry Community.
Cloud Foundry is ideal for anyone interested in removing the cost and complexity of configuring infrastructure for their apps.
To flexibly serve and scale apps online, Cloud Foundry has subsystems that perform specialized functions. The sections below describe how some of these main subsystems work.
This section describes how Cloud Foundry handles load balancing.
Clouds balance their processing loads over multiple machines, optimizing for efficiency and resilience against point failure. A Cloud Foundry installation accomplishes this using the following components:
BOSH: creates and deploys VMs on top of a physical computing infrastructure, and deploys and runs Cloud Foundry on top of this cloud. To configure the deployment, BOSH follows a manifest document. For more information, see the BOSH documentation.
Cloud Controller: runs the apps and other processes on the cloud’s VMs, balancing demand and managing app lifecycles. For more information, see Cloud Controller.
Gorouter: routes incoming traffic from the world to the VMs that are running the apps that the traffic demands, usually working with a customer-provided load balancer. For more information, see Gorouter.
This section describes the VMs that run your apps in Cloud Foundry and how the platform packages your apps to run on these VMs.
Cloud Foundry designates the following types of VMs:
- Component VMs: make up the platform’s infrastructure.
- Host VMs: host your apps for the outside world.
Within Cloud Foundry, the Diego system distributes the hosted app load over all of the host VMs, and keeps it running and balanced through demand surges, outages, or other changes. Diego accomplishes this through an auction algorithm.
For more information, see Diego Components and Architecture.
To meet demand, multiple host VMs run duplicate instances of the same app. This means that apps must be portable. CFAR distributes app source code to VMs with everything the VMs need to compile and run the apps locally.
%= vars.app_runtime_abbr %> includes the following with your app’s source code:
- Stack: the operating system the app runs on.
- Buildpack: contains all languages, libraries, and services that the app uses.
Before sending an app to a VM, the Cloud Controller stages it for delivery by combining the stack, buildpack, and source code into a droplet that the VM can unpack, compile, and run. For simple, standalone apps with no dynamic pointers, the droplet can contain a pre-compiled executable instead of source code, language, and libraries.
For more information, see:
This section describes how CFAR organizes users and workspaces.
CFAR manages user accounts through two User Account and Authentication (UAA) servers, which support access control as OAuth2 services and can store user information internally, or connect to external user stores through LDAP or SAML.
For more information, see User Account and Authentication (UAA) Server.
The following table describes what the two UAA servers do:
|First UAA server||
|Second UAA server||
For more information, see Orgs, Spaces, Roles, and Permissions.
The following table describes where CFAR stores resources:
||Internal or external blobstore|
This section describes how CFAR components communicate with one another.
CFAR components communicate in the following ways:
- By sending messages internally using HTTP and HTTPS protocols
- By sending NATS messages to each other directly
For more information, see Messaging (NATS).
BOSH Director co-locates a BOSH DNS server on every deployed VM. All VMs keep up-to-date DNS records for all the other VMs in the same foundation. This enables service discovery between VMs.
BOSH DNS allows deployments to continue communicating with VMs even when the VMs’ IP addresses change. It also provides client-side load balancing by randomly selecting a healthy VM when multiple VMs are available.
For more information about BOSH DNS, see Native DNS Support in the BOSH documentation.
This section describes logging in CFAR.
CFAR generates system logs from CFAR components and app logs from hosted apps. As CFAR runs, its component and host VMs generate logs and metrics. CFAR apps also typically generate logs.
The following table describes where CFAR sends logs:
|CFAR component logs||Rsyslog agents|
|CFAR component metrics||Loggregator|
Component logs stream from rsyslog agents, and the cloud operator can configure them to stream out to a syslog drain.
The Loggregator system aggregates the component metrics and app logs into a structured, usable form, the Firehose. You can use all of the output of the Firehose, or direct the output to specific uses, such as monitoring system internals, triggering alerts, or analyzing user behavior, by applying nozzles.
For more information, see Loggregator Architecture.
This section describes how you can use services with your apps on CFAR.
Typical apps depend on free or metered services such as databases or third-party APIs. To incorporate these into an app:
Write a Service Broker: This component manages the life cycle of the service. The Service Broker uses the Service Broker API to advertise a catalog of service offerings to CFAR apps.
Provision the Service Instance: Create an instance of the service offering by sending a provision request to the Service Broker API.
Enable apps to access the Service Instance: Configure the CFAR app to make calls to the Service Instance using the Service Broker API.
For more information, see Services.Create a pull request or raise an issue on the source for this page in GitHub