Index
Symbols
- $ (command prompt), Conventions Used in This Book
- $ cf push command, Using cf push Command to Deploy, Buildpacks and Docker Images, Staging Workflow
- $bosh create env command, Jumpbox, Security Groups
- 12-factor contract, The Twelve-Factor Contract, Team Structure: Platform Operations for the Enterprise, Logging
- 3 Rs of internet security, The Three Rs of Enterprise Security
A
- access VM, The Access VM
- acknowledgments, Acknowledgments
- action abstraction, Action Abstraction
- ActualLRPs, Why Diego?
- Admission Control, vCenter Failure Boundaries
- Advanced Persistent Threats (APTs), Environmental Risk Factors for Advanced Persistent Threats
- aggregated logging and metrics, Aggregated Streaming of Logs and Metrics
- Amazon Web Services (AWS)
- app logs, Logging
- application artifacts
- application instances (AIs)
- failing app instances, Scenario One: The App Is Not Reachable
- instance group failure, Scenario 7: Instance Group Failure-Scenario 7: Instance Group Failure
- instance group replication, Instance group replication
- provisioning/deprovisioning, Service brokers
- routes and, One app, one route, multiple app instances
- self-healing feature, Self-Healing Application Instance Count
- specifying, Self-Service Application Life Cycle
- UAA management, Instance Groups Governed by the UAA
- application life cycle
- application velocity (see velocity)
- applications as units of deployment, The Application as the Unit of Deployment, Why Diego?
- Auctioneer service, A Brief Overview of How Diego Works, The Diego Brain
- authentication (see User Access and Authentication)
- availability zones (AZs), Resiliency Through Availability Zones, AZs
B
- backing services, A Marketplace of On-Demand Services
- backup and restore, Backup and Restore
- BIG-IP load balancer, Routing via the Load Balancer and GoRouter
- blobstore, The Cloud Controller blobstore, Src, Blobs, and Blobstores
- blue/green deployments, Rolling Upgrades and Blue/Green Deployments
- BOSH (see also BOSH 2.0)
- basics of, BOSH Concepts
- benefits of, Why BOSH?, Summary
- bosh-bootloader, Designing for Resilience, Instance group replication
- Cloud Foundry deployment and, Cloud Foundry Dependencies and Integrations, Cloud Foundry BOSH Release
- commands, Basic BOSH Commands
- components, BOSH Components and Commands-Summary
- deployments, BOSH Deployments-Summary
- Diego BOSH releases, Layered Architecture
- environment creation, Creating a BOSH Environment
- infrastructure as code focus, Infrastructure as Code
- instance groups, Essential Diego Concepts, The Diego Brain
- IPSec release, TLS Termination and IPSec
- management port security caution, Setting Up an AWS VPC
- release engineering through, Release Engineering through BOSH, Release Engineering
- release jobs, Essential Diego Concepts, Jobs
- releases, BOSH Releases-Summary
- restoring, Restoring BOSH
- security features in, The Three Rs of Enterprise Security
- self-healing features, Built-In Resilience and Fault Tolerance
- supported CPIs, IaaS and Infrastructure Design, The Cloud Provider Interface
- top-level primitives, BOSH Top-Level Primitives-Deployments
- UAA release, UAA Release
- versions, Creating a BOSH Environment
- BOSH 2.0 (see also BOSH)
- BOSH Lite, IaaS and Infrastructure Design, BOSH Lite
- Boulder support, Boulders
- Brain
- buildpacks
- advanced features, Buildpacks and Staging
- basics of, Buildpacks Explained
- benefits of, Why Buildpacks?, Summary
- buildpack and stack compatibility, Stacks
- dependency pipelines, Buildpack and Dependency Pipelines
- deploying application artifacts, Buildpacks and Docker Images
- Java buildpacks, Staging
- modifying, Modifying Buildpacks-Restaging
- packaging and dependencies, Packaging and Dependencies
- staging, Staging-Release
- structure of, Buildpack Structure
- system buildpack ordering, Detect
- bulkheading, Organizations and Spaces
- Bulletin Board System (BBS)
- bundles, OCI and runC
C
- caching, Data Consistency Through Services
- canonical name (CNAME), Domains
- Cassandra, Data Consistency Through Services
- CATS (Cloud Foundry Acceptance Tests), Cloud Foundry Acceptance Tests, Validating Platform Integrity in Production
- CC-Bridge
- Cells
- buildpack and stack compatibility, Stacks
- Cell sizing, Cell sizing
- Cells's Rep, The Diego Brain
- components of, Diego Cell Components
- defined, Staging
- Executor process, Executor
- Garden container API, Garden
- rebalancing, Cell Rebalancing
- Rep endpoint, Rep
- routing and, Routing Components Overview
- certificates
- cf push command, Using cf push Command to Deploy, Spaces, The Application Life-Cycle Policy, Buildpacks and Docker
- cf scale command, Self-Service Application Life Cycle
- cf-acceptance-tests (CATS), Production Verification Testing, Validating Platform Integrity in Production
- cf-deployment, Designing for Resilience, Instance group replication
- Cloud Controller (CAPI)
- Cloud Controller database (CCDB), The CCDB
- Cloud Foundry
- acceptance testing, Cloud Foundry Acceptance Tests
- benefits of, Who Should Read This Book, Cloud-Native Platform Concepts
- deploying, Installation Steps, Resiliency Through Multiple Cloud Foundry Deployments
- (see also environment setup)
- documentation, Component Overview
- expanded uses for, Why Diego?
- factors to consider when running, Preface, Infrastructure and the Cloud Provider Interface
- GitHub repository, The Cloud Foundry GitHub Repository
- installing, Installing Cloud Foundry
- modular distributed architecture, Components
- online resources, Online Resources
- platform overview, Summary
- (see also cloud-native platforms)
- prerequisites to learning, Who Should Read This Book
- recently released and future features, Cloud Foundry Roadmap-Summary
- supplemental material, Why You Need a Cloud-Native Platform, Cloud Foundry Roadmap
- Cloud Provider Interfaces (CPIs), IaaS and Infrastructure Design, The Cloud Provider Interface, The Cloud Provider Interface
- cloud-based operating systems
- cloud-native applications, The Twelve-Factor Contract
- cloud-native platforms
- code examples, obtaining and using, The Cloud Foundry GitHub Repository
- colocation requirements, Spaces
- command line interface (CLI), The Command Line Interface, The BOSH CLI v2
- command prompt ($), Conventions Used in This Book
- comments and questions, How to Contact Us
- common vulnerabilities and exposures (CVEs), Why Buildpacks?
- components
- composable actions
- Concourse.ci, The Application Life-Cycle Policy
- configuration drift, Distributed System Security
- configuration failures, Configuration Failures
- Consul, Consul
- contact information, How to Contact Us
- containers
- advanced features, Containers
- benefits of, Cloud-Native Platform Concepts, Containers, Containers, Containers, Summary
- challenges of, Summary
- container images, What Is a Container?
- container management, Why Diego?, What Is a Container?
- container users, Garden
- creating, Garden and runC
- defined, Containers, Containers, Containers
- elements of, What Is a Container?
- high memory usage failures, Scenario Four: Invoking High Memory Usage That Kills a Container-Scenario Four: Invoking High Memory Usage That Kills a Container
- implementation in Cloud Foundry, Container Implementation in Cloud Foundry-Container Scale
- Linux containers, Linux Containers-Filesystems
- orchestration of, Container Technologies (and the Orchestration Challenge)
- runtime architecture, Diego
- terminology, What Is a Container?, Container Implementation in Cloud Foundry
- trusted containers, Filesystems
- context path routing, Context Path Routing
- context path-based routing, Context Path–Based Routing
- continuous delivery pipelines, The Application Life-Cycle Policy
- Continuous Integration/Continuous Deployment (CI/CD), Cloud-Native Platform Concepts, Resiliency Through Pipelines
- Control Groups (CGroups), CGroups
- control theory, Built-In Resilience and Fault Tolerance
- Converger process, The Converger process
- core concepts and capabilities
- aggregated logging and metrics, Aggregated Streaming of Logs and Metrics
- applications as units of deployment, The Application as the Unit of Deployment
- built-in resilience and fault tolerance, Built-In Resilience and Fault Tolerance, Extending Cloud Foundry’s Built-In Resiliency
- cf push command for deployment, Using cf push Command to Deploy
- cloud-based OS, The Cloud Operating System
- dealing with undifferentiated heavy lifting, Undifferentiated Heavy Lifting
- do more approach, Do More
- domains hosts and routes, Domains Hosts and Routes
- Organizations and Spaces, Organizations and Spaces
- overview of, Concepts
- release engineering through BOSH, Release Engineering through BOSH
- rolling upgrades and blue/green deployment, Rolling Upgrades and Blue/Green Deployments
- security, Security-UAA Management
- self-service application life cycle, Self-Service Application Life Cycle
- staging, Staging
- twelve-factor contract, The Twelve-Factor Contract
- UAA management, UAA Management
- cred-name, Credentials
- credentials, Credentials-Credentials
D
- data consistency, Data Consistency Through Services
- data isolation, Security through namespaces
- debugging
- dependencies, Cloud Foundry Dependencies and Integrations, Packaging and Dependencies
- deployment topology, Deployment Topology, Resiliency Through Multiple Cloud Foundry Deployments
- (see also environment setup)
- deployments (BOSH), Deployments
- DesiredLRPs, Why Diego?
- develop-to-deployment cycle time, The Cloud-Native Platform
- DevOps
- Diego
- additional components
- BOSH releases, Layered Architecture
- components
- Diego API, The Diego API
- essential concepts, Essential Diego Concepts-Composable Actions
- layered architecture, Layered Architecture
- major characteristics and attributes, Summary
- overview of, Diego, A Brief Overview of How Diego Works-A Brief Overview of How Diego Works
- process types, Why Diego?
- purpose of, Diego
- routing and, Routing via the Load Balancer and GoRouter
- scheduling advanced features, Diego Scheduling
- separation of concerns, Why Diego?
- staging steps, Putting It All Together-Putting It All Together
- statefull and globally aware components, The Diego State Machine and Workload Life Cycles
- support for container image formats, Why Diego?
- workflow, Interacting with Diego-Logging and Traffic Routing
- workflow life cycles, The Diego State Machine and Workload Life Cycles-Task Life Cycle
- dig, Scenario Two: Network Address Translation Instance Deleted (Network Failure)
- Director VM, Creating a BOSH Environment, The BOSH Director-Director Registry
- disaster planning
- disk creation, Disk Creation
- disk quotas, Disk Quotas
- distributed systems
- DNS resolution, Scenario Four: Invoking High Memory Usage That Kills a Container
- do more approach, Do More
- Docker images
- domains
- canonical name (CNAME), Domains
- domain freshness, The CC-Bridge, Nsync and TPS-Nsync and TPS
- multiple app domains, Multiple app domains
- owned, Domains
- route collision errors, Scenario Five: Route Collision-Scenario Five: Route Collision
- separation of concerns, Domains
- setup, Setting Up Domains and Certificates
- shared and private, Domains
- subdomains, Domains
- system domain, Domains
- wildcard domains, Domains
- droplets
- dynamic load balancing, Built-In Resilience and Fault Tolerance, Routing via the Load Balancer and GoRouter
E
- egress traffic, Scenario Three: Security Group Misconfiguration That Blocks Ingress Traffic
- elastic clusters, Isolation Segments
- Elastic Load Balancer (ELB), Routing via the Load Balancer and GoRouter, WebSocket Upgrades, Scenario Three: Security Group Misconfiguration That Blocks Ingress Traffic
- environment setup
- environment variables, Spaces
- events, aggregated streaming, Aggregated Streaming of Logs and Metrics
- eventual consistency, The Converger process
- Executor process, Executor
I
- identity-management service (see User Access and Authentication)
- Infrastructure as a Service (IaaS), Why You Need a Cloud-Native Platform, BOSH Deployments, HA IaaS Configuration-vCenter Failure Boundaries
- infrastructure as code tools, Self-Healing Processes, Infrastructure as Code
- infrastructure design
- infrastructure failures, Infrastructure Failures
- installation
- canonical approach, Installing and Configuring Cloud Foundry
- changing stacks, Changing Stacks
- growing the platform, Growing the Platform
- installing Cloud Foundry, Installing Cloud Foundry-Installing Cloud Foundry
- key concerns and decisions, Installing and Configuring Cloud Foundry
- logical environment structure, Logical Environment Structure
- pushing your first app, Pushing Your First App
- steps of, Installation Steps, Installation Steps
- validating platform integrity, Validating Platform Integrity in Production-Production Verification Testing, Validating Platform Integrity in Production
- instance groups, Essential Diego Concepts, The Diego Brain, Instance Groups, Scenario 7: Instance Group Failure-Scenario 7: Instance Group Failure, Instance Groups Governed by the UAA
- integrations, Cloud Foundry Dependencies and Integrations
- Interactive Ruby (IRB) tools, Scenario Five: Route Collision
- Internet Gateway (edge routers), Scenario Two: Network Address Translation Instance Deleted (Network Failure)
- internet security, three Rs of, The Three Rs of Enterprise Security
- IPSec, TLS Termination and IPSec
- isolation segments, Isolation Segments
L
- Linux Container manager, Why Diego?, Linux Containers-Filesystems
- as high-level abstract concept, Linux Containers
- Control Groups (CGroups), CGroups
- core primitives and kernel features, Linux Containers
- data locality, Security through namespaces
- disk quotas, Disk Quotas
- filesystems, Filesystems
- for Docker images, Why Diego?
- namespaces, Namespaces
- security through namespaces, Security through namespaces
- vs. traditional virtual machines, Linux Containers
- widespread use of, What Is a Container?
- load balancer
- local caching layers, Data Consistency Through Services
- logging
- Loggregator
- Long Running Processes (LRPs)
N
- namespaces, Namespaces-Security through namespaces
- NATS messaging system
- Network Address Translation (NAT)., Scenario Two: Network Address Translation Instance Deleted (Network Failure)
- network shaping, Network Shaping
- networking design
- dealing with network failure, Scenario Two: Network Address Translation Instance Deleted (Network Failure)
- dependencies, Networking Design and Routing
- domains and certificates, Setting Up Domains and Certificates
- internet gateway (edge routers), Scenario Two: Network Address Translation Instance Deleted (Network Failure)
- key concerns and decisions, Networking Design and Routing
- load balancer setup, Setting Up the Load Balancer
- networking tooling, Scenario Two: Network Address Translation Instance Deleted (Network Failure)
- security groups, Security Groups
- static IPs, Using Static IPs
- subnets, Subnets
- VM options, Networking Definition
- NOAA, Logging
- nozzles, Logging
- nslookup, Scenario Two: Network Address Translation Instance Deleted (Network Failure)
- Nsync, Nsync and TPS-Nsync and TPS
O
- OAuth 2.0, OAuth 2.0
- on-demand services, A Marketplace of On-Demand Services
- Open Container Initiative (OCI), Application Execution, Why Diego?, OCI and runC
- open platforms, The Open Platform
- opinionated platforms, The Opinionated Platform
- Organizations (Orgs)
- orphaned disks, Orphaned Disks
- out-of-memory (OOM) errors, Scenario Four: Invoking High Memory Usage That Kills a Container-Scenario Four: Invoking High Memory Usage That Kills a Container
- owned domains, Domains
R
- Raft consensus algorithm, The Converger process
- reference architecture, Why I Wrote This Book, Sizing and Scoping the Infrastructure
- release engineering, Why BOSH?
- release jobs, Essential Diego Concepts, Jobs, Release Job Process Failure, Scenario 6: Release Job Process Failures
- releases (BOSH), Releases
- Rep endpoint, Rep
- repeatability, Summary
- report.py, Scenario Five: Route Collision
- resilience, Built-In Resilience and Fault Tolerance, Designing for Resilience, The Converger process, Designing for Resilience, Planning for Disaster, Traffic Resiliency (see also high availability)
- resource allocation, Resource Allocation
- resource limits (R limits), Disk Quotas
- resource match requests, The Cloud Controller blobstore
- Resurrector (BOSH), Self-Healing VMs, Resurrector, Scenario 7: Instance Group Failure
- rkt, Why Diego?
- roadmap topics
- Role-Based Access Control (RBAC), UAA Management, User Account and Authentication Management
- roles, Roles
- rolling upgrades, Rolling Upgrades and Blue/Green Deployments
- root filesystem (rootfs), Stacks, Compiler-Less Rootfs and Stemcells
- root users, Garden
- Route-Emitter, The Route-Emitter
- routing
- components overview, Routing Components Overview
- Diego workflow, Logging and Traffic Routing
- domain hosts and, Domains Hosts and Routes
- environment setup, Networking Design and Routing-Setting Up Domains and Certificates
- load balancer considerations, Load Balancer Considerations-TLS Termination and IPSec
- primitives
- route collision, Scenario Five: Route Collision-Scenario Five: Route Collision
- route mapping flow, Route-Mapping Flow
- route services, Route Services-Route Service Use Cases
- routing flow, Routing Flow
- routing primitives, Routing Primitives
- sticky sessions, Sticky Sessions
- TCPRouter, The TCPRouter-TCPRouter Configuration Steps
- uses for, Routing Considerations
- via load balancer and GoRouter, Routing via the Load Balancer and GoRouter, GoRouter Considerations-Router Instrumentation and Logging
- RunActions, Application Life-Cycle Binaries
- runC, Garden and runC, Why Diego?, Composable Actions, Container Implementation in Cloud Foundry, OCI and runC
- running containers, Container Implementation in Cloud Foundry
S
- SAML certificates, Keys, Tokens, and Certificate Rotation
- sandbox environment, Deployment Topology, Validating Platform Integrity in Production, Start with a Sandbox
- (see also environment setup)
- scaling
- scheduling
- scopes, Scopes
- Secure Shell (SSH)-Proxy services, The SSH proxy, Routing Components Overview
- security
- additional in Cloud Foundry, The Three Rs of Enterprise Security
- advanced persistent threats (APTs), Environmental Risk Factors for Advanced Persistent Threats
- app and dependency scanning, Why Docker?
- BOSH management ports, Setting Up an AWS VPC
- configuration drift and, Distributed System Security
- distributed system security, Distributed System Security
- jumpbox VMs, Jumpbox
- minimal change concept, Challenge of Minimal Change
- networking security groups, Security Groups
- security group misconfiguration, Scenario Three: Security Group Misconfiguration That Blocks Ingress Traffic
- three Rs of enterprise security, The Three Rs of Enterprise Security
- UAA management, UAA Management, User Account and Authentication Management-Summary
- self-healing feature, Self-Service Application Life Cycle, Built-In Resilience and Fault Tolerance
- service broker, Service brokers
- service instances, Service brokers
- session affinity, Sticky Sessions
- shared domains, Domains
- sizing and scoping, Sizing and Scoping the Infrastructure-Instance group replication
- snowflake servers, Release Engineering through BOSH
- SOCKS5 protocol, Jumpbox
- Spaces
- Spring Cloud, Spaces
- SSL certificates, Setting Up Domains and Certificates
- stacks
- staging
- state machine, The Diego State Machine and Workload Life Cycles
- static IPs, Using Static IPs
- stemcells, Stemcells, Stemcell, Compiler-Less Rootfs and Stemcells
- Steno logging, Logging
- sticky sessions, Sticky Sessions
- structured platforms, The Structured Platform
- subdomains, Domains
- subnets, Subnets
- syslog aggregator, Logging
- system state
T
- Tasks
- TCPRouter, Why Diego?, Routing Components Overview, The TCPRouter-TCPRouter Configuration Steps
- teams (see platform-operations team)
- testing
- three Rs of internet security, The Three Rs of Enterprise Security
- time-to-live (TTL), Nsync and TPS
- TLS decryption, TLS Termination and IPSec
- tokens, Keys, Tokens, and Certificate Rotation
- TPS, Nsync and TPS-Nsync and TPS
- tracing, Tracing
- Tracy, Derek, Scenario Five: Route Collision
- troubleshooting (see debugging)
- trusted containers, Filesystems
- Twelve-Factor contract, The Twelve-Factor Contract, Team Structure: Platform Operations for the Enterprise, Logging
- typographical conventions, Conventions Used in This Book
U
- UAADB (UAA database), UAA Database
- undifferentiated heavy lifting, Undifferentiated Heavy Lifting
- unit of deployment, The Application as the Unit of Deployment (see also buildpacks)
- unstructured platforms, The Structured Platform
- URL resolution, Scenario Two: Network Address Translation Instance Deleted (Network Failure)
- User Access and Authentication (UAA)
- architecture and configuration, UAA Architecture and Configuration Within Cloud Foundry-Grant types
- benefits of, Summary
- BOSH release, UAA Release
- documentation, UAA Documentation
- key modes of operation, User Account and Authentication Management
- OAuth 2.0, OAuth 2.0
- overview of, User Management and the UAA
- responsibilities of, UAA Responsibilities
- roles and scopes, Roles and Scopes-UAA roles and permissions
- routing and, Routing via the Load Balancer and GoRouter
- security features in, UAA Management
- UAAC utility, UAA roles and permissions
- user import, User Import
- user-provided services, User-provided services
- users, onboarding, User Import
Y
- YAML (YAML Ain't Markup Language), Release Engineering through BOSH, YAML Files-Update
- deployment manifests, Deployment Manifests
- Director UUID and deployment name, Director UUID and Deployment Name
- instance groups, Instance Groups
- properties, Properties
- release names, Release Names
- stemcells, Stemcell
- syntax, Understanding YAML Syntax
- updates, Update
- used by BOSH, Release Engineering through BOSH
- uses for, YAML Files
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.