This post is deprecated, as cf-networking-release is now part of cf-deployment and deployed by default!
Cloud Foundry Networking is a new Cloud Foundry project, currently in incubation, which provides policy-based container networking for Cloud Foundry. This release allows for the first time in cloud foundry direct tcp and udp connection between containers.
This blog covers a brief overview how to get started with the cf-networking-release on bosh-lite using bosh cli v2.
- cf cli
- BOSH CLI v2
- a bosh-lite deployment
You can start with my previous post: Deploying Cloud Foundry on Virtualbox using BOSH CLI v2
Preparing BOSH director
We need to load the br_netfilter module on our bosh-lite vm to enable networking support on bosh-lite.
If you don’t have yet extracted the private SSH key as described in the last post, you need to do so now:
umask 077; touch ~/deployments/vbox/director_priv.key bosh int ~/deployments/vbox/creds.yml --path /jumpbox_ssh/private_key > ~/deployments/vbox/director_priv.key
Finally enable the module:
ssh firstname.lastname@example.org -i ~/deployments/vbox/director_priv.key 'sudo modprobe br_netfilter && lsmod | grep br_netfilter'
Cloud Foundry Networking Deployment
We need the cf-networking-release repository:
git clone https://github.com/cloudfoundry-incubator/cf-networking-release ~/workspace/cf-networking-release
Next, we upload the release:
bosh upload-release https://bosh.io/d/github.com/cloudfoundry-incubator/cf-networking-release
The next step is already to either start a new cloud foundry deployment with networking or updating an existing deployment on bosh-lite. The command is the same.
bosh -d cf deploy ~/workspace/cf-deployment/cf-deployment.yml \ -o ~/workspace/cf-networking-release/manifest-generation/opsfiles/cf-networking.yml \ -o ~/workspace/cf-deployment/operations/bosh-lite.yml \ -o ~/workspace/cf-networking-release/manifest-generation/opsfiles/postgres.yml \ --vars-store ~/deployments/vbox/deployment-vars.yml \ -v system_domain=bosh-lite.com
You’re already finished deploying the Cloud Foundry Networking release.
Preparing the Client
The current Cloud Foundry CLI does not yet include networking support. Therefore we need do download and install the networking plug-in.
wget https://github.com/cloudfoundry-incubator/cf-networking-release/releases/download/v0.17.0/network-policy-plugin-linux64 chmod +x network-policy-plugin-linux64 cf install-plugin network-policy-plugin-linux64
Cloud Foundry Networking introduces a new scope network.admin in the UAA. If you are updating an existing deployment, you will need to logout on the client to get the new permissions assigned.
cf logout cf login -a https://api.bosh-lite.com --skip-ssl-validation -u admin -p $(bosh int ~/deployments/vbox/deployment-vars.yml --path /uaa_scim_users_admin_password )
The cf-networking-release repository does include a few sample projects under src/example-apps/ .
The Cloud Foundry Networking project is a huge enhancements for Cloud Foundry. Its direct containter-to-container network with fine grained policies is a great foundation for microservice applications.