Design Documents

Application Runtime / CAPI

• Cloud Controller API Semantic Versioning- Replaced by CAPI V3
• IBM Design Proposal for High Availability Policies in v2 - Not started
• Users and Roles Improvements - seems to have been removed?
• CC API V3 - Started details
  • App Process Types and its progressive API changes rollouts
  • API style guide
  • V3 API Proposals index
    • V3 Asynchronous Operations Proposal
    • V3 Audit Events Proposal
    • V3 Domains Proposal
    • V3 environment variable group proposal
    • V3 quotas proposal
    • V3 routes proposal
      • V3 Routes Update Sub-Proposal
      • CLI Routes Review
    • V3 ASG Proposal
    • V3 Users + Roles Proposal
  • GUID Hiding on V3 API
  • To-many relationships from slack thread
  • Error codes from slack thread
  • Manifest diffing (to support diff output on push) from slack thread
  • V2 API Deprecation Plan - cf-dev@ thread
• Event Notification - Not started
• Deployment and operations:
  • Decomposing cf-release and Extracting Deployment Strategies - Completed
  • Support for split deployments in cf-deployment - (cf-dev thread)
  • CF-Deployment 5.0 Scope
  • CF-Deployment 6.0 Scope
• Organization Blacklisting for Public Service Plans in CloudFoundry - Implemented (doc)
• Placement and isolation
  • App Placement and High Availability Placement Pools - Old, the latest on this proposal is now in Elastic Clusters listed below
  • Elastic Clusters
    • Original CF elastic clusters proposal. Story
    • Service Discovery within Elastic Clusters
  • Workload isolation
  • Isolation segments - Completed
    • Routing for Isolation Segments - Implemented
    • V3 CC API adaptions for Isolation segments
    • Loggregator Isolation - cf-dev@ thread
• CF Java client 2.0 redesign - Implemented
• Application Security Groups - Implemented (docs)
• App Containers - Warden Docker Comparsion - Implemented
• Performance Acceptance Testing Suite
• Notifications Component - Implemented & Deprecated
• Diego - DEA Redesign - Implemented
  • Docker images in Diego - Implemented
  • Private Docker repositories - cf-dev@ thread
    • Private Docker repositories - solutions exploration
  • See diego-design-notes for additional diego specs
  • CF+Diego Components using etcd and Consul - Implemented
  • Garden union file system - (Slack thread)
  • Droplets & rootfs as OCI images - Starting
  • Diego Cell API - (Slack thread)
  • Garden Pods inception
  • Diego 2.0 breaking changes (cf-dev thread)
  • Use Containerd to run containers in Garden-RunC
  • Readability Improvements to Diego Component Logs -
  • CPU Sharing and Metrics in CF - cf-dev@ thread
  • Enabling secure communication between Cloud Controller and Diego
• Env variable groups - Implemented
• CF Notifications Service - Implemented
• Bits and blobstore
  • Bits Service Proposal - Implemented
  • Push App-Bits Directly to Bits-Service
  • Workflows of CC to Bits integration
• Container networking - Implemented
  • Original Container networking for applications proposal
  • Container networking vision
  • Container Networking Policy - Technical Design
    • container-networking-notes repo
    • Evaluating alternative batteries-included SDNs
    • Traffic Identification proposal - (slack thread)
    • App Identity outside CF
    • Converging on logging for ASGs and container networking
    • Silk design notes and Silk FAQ
    • Polyglot service discovery
• Support of tasks
• Persistence:
  • Proposal for Cloud Foundry Persistence
  • Persistent volumes on CF and Volume Services manual
    • Volume Services v2.9
    • Volume Services v2.10
      • LDAP integration in nfs-volume-release
• Application autoscaling service
• Application life cycle
  • Application Releases and Rollback - HPE suggested. Not started. Replaced CAPI V3 ( cf-dev thread)
  • Zero downtime application updates (cf-dev thread)
• Security
  • Proposed approach for installing trusted system certificates in containers - (Slack thread)
  • Instance Identity Credentials - done
  • Credhub product summary
  • Securing Service Instance Credentials (in credhub) - cf-dev@ thread
• CF Permissions incubation team
• CF Dev local Bosh/CF/Service deployment - cf-dev@ thread.
  • CF Dev Telemetry
• Egress Policies with Service Brokers - Cf-dev@ thread
• Metadata for Cloud Controller API Resources - Implemented user manual
  • Metadata Workflows With CLI Options
  • Metadata in application manifest story
• Server side app manifest - started cf-dev@ thread epic
  • API proposal
  • Existing V2 behaviors
  • V3 Server-Side Multi-App Manifests Proposal - Started Epic api doc
• Advanced Deployment Strategies Proposal

Services

• Cloud Foundry Service Broker v2 API - Complete (Documentation)
• Service Dashboard SSO - Complete (Documentation)
• Service Usage Events - Complete (Documentation)
• Update service instance (e.g. upgrade plan) - Complete (Documentation)
• Asynchronous Service Instance Provisioning - Complete (Documentation)
• Arbitrary Provision Parameters - Complete (Documentation)
• Provision credentials without bind (Service Keys) - Complete (Documentation)
• User-managed (Private) Service Brokers - In progress details
• Service Broker User delegation during provisionning ( cf-dev thread)- Not started
• Reducing state in service brokers
• Kubo: Kubernetes on bosh. Slides, cf-dev thread - Implemented
• Sharing services instances across orgs and spaces:
  • Proposal email thread
  • UX and CAPI changes
  • CAPI Service Instance Sharing Design
    • Explore: Shared Service Instance Resource
    • Explore: Using a /v3/service_instance_shares Endpoint
• Orphan service mitigation - Story
• Multi-Service Registration
• Async service bindings - Story
  • CLI Design: Supporting Asynchronous Bindings
  • CC API Design: Asynchronous Service Bindings - Story
• Granular updates (sapi epic
  • Feature Narrative: Service Instance Upgrades
  • servicebroker/#628 pr
  • Explore Minimal Granular Upgrades Experience
• Independent service manager
  • Phage Exploration
  • Decision making time: Amoeba vs Phage
• Services CAPI V3 VAT progress spreadsheet
• Improving cf service UX
• Enhanced experience for Service Bindings in the CF CLI

Logging (see also loggregator project board)

• Application Logging with Loggregator - Implemented
• Go Runtime instrumentation - Implemented
• Metrics Architectural Direction (gone)
• Emitter Library for HTTP Proposal
• Emitter Library for Events
• cf-component resources and utilization
• initialization process for the emitter libraries
• Reliable logs - (cf-dev thread)
• Security logging - Done - Epic
• Tagged metrics
• Loggregator Health Check Nozzle
• Scalable syslog - Implemented - (cf-dev thread)
• Application metrics forwarding - (cf-dev thread )
• Firehose refinements:
  • Developer Segmented Firehose - Dedicated Service Instance Metrics and Logs for Developers (cf-dev thread ) - Variation Nozzle as a service
  • Specified Selector Subscription Model and Reference Model in V2 API ( cf-dev@ thread)
• noisy neighbor measurements improvements (cf-dev thread)
• improved persistence architecture feature proposal (recent log par app caching, cf-dev thread))
• Proposal for PMC Incubation of Unified Logging
• Loggregator Isolation - cf-dev@ thread
• Syslog Drains for all Apps in a Space - cf-dev@
• Loggregator Service Drains

Buildpack life cycle - In progress Epic

• Cloud Foundry Buildpacks - Implemented
• ALM and CI Integration - Not started
• Mapping Buildpack dependencies - Implemented
• Buildpacks: binary audit trail epic - Implemented
• Staging & Runtime Hooks - Proposed (HP)
• Binary service broker
• Admin buildpack location - (HPE suggestion in cf-dev thread )
• Multiple buildpacks:
  • Multiple CF Buildpack Support - discarded
  • First-class support for multi-buildpacks & staging policies - Implemented
  • Multiple CF Buildpack Support v2
• Buildpack-related meta-data - Orange proposed - Addressed by CNB
• Private stacks - (Proposed by NTT, cf-dev@)

Routing

• CF Routing API
  • Unified Routing API Proposal
  • Routing API Performance Testing
• Context Path Routing - Implemented (docs)
• Route Services - Implemented (docs)
  • inception notes
  • UX and CCAPI changes for Route Services and TCP Routing
  • Detailed design/implem
    • X-Forwarded-* Headers
    • Route Services as Forwarding Proxy
• TCP Routing -
• Enhanced load-balancing
• Route integrity (Increasing Availability of Applications and the Platform Management plane during Failures with Route Registration)
• Mutual TLS between external clients and apps in CF - Complete
• Istio integration
  • Technical Design for New Routing Control Plane leveraging Istio. - Implemented
  • Cloud Foundry Integration with Istio Pilot and Envoy - Started
    • Istio/CF model mapping
  • Istio Router on the Container (Overlay) Network - Implemented
  • Istio in CF-K8s
• Weighted Routing user experience in CF - cf-dev@thread
• Improving Security for HTTP Ingress to CFAR Application Containers - cf-dev@ thread

BOSH

• See https://github.com/cloudfoundry/bosh-notes#bosh-notes for recent bosh design proposals
• Service Discovery in BOSH releases (2012)
• BOSH Bootloader for Operators
• BOSH-aware DNS server
• OSS BOSH Vision and Strategy 11-2018
• Lifecycle Management for k8s - cf-bosh@ thread

Command Line Interface (CF CLI)

• cf help redesign (June-July 2016)
• UX Routes in App Manifests (June-July 2016)
• Value Substitution in App Manifest Proposal
• removing --no-start from cf push in CLI v7
• New Deployment Workflows With CLI Options

Tooling

• Terraform provider for Cloud Foundry - cf-dev@ thread
• MultiApps from SAP - cf-dev@ thread

Identity

• Simplifying Cloud Foundry Login Server
• Access Control Services suggested by Dario Amiri (GE) into vcap-dev thread
• UAA & SAML Integration for handling SAML claims. Complete. Epic
• CF leveraging LDAP groups/SAML claims to derive CF org/space role memberships a.k.a "CF Roles & LDAP/SAML"
• Revocable tokens
• Machine Authentication using UAA
• Invitations API
• UAA Js SDK aka OIDC Sessions / Single Sign Out - Done OIDC session management
• UAA integration with Kubernetes & Istio - Started
• Multifactor Authentication for UAA - Done Epic. google-authenticator support implemented

CF Container Runtime

• cf-bosh@ thread
  • Cloud Foundry/Kubernetes Integration Scenarios

    • Pluggable Orchestration with Kube backend (“Cube/Eirini”) - cf-dev@ thread

      • Cloud Foundry Orchestrator Provider Interface

    • Open Service Broker Catalog, i.e. peripli / service manager

      • WG Agenda
      • instance sharing with service manager

    • Containerizing Cloud Foundry

    • K8s-Native Routing for CF - Part 1: Routing to Apps on Eirini

• TCP Routes for CFCR Services: Possible Workflows - cf-dev@ thread
• CFCR Control Plane BBR scenarios - Bloomberg - related story

CF4K8S

• CF for K8s: Index of CFF resources and discussions
  • Kubernetes-idiomatic⭐️ Cloud Foundry components guidelines
    • Now published in cloudfoundry-incubator/kubernetes-guidelines repo
  • Running app workloads across multiple K8s clusters via a single CF control plane
  • CFAR Loggregator/Eirini co-evolution discussion notes
  • Garden Security for Kubernetes/Eirini Inception
  • Volume Services in CF4K8S
  • cf-for-k8s Metrics Guide
  • Exploring CRDs in the CF App Runtime
• KubeCF to CFF KubeCF incubating CFF

Other extension projects

• BlockHead: An Ethereum Smart Contract Service Broker - cf-dev@ thread

Misc other reference technical docs (e.g. not yet in official docs)

• Nats message flow reference
• Metrics list transient reference
• Import-Path Service for Cloud Foundry Golang Repositories
• Word and Phrase List: Public Facing - Glossary/vocabulary used in documentation (Dos and don'ts)

New 2023 CFF govervance docs

• See https://github.com/cloudfoundry/community/blob/main/toc/working-groups/WORKING-GROUPS.md