diff --git a/.gitignore b/.gitignore
index 969d4ad4..f2e804b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,18 +1,13 @@
-# See http://help.github.com/ignore-files/ for more about ignoring files.
-#
-# If you find yourself ignoring temporary files generated by your text editor
-# or operating system, you probably want to add a global ignore instead:
-# git config --global core.excludesfile ~/.gitignore_global
-
-# Ignore bundler config
+output
+final_app
.bundle
-
-# Ignore the build directory
-build
-
-# Ignore Sass' cache
-.sass-cache
-
-.idea
+Gemfile.lock
+final_app/*
+cached_shas.yml
+**/.sass-cache/*
+bin
vendor
-.DS_Store
\ No newline at end of file
+[#]*[#]
+.DS_Store
+.ruby-version
+.vscode/
\ No newline at end of file
diff --git a/capi/client-libraries.html.md.erb b/capi/client-libraries.html.md.erb
index 21d2454a..a0622456 100644
--- a/capi/client-libraries.html.md.erb
+++ b/capi/client-libraries.html.md.erb
@@ -26,7 +26,7 @@ While you can develop apps that use CAPI by calling it directly as in the API do
<%= vars.app_runtime_abbr %> supports the following clients for CAPI:
* [Java](https://github.com/cloudfoundry/cf-java-client)
-* [Scripting](http://cli.cloudfoundry.org/en-US/cf/curl.html) with the Cloud Foundry Command Line Interface (cf CLI)
+* Scripting: enter `cf help curl`
### Experimental
diff --git a/custom-per-route-options.html.md.erb b/custom-per-route-options.html.md.erb
new file mode 100644
index 00000000..706878b0
--- /dev/null
+++ b/custom-per-route-options.html.md.erb
@@ -0,0 +1,139 @@
+---
+title: Configuring per-route options
+owner: CF for VMs Networking
+---
+
+By default, communication between Gorouter and backends is configured through the general settings at the platform level.
+
+This topic describes how to specify per-route Gorouter options scoped at the application level.
+This greater granularity lets developers tailor optimal routing behavior for applications' unique load profiles or other requirements.
+
+Gorouter supports the following per-route option, described in the section below:
+
+- `loadbalancing`: Configures the load balancing algorithm used by Gorouter for this particular route. <%= vars.per_route_lb_version %>
+ - Settings: `round-robin`, `least-connection`.
+
+## Configure Gorouter's Load Balancing Algorithm
+
+<%= vars.per_route_lb_version %>
+
+The per-route option `loadbalancing` allows configuring the load balancing algorithm, which defines how the load is distributed between Gorouters and backends.
+
+This option supports two settings for load balancing:
+
+- `round-robin` distributes the load evenly across all available backends
+- `least-connection` directs traffic to the backend with the fewest active connections at any given time, optimizing resource utilization
+
+
+### Configure Load Balancing in an App Manifest
+
+To configure per-route load balancing for an application that has not yet been pushed:
+
+1. In the application manifest, include a `route` definition with an `options: loadbalancing` attribute set to `round-robin` or `least-connection`. For example:
+
+ ```yaml
+ ---
+ applications:
+ - name: MY-APP
+ routes:
+ - route: MY-HOST.EXAMPLE.COM
+ options:
+ loadbalancing: least-connection
+ ```
+
+ Where `MY-APP` is the name of your app and `MY-HOST.EXAMPLE.COM` is the route you want to map to your app.
+
+1. Push the app with the manifest:
+
+ ```console
+ cf push -f manifest.yml
+ ```
+
+### Change Load Balancing Algorithm of an Existing Route
+
+To change the per-route `loadbalancing` option of an existing route, you can use the cli command, `update-route`.
+
+For example, to change an app route's algorithm from `least-connection` to `round-robin`, you can run the `update-route` command:
+
+```console
+cf update-route EXAMPLE.COM --hostname MY-HOST --option loadbalancing=round-robin
+```
+
+Alternatively, it is also possible to update the per-route load balancing option via the `/v3/routes` API.
+
+Run the `PATCH` request to the targeted API endpoint:
+
+```console
+cf curl /v3/routes/GUID -X PATCH -H "Content-type: application/json" \
+ -d '{
+ "options": {
+ "loadbalancing": "round-robin"
+ }
+ }'
+```
+Where `GUID` is the unique identifier for the route.
+
+### Create a Route with a specific Load Balancing Algorithm
+
+To create a route with a per-route `loadbalancing` option, you can use the cli command `create-route`.
+For example:
+
+```console
+cf create-route EXAMPLE.COM --hostname MY-HOST --option loadbalancing=round-robin
+```
+
+Alternatively, it is also possible to create a route with a per-route load balancing option via the `/v3/routes` API:
+
+```console
+cf curl /v3/routes -X POST -H "Content-type: application/json" \
+ -d '{
+ "host": "MY-HOST",
+ "path": "MY-PATH",
+ ...
+ "options": {
+ "loadbalancing": "round-robin"
+ }
+ }'
+```
+
+### Map a Route to an Existing App with specific Load Balancing Algorithm
+
+To create and map a new route to an existing application with the per-route `loadbalancing` option, you can use the cli command `map-route`.
+
+For example:
+
+```console
+cf map-route MY-APP EXAMPLE.COM --hostname MY-HOST --option loadbalancing=round-robin
+```
+
+
+The command map-route supports the --option flag only for new routes.
+To update an existing route, the command update-route must be used as described before.
+
+### Retrieve Route Options
+
+To read route options, you can query the route using the `route` command:
+
+```console
+cf route EXAMPLE.COM --hostname MY-HOST
+```
+
+ The response lists the chosen `loadbalancing` algorithm option, e.g. `least-connection`:
+
+```console
+options: {loadbalancing=least-connection}
+```
+
+ Alternatively, you can query the `routes` API endpoint for a route:
+
+```console
+cf curl /v3/routes/?hosts=MY-HOST
+```
+
+Where `MY-HOST` is the host attribute of the route. The response lists the chosen `loadbalancing` algorithm option as well:
+
+```console
+ "options": {"loadbalancing": "least-connection"}
+```
+
+To retrieve all the routes with the corresponding options in a space of an organization, you can use the `routes` command.
diff --git a/custom-ports.html.md.erb b/custom-ports.html.md.erb
index b546250d..c69cbd93 100644
--- a/custom-ports.html.md.erb
+++ b/custom-ports.html.md.erb
@@ -122,7 +122,6 @@ To configure your app to receive HTTP or TCP requests on custom ports:
- Caution
This API call removes all destinations for a route and replaces them with the destinations you provide in the API request.
## Additional resources
diff --git a/deploy-apps/_c2c_oss_overlay.html.md.erb b/deploy-apps/_c2c_oss_overlay.html.md.erb
index fa644abf..aa61e26c 100644
--- a/deploy-apps/_c2c_oss_overlay.html.md.erb
+++ b/deploy-apps/_c2c_oss_overlay.html.md.erb
@@ -1,68 +1,180 @@
## Configure the overlay network
-Container-to-container networking uses an overlay network to manage communication between app instances.
-By default, each Diego Cell in the overlay network is allocated a /24 range that supports 254 containers per cell, one container for each of the usable IP addresses, `.1` through `.254`.
+Container-to-container networking uses an overlay network to manage
+communication between app instances. By default, each Diego Cell in the overlay
+network is allocated a /24 range that supports 254 containers per cell, one
+container for each of the usable IP addresses, `.1` through `.254`.
-For more information about the overlay network, see [Overlay network](../../concepts/understand-cf-networking.html#overlay-network) in _Container-to-container networking_.
+For more information about the overlay network, see [Overlay
+network](../../concepts/understand-cf-networking.html#overlay-network) in
+_Container-to-container networking_.
-### Configure the number of Diego Cells
+### Understanding the Overlay Network Properties using a Pie Metaphor
-To change the number of Diego Cells supported by the overlay network in your Cloud Foundry deployment, edit the `cf_networking.network` property in your `cf-networking-release` manifest, and then re-deploy Cloud Foundry. See the following examples:
+There are two <%= vars.app_runtime_abbr %> properties concerning the overlay
+network. Before going into the details of the actual <%= vars.app_runtime_abbr
+%> properties, let's talk about them metaphorically.
-
-
- | Overlay subnet mask |
- Number of cells |
- Containers per cell |
-
+Imagine the entire overlay network is a group of pies. One <%= vars.app_runtime_abbr %>
+property defines these pies and their sizes.
+
+The purpose of these pies are to serve the hungry, hungry Diego Cells. Each Diego
+Cell is hungry and needs a slice of pie. Without a slice of pie the Diego Cell
+cannot start because it has no energy. This is an egalitarian kitchen, so each
+Diego Cell must get the same size pie slice.
+
+The second <%= vars.app_runtime_abbr %> property determines the size of the pie
+slice that each Diego Cell is given. The smaller the slice of pie that each Diego
+Cell gets, the less “energy” each Diego Cell has, and thus fewer apps can run on each
+Diego Cell. The larger the slice of pie is that each Diego Cell gets, the more
+“energy” the Diego Cell has, and thus more apps can run on each Diego Cell.
+
+If the pies and their sizes stay constant, smaller slices of pie means there can be
+more Diego Cells (which are fed less each) and larger slices means there is a
+smaller number of possible Diego Cells (which are fed more each).
+
+
+
- | /20 |
- 15 |
- 254 |
-
+ Pie Metaphor Property |
+ Actual Bosh Property |
+ Description |
+ Default |
+
- | /16 |
- 255 |
- 254 |
+ Group of pies and their sizes |
+ network on the silk-controller job |
+ An list of CIDR address blocks for the overlay network provided as an
+ array of strings. Subnets for each Diego Cell are allocated out of this
+ network. The subnet_prefix_length property must be smaller than the
+ smallest CIDR address block.
+ |
+ ["10.255.0.0/16"] |
- | /12 |
- 4,095 |
- 254 |
+ Slice size for each Diego Cell |
+ "subnet_prefix_length" on the silk-controller job |
+ The CIDR mask for each Diego Cell's individual overlay network subnet.
+ For a /24 subnet for each Diego Cell, enter 24 This subnet must be
+ smaller than all individual IP ranges provided in the network property.
+ | 24 |
-
-Caution
-The overlay network IP address range must not conflict with any other IP addresses in the network. If a conflict exists, Diego Cells cannot reach any endpoint that has a conflicting IP address.
-### Configure the number of containers per cell
+### Configuring Overlay Networking Properties
+
+Changing the two overlay network properties "network" and
+"subnet_prefix_length" affect how many Diego Cells can run in one deployment
+and how many apps can be run on each Diego Cell.
+
+Use the following algorithm to determine how many Diego Cells can run with a
+given configuration.
+
+```
+A = the total number of IPs in the "network"
+B = number of IPs per Diego Cell as defined by the "subnet_prefix_length"
+C = number of CIDRs in the "network"
+
+Max supported number of Diego Cells = (A/B) - C
+```
-To change the number of containers per Diego Cell in your Cloud Foundry deployment, edit the `cf_networking.subnet_prefix_length` property in your `cf-networking-release` manifest, and then re-deploy Cloud Foundry. See the following examples:
+Here is an example using the default values:
+
+```
+network = ["10.255.0.0/16"]
+subnet_prefix_length = 24
+
+A = /16 CIDR = 65,536 IPs
+B = /24 CIDR = 256 IPs
+C = 1
+
+Max supported number of Diego Cells = (65,536/256) - 1 = 255
+```
+
+Here is an example using other values:
+
+```
+network = ["10.255.0.0/20", "10.255.96.0/21"]
+subnet_prefix_length = 24
+
+A = /20 CIDR + /21 CIDR = 4,096 IPs + 2,048 IPs = 6,144 IPs
+B = /24 CIDR = 256 IPs
+C = 2
+
+Max supported number of Diego Cells = (6,144/256) - 2 = 22
+```
+
+All CIDRs provided in the "network" must have a larger prefix length
+than the "subnet_prefix_length."
+
+Here are some examples of invalid combinations of properties:
+
+
+
+ | Property |
+ Value |
+
+ | network |
+ ["10.255.0.0/20", "10.255.96.0/21", "10.255.200.0/23", "10.255.220.0/24"] |
+
+
+ | subnet_prefix_length |
+ 24 |
+
+
+ | Invalid reason |
+ subnet_prefix_length must be smaller than all CIDRs in the network. In this case it is the same size as 10.255.220.0/24. |
+
+
+
-
+
+
+
+ | Property |
+ Value |
- | Overlay subnet mask |
- Number of cells |
- Cell prefix length |
- Containers per cell |
+ network |
+ ["10.255.0.0/20", "10.255.96.0/21", "10.255.200.0/23", "10.255.220.0/32"] |
- | /16 |
- 255 |
- /24 |
- 254 |
+ subnet_prefix_length |
+ 24 |
- | /16 |
- 255 |
- /26 |
- 62 |
+ Invalid reason |
+ subnet_prefix_length must be smaller than all CIDRs in the network. In this case it is larger than 10.255.220.0/32. |
+
+
+
+
+
+
+
+ | Property |
+ Value |
+
+ | network |
+ ["10.255.0.0/20", "10.255.0.0/16"] |
+
+
+ | subnet_prefix_length |
+ 24 |
- | /16 |
- 255 |
- /28 |
- 14 |
+ Invalid reason |
+ network must not have any overlapping IP ranges. In this case 10.255.0.0/20 is a subset of 10.255.0.0/16. |
+
+
+### Changing the Overlay Network
+
+Updating the "network" and "subnet_prefix_length" property is supported. However it will cause
+container-to-container networking downtime during the deploy while the network
+update is rolling out across Diego Cells.
+
+ The overlay network IP address ranges must not conflict with any other IP
+addresses in the network. If a conflict exists, Diego Cells cannot reach any
+endpoint that has a conflicting IP address.
diff --git a/deploy-apps/_v3-note.html.md.erb b/deploy-apps/_v3-note.html.md.erb
index 3cfe8b8d..f63163ec 100644
--- a/deploy-apps/_v3-note.html.md.erb
+++ b/deploy-apps/_v3-note.html.md.erb
@@ -1,11 +1,10 @@
-
Important
This attribute is available with CAPI V3 only. To push a manifest that uses this attribute, do one of the following:
-Note
An exception to the cases previously mentioned is when monit restarts a Diego Cell replacement or Garden server that has failed. In this case, <%= vars.app_runtime_abbr %> immediately stops the apps that are still running using SIGKILL.
diff --git a/deploy-apps/app-ssh-overview.html.md.erb b/deploy-apps/app-ssh-overview.html.md.erb
index b25a2b25..f322ceec 100644
--- a/deploy-apps/app-ssh-overview.html.md.erb
+++ b/deploy-apps/app-ssh-overview.html.md.erb
@@ -32,11 +32,11 @@ for spaces, and for apps as described in the table:
| Space manager |
Space |
- cf CLI allow-space-ssh and disallow-space-ssh commands |
+ cf CLI cf allow-space-ssh and cf disallow-space-ssh commands |
| Space developer |
App |
- cf CLI enable-ssh and disable-ssh commands |
+ cf CLI enable-ssh and disable-ssh commands |
diff --git a/deploy-apps/blue-green.html.md.erb b/deploy-apps/blue-green.html.md.erb
index f109a36f..b911ead3 100644
--- a/deploy-apps/blue-green.html.md.erb
+++ b/deploy-apps/blue-green.html.md.erb
@@ -25,7 +25,6 @@ version by switching back to Blue.
You can adjust the route mapping pattern to display a static maintenance page during a maintenance window for time-consuming tasks such as migrating a database. In this scenario, the router switches all incoming requests from Blue to Maintenance to Green.
-Important
If your app uses a relational database, blue-green deployment can lead to discrepancies between your green and glue databases during an update. To maximize data integrity, configure a single database for backward and forward compatibility.
@@ -77,7 +76,7 @@ The router now also sends any traffic for `demo-time-temp.example.com` to Green.
Now that both apps are up and running, switch the router so all incoming
requests go to both the Green app and the Blue app.
-Use the [cf map-route](http://cli.cloudfoundry.org/en-US/cf/map-route.html) command to map the original URL route (`demo-time.example.com`) to the Green app.
+Use the `cf map-route` command to map the original URL route (`demo-time.example.com`) to the Green app.
$ cf map-route Green example.com -n demo-time
@@ -94,7 +93,7 @@ After the `cf map-route` command :
### Step 4: Unmap route to Blue
After you verify that Green is running as expected, stop routing requests to Blue
-using the [cf unmap-route](http://cli.cloudfoundry.org/en-US/cf/unmap-route.html) command:
+using the `cf unmap-route` command:
$ cf unmap-route Blue example.com -n demo-time
diff --git a/deploy-apps/canary-deploy.html.md.erb b/deploy-apps/canary-deploy.html.md.erb
deleted file mode 100644
index 8f30973b..00000000
--- a/deploy-apps/canary-deploy.html.md.erb
+++ /dev/null
@@ -1,387 +0,0 @@
----
-title: Configuring canary app deployments
-owner: CAPI
----
-
-You can use Cloud Foundry Command Line Interface (cf CLI) commands
-or the Cloud Foundry API (CAPI) to push your apps to <%= vars.app_runtime_first %> using a canary deployment.
-
-For information about the traditional method for addressing app downtime while pushing app updates,
-see [Using blue-green deployment to reduce downtime and risk](./blue-green.html).
-
-For more information about CAPI, see the
-[Cloud Foundry API (CAPI) documentation](https://v3-apidocs.cloudfoundry.org/).
-
-Canary deployments will allow users to deploy a single instance of a new version of an application and check if it is running as expected,
-before continuing the rolling deployment of the rest of the instances. If the new version of the application is not running as expected, the canary deployment can be cancelled.
-
-The expected workflow for this feature is:
-1. Deploy a single canary instance with the changed code
-1. Manually verify that canary instance with new code runs as expected
-1. Continue the rolling deployment for the remaining instances.
-
-
-## Prerequisites
-
-The procedures in this topic require one of the following:
-
-* **cf CLI v8 or later**
-
-* **CAPI V3.173.0 or later:** If you use CAPI V3, you must install the cf CLI version 8+.
-
-
-## Commands
-
-This section describes the commands for working with canary app deployments.
-
-### Deploy an app
-
-To deploy a canary version of an app:
-
-
-Caution
-Review the limitations of this feature before running the command. For more information, see
-Limitations.
-
-* **For CF CLI v8:**
- ```
- cf push APP-NAME --strategy canary
- ```
- Where `APP-NAME` is the name that you want to give your app.
-
-
- Note
- cf CLI will exit when the canary instance is healthy.
- It also includes a --no-wait flag on push for users who don't want to wait
- for the operation to complete.
-
-
- To cancel, see [Cancel a canary deployment](#cancel).
-
-* **For CAPI V3:**
- 1. Log in to the cf CLI.
-
- ```
- cf login
- ```
- 2. Create an empty app by running the following `curl` command with `POST /v3/apps`. Record the
- app GUID from the output.
-
- ```
- cf curl /v3/apps \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "name": "APP-NAME",
- "relationships": {
- "space": {
- "data": {
- "guid": "SPACE-GUID"
- }
- }
- }
- }'
- ```
-
- Where:
-
- APP-NAME is the name that you want to give your app.SPACE-GUID is the space identifier that you want to associate with your app.
- 3. Create a package with the following `curl` command with `POST /v3/packages`. Record the package
- GUID from the output.
-
- ```
- cf curl /v3/packages \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "type": "bits",
- "relationships": {
- "app": {
- "data": {
- "guid": "APP-GUID"
- }
- }
- }
- }'
- ```
- Where `APP-GUID` is the app GUID that you recorded in an earlier step. This app GUID is a
- unique identifier for your app.
- 4. Upload the package bits by running the following `curl` command with
- `POST /v3/packages/PACKAGE-GUID/upload`.
-
- ```
- cf curl /v3/packages/PACKAGE-GUID/upload \
- -X POST \
- -F bits=@"PACKAGED-APP" \
- ```
-
- Where:
-
- PACKAGE-GUID is the package GUID that you recorded in an earlier step.PACKAGED-APP is your app packaged in a file such as .zip.
- 5. Create the build by running the following `curl` command with `POST /v3/builds`. Record the
- droplet GUID from the output.
-
- ```
- cf curl /v3/builds \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "package": {
- "guid": PACKAGE-GUID"
- }
- }'
- ```
- Where `PACKAGE-GUID` is the package GUID that you recorded in an earlier step.
- 6. Deploy your app by running the following `curl` command with `POST /v3/deployments`. To verify
- the status of the deployment or take action on the deployment, record the deployment GUID from the
- output.
-
- ```
- cf curl /v3/deployments \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "droplet": {
- "guid": "DROPLET-GUID"
- },
- "strategy": "canary",
- "relationships": {
- "app": {
- "data": {
- "guid": "APP-GUID"
- }
- }
- }
- }'
- ```
- Where `DROPLET-GUID` and `APP-GUID` are the GUIDs that you recorded in earlier steps.
-
-For more information about this command, see [How it works](#how-it-works).
-
-### Continue the canary deployment
-
-To finish the deployment after validating the canary:
-
-* **For cf CLI v8+, run:**
-
- ```
- cf continue-deployment APP-NAME
- ```
- Where `APP-NAME` is the name of the app.
-
-* **For CAPI V3, run:**
-
- ```
- cf curl /v3/deployments/DEPLOYMENT-GUID/actions/continue" -X POST
- ```
- Where `DEPLOYMENT-GUID` is the GUID of the deployment that you recorded after following the
- CAPI procedure in [Deploy an app](#deploy).
-
-This continues the rolling deployment of the app.
-
-## Cancel a canary deployment
-
-To stop the deployment of an app that you pushed:
-
-* **For cf CLI v8+, run:**
-
- ```
- cf cancel-deployment APP-NAME
- ```
- Where `APP-NAME` is the name of the app.
-
-* **For CAPI V3, run:**
-
- ```
- cf curl /v3/deployments/DEPLOYMENT-GUID/actions/cancel" -X POST
- ```
- Where `DEPLOYMENT-GUID` is the GUID of the deployment that you recorded after following the
- CAPI procedure in [Deploy an app](#deploy).
-
-This reverts the app to its state from before the deployment started by:
-* Removing any deployment artifacts
-* Resetting the `current_droplet` on the app
-
-
-Note
-The cancel command is designed to remove the canary instance of the app.
-If this command is used after continue-deployment it will behave like a cancelation of a rolling deployment.
-
-## How it works
-
-This section describes the canary deployments and their limitations.
-
-### Canary deployment
-
-This section describes pushing an app with a canary deployment strategy.
-
-1. The `cf push APP-NAME --strategy canary` command:
- 1. Stages the updated app package.
- 2. Creates a droplet with the updated app package.
- 3. Creates a deployment with the new droplet and any new configuration.
- * This starts a new process with one instance that shares the route with the old process.
- * Now, if you run `cf app` on your app, you see multiple `web` processes.
-
- For more information about the deployment object, see the [Deployments](http://v3-apidocs.cloudfoundry.org/index.html#deployments) section of the CAPI V3 documentation.
-
-2. After the command creates the deployment, the `cc_deployment_updater` BOSH job runs in the
-background, updating deployments as follows:
- 1. Adds another instance of the new web process and removes an instance from the old web process. This step repeats until the new web process reaches the required number of instances.
-
- Important
- This happens only if all instances of the new web process are running.
- 2. Removes the old web process. The new web process now fully replaces the old web process.
- 3. Restarts all non-web processes of the app.
- 4. Sets the deployment to `PAUSED`.
-
-3. After validating that the canary instance is running as expected execute the command `cf continue-deployment APP-NAME`:
- 1. Changes the deployment reason to `DEPLOYING` and starts doing a rolling deployment
-
-4. After the command changes the status of the deployment, the `cc_deployment_updater` BOSH job runs in the
-background, updating deployments as follows:
- 1. Adds MaxInFlight number of instances (**by default it is 1**) of the new web process and removes MaxInFlight number of instance from the old web process. This step repeats until the new web process reaches the required number of instances.
-
- Important
- This happens only if all instances of the new web process are running.
- 2. Removes the old web process. The new web process now fully replaces the old web process.
- 3. Restarts all non-web processes of the app.
- 4. Sets the deployment to `DEPLOYED`.
-
-### Limitations
-
-The following table describes the limitations of when using canary deployments.
-
-
-
- | Limitation |
- Description |
-
-
- | Multiple app versions |
- During a deployment, <%= vars.app_runtime_abbr %> serves both the old and new version of your app at the
- same route. This can lead to user issues if you push backwards-incompatible API changes. |
-
-
- | Database migrations |
- Deployments do not handle database migrations. Migrating an app database when the existing
- app is not compatible with the migration can result in downtime. |
-
-
- | Non-web processes |
- Canary deployment will only create an instance of the web process. |
-
-
- | Quotas |
- Pushing updates to your app using a canary deployment strategy creates an extra instance
- of your app. If you lack sufficient quota, the deployment fails. Administrators might need to increase
- quotas to accommodate canary deployments. |
-
-
- | Simultaneous apps when interrupting a push |
- If you push app before your previous push command for the same app has completed, your
- first push gets interrupted. Until the last deployment completes, there might be many versions
- of the app running at the same time. Eventually, the app runs the code from your most recent
- push. |
-
-
-
- | Evaluating the Canary Instance |
-
- Given that the current processes share the same route the best way to validate that traffic is reaching the canary instance by looking at the logs.
- The logs for all instance will be tagged with "process_id", and "revision_version".
-
- Using CF CLI the logs can be retrieved using "cf logs APP_NAME" and search for "revision version"
- |
-
-
-
-
-## View the status of canary deployments
-
-You can use CAPI to view the status of canary deployment.
-
-To view the status of a canary deployment:
-
-1. Log in to the cf CLI:
-
- ```
- cf login
- ```
-
-1. Find the GUID of your app by running:
-
- ```
- cf app APP-NAME --guid
- ```
- Where `APP-NAME` is the name of the app.
-
-1. Find the deployment for that app by running:
-
- ```
- cf curl GET /v3/deployments?app_guids=APP-GUID&status_values=ACTIVE
- ```
- Where `APP-GUID` is the GUID of the app. Deployments are listed in chronological order, with
- the latest deployment displayed as the last in a list.
-
-1. Run:
-
- ```
- cf curl GET /v3/deployments/DEPLOYMENT-GUID
- ```
- Where `DEPLOYMENT-GUID` is the GUID of the canary deployment.
-
-`cf curl GET /v3/deployments/DEPLOYMENT-GUID` returns these status properties for canary deployments:
-
-* `status.value`: Indicates if the deployment is `ACTIVE` or `FINALIZED`.
-
-* `status.reason`: Provides detail about the deployment status.
-
-* `status.details`: Provides the timestamp for the most recent successful health check.
- The value of the `status.details` property can be `nil` with no successful health check
- for the deployment. For example, there might be no successful health check if the deployment was
- cancelled.
-
-The following table describes the possible values for the `status.value` and `status.reason`
-properties:
-
-
- status.value |
- status.reason |
- Description |
-
- ACTIVE |
- DEPLOYING |
- The deployment is deploying. |
-
-
- ACTIVE |
- PAUSED |
- The deployment is paused waiting for the user to continue with the deployment. |
-
-
- ACTIVE |
- CANCELLING |
- The deployment is cancelling. |
-
-
- FINALIZED |
- DEPLOYED |
- The deployment was deployed. |
-
-
- FINALIZED |
- CANCELLED |
- The deployment was cancelled. |
-
-
- FINALIZED |
- SUPERSEDED |
- The deployment was stopped and did not finish deploying because there was another
- deployment created for the app.
- |
-
-
diff --git a/deploy-apps/cf-networking.html.md.erb b/deploy-apps/cf-networking.html.md.erb
index eb0a1471..35104328 100644
--- a/deploy-apps/cf-networking.html.md.erb
+++ b/deploy-apps/cf-networking.html.md.erb
@@ -7,7 +7,6 @@ owner: CF for VMs Networking
The container-to-container networking feature, also known as CF Networking, allows direct network traffic between apps. For an overview of how container-to-container networking works, see [Container-to-container networking](../../concepts/understand-cf-networking.html).
-Important
Container-to-container networking is not available for apps hosted on Microsoft Windows.
<%= vars.app_traffic_logging %>
diff --git a/deploy-apps/cf-scale.html.md.erb b/deploy-apps/cf-scale.html.md.erb
index 17517652..66f2311e 100644
--- a/deploy-apps/cf-scale.html.md.erb
+++ b/deploy-apps/cf-scale.html.md.erb
@@ -11,7 +11,7 @@ For many apps, increasing the available disk space or memory can improve overall
Similarly, running additional instances of an app can allow the app to handle increases in user load and concurrent requests.
These adjustments are called "scaling" an app.
-Use [cf scale](http://cli.cloudfoundry.org/en-US/cf/scale.html) to scale your app up or down to meet changes in traffic
+Use `cf scale` to scale your app up or down to meet changes in traffic
or demand.
<%=vars.autoscaler_note_dev_guide%>
@@ -34,7 +34,6 @@ $ cf scale myApp -i 5
-Note
In cf CLI v7+, you can also use --process with cf scale to scale specific processes of your app.
## Scaling vertically
diff --git a/deploy-apps/deploy-app.html.md.erb b/deploy-apps/deploy-app.html.md.erb
index ad453c46..520fe880 100644
--- a/deploy-apps/deploy-app.html.md.erb
+++ b/deploy-apps/deploy-app.html.md.erb
@@ -188,14 +188,8 @@ You can configure the `cf push` command to run custom initialization tasks for
These tasks run after <%= vars.app_runtime_abbr %> loads the app droplet but before it starts the app to allow the initialization script to access the app language runtime environment. For example, your script can map values from `$VCAP_SERVICES` into other environment variables or a config file that the app uses.
-
Important
-The following notes include important information about configuring app initialization when you use certain buildpacks:
+See the following important information about configuring app initialization when you use certain buildpacks:
- - Java: Initialization scripts for the Java buildpack require additional configuration.
- <% if vars.platform_code != 'CF' %> For more information, see
- How to Modify the Application Container Environment prior to Application Execution in the VMware Tanzu Knowledge Base.
- <% end %>
-
- PHP: <%= vars.app_runtime_abbr %> does not support initialization scripts for the PHP buildpack versions prior to v4.3.18. If you use
one of these buildpack versions, your app hosts the
.profile script's contents. This means that any app staged using the affected buildpack
versions can leak credentials placed in the .profile script.
@@ -207,7 +201,7 @@ To run initialization tasks:
1. Create a `.profile` script that contains the initialization tasks.
-1. Save the `.profile` script to the directory where you run the `cf push` command.
+2. Save the `.profile` script to the directory where you run the `cf push` command.
The following example `.profile` file uses `bash` to set a value for the environment variable `LANG`:
@@ -239,7 +233,7 @@ To specify custom options when pushing an app with `cf push`, you can include th
For information about how app settings change from push to push, including how command-line options, manifests, and commands like `cf scale` interact, see
[Deploying with App Manifests](manifest.html).
-For a full list of `cf push` options, see the [Cloud Foundry CLI reference guide](https://cli.cloudfoundry.org/en-US/cf/push.html).
+For a full list of `cf push` options, enter `cf push --help`.
### Configure app services (optional)
@@ -253,13 +247,21 @@ For apps that are not already set up for the services that they use:
1. (Optional) Configure the app with the service URL and credentials, if needed. For more information, see [Configuring Service
Connections](../../buildpacks/java/configuring-service-connections.html).
+### Build custom push workflows (optional)
+
+The CF CLI includes [composible push sub-step
+commands](../push-sub-commands.html) that empower you to build your own push.
+These are useful if the default behavior of `cf push` does not match your
+needs, or if you want to implement more complicated app build, promotion, and
+run workflows.
+
## App updates and downtime
-When you push an app that is already running, <%= vars.app_runtime_abbr %> stops all existing instances of that app. Users who try to access the app see a `404 Not Found` message while `cf push` runs.
+By default, when you push an app that is already running, <%= vars.app_runtime_abbr %> stops all existing instances of that app. Users who try to access the app see a `404 Not Found` message while `cf push` runs.
-With some app updates, old and new versions of your code must never run at the same time. A worst-case example is if your app update migrates a database schema, causing old app instances to fail and lose user data. To prevent this, you must stop all running instances of your app before you push the new version.
+When old and new versions of your app can run simultaneously, you can avoid app downtime by using [Rolling deployments](./rolling-deploy.html). Alternatively, you can use the blue-green deployment method to swap routes between app versions running in parallel. For more information, see [Using blue-green deployment to reduce downtime and risk](blue-green.html).
-When old and new versions of your app can run simultaneously, you can avoid app downtime by using the blue-green deployment method to swap routes between app versions running in parallel. For more information, see [Using blue-green deployment to reduce downtime and risk](blue-green.html).
+With some app updates, old and new versions of your code must never run at the same time. A worst-case example is if your app update migrates a database schema, causing old app instances to fail and lose user data. To prevent this, you must stop all running instances of your app before you push the new version.
## Troubleshoot app push problems
diff --git a/deploy-apps/environment-variable.html.md.erb b/deploy-apps/environment-variable.html.md.erb
index e5bcd749..d2a854bb 100644
--- a/deploy-apps/environment-variable.html.md.erb
+++ b/deploy-apps/environment-variable.html.md.erb
@@ -15,11 +15,9 @@ Environment variables are the means <%= vars.app_runtime_abbr %> uses to communi
For information about setting your own app-specific environment variables, see the [Environment variable](./manifest.html#env-block) in _Deploying with app manifests_.
-Important
-Do not use user-provided environment variables for security-sensitive information such as credentials. They might unintentionally show up in cf CLI output and Cloud Controller logs. Use user-provided service instances instead. The system-provided environment variable VCAP_SERVICES is properly redacted for user roles such as Space Supporter and in Cloud Controller log files.
+Do not use user-provided environment variables for security-sensitive information such as credentials. They might unintentionally show up in cf CLI output and Cloud Controller logs. Use user-provided service instances instead. Credentials that are provided to the app through service bindings are redacted for user roles such as Space Supporter and in Cloud Controller log files.
-Important
The maximum size of an environment variable is 130 KB. This limit applies also to <%= vars.app_runtime_abbr %> system environment variables such as VCAP_SERVICES and VCAP_APPLICATION.
@@ -27,11 +25,17 @@ The maximum size of an environment variable is 130 KB. This limit applies a
Using the Cloud Foundry Command Line Interface (cf CLI), you can run the `cf env` command to view the <%= vars.app_runtime_abbr %> environment variables for your app. The `cf env` command displays the following environment variables:
-* The `VCAP_APPLICATION` and `VCAP_SERVICES` variables provided in the container environment
-
+* The `VCAP_APPLICATION` variable, which contains app metadata
* The user-provided variables set using the `cf set-env` command
-For more information about the `cf env` command, see [env](http://cli.cloudfoundry.org/en-US/cf/env.html) in the cf CLI documentation. For more information about the `cf set-env` command, see [set-env](http://cli.cloudfoundry.org/en-US/cf/set-env.html) in the cf CLI documentation.
+There are 3 possible ways of providing service binding data to apps, see [Credential Delivery Methods](../services/application-binding.html#credential-delivery-methods). Depending on the chosen method there will be one of the following environment variables:
+
+* [VCAP_SERVICES](#VCAP-SERVICES)
+* [SERVICE_BINDING_ROOT](#SERVICE-BINDING-ROOT) (experimental)
+* [VCAP_SERVICES_FILE_PATH](#VCAP-SERVICES-FILE-PATH) (experimental)
+
+For more information about the `cf env` command, enter `cf env --help`.
+For more information about the `cf set-env` command, enter `cf set-env --help`.
The following example demonstrates the environment variables `cf env` displays:
@@ -102,12 +106,14 @@ The following table lists the system variables available to your application con
| `PATH` | x | x | x |
| `PORT` | x | | |
| `PWD` | x | x | x |
+| `SERVICE_BINDING_ROOT` | x | x | x |
| `TMPDIR` | x | | x |
| `USER` | x | x | x |
| `VCAP_APP_HOST` | x | | |
| `VCAP_APP_PORT` | x | | |
| `VCAP_APPLICATION` | x | x | x |
| `VCAP_SERVICES` | x | x | x |
+| `VCAP_SERVICES_FILE_PATH` | x | x | x |
### CF_INSTANCE_ADDR
@@ -224,6 +230,12 @@ The present working directory where the buildpack that processed the app ran.
For example: `PWD=/home/vcap/app`
+### SERVICE_BINDING_ROOT (experimental)
+
+The root directory location, which contains the service binding information. This must be enabled by an app feature flag. See [Service Binding K8s](../services/application-binding.html#service-binding-k8s) for information about how to enable this, and how service binding data is stored in this directory.
+
+For example: `SERVICE_BINDING_ROOT=/etc/cf-service-bindings`
+
### TMPDIR
The directory location where temporary and staging files are stored.
@@ -272,6 +284,8 @@ This environment variable contains the associated attributes for a deployed app.
For bindable services, <%= vars.app_runtime_abbr %> adds connection details to the `VCAP_SERVICES` environment variable when you restart your app, after binding a service instance to your app. For more information about bindable services, see [Services overview](../services/index.html).
+This is the default [Credential Delivery Method](../services/application-binding.html#credential-delivery-methods).
+
<%= vars.app_runtime_abbr %> returns the results as a JSON document that contains an object for each service for which one or more instances are bound to the app. The service object contains a child object for each instance of the service that is bound to the app.
The following table defines the attributes that describe a bound service. The key for each service in the JSON document is the same as the value of the "label" attribute.
@@ -343,6 +357,11 @@ VCAP_SERVICES=
}
~~~
+### VCAP_SERVICES_FILE_PATH (experimental)
+
+This is the path to the file containing the service binding information in JSON format. It must be enabled by an app feature flag. See [File-based VCAP services](../services/application-binding.html#file-based-vcap-services) for more information.
+
+For example: `VCAP_SERVICES_FILE_PATH=/etc/cf-service-bindings/vcap_services`
## Environment variable groups
diff --git a/deploy-apps/healthchecks.html.md.erb b/deploy-apps/healthchecks.html.md.erb
index cba576a8..28b634af 100644
--- a/deploy-apps/healthchecks.html.md.erb
+++ b/deploy-apps/healthchecks.html.md.erb
@@ -66,11 +66,9 @@ types are `port`, `process`, and `http`. For more information, see [Health check
* `LIVENESS-HEALTH-CHECK-TIMEOUT` is the amount of time allowed to elapse between starting an app and the
first healthy response. For more information, see [Health check timeouts](#health_check_timeout).
-For more information about the `cf push` command, see
-[push](http://cli.cloudfoundry.org/en-US/cf/push.html) in the Cloud Foundry CLI Reference Guide.
+For more information about the `cf push` command, enter `cf push --help`.
-Important
The health check configuration that you provide with
cf push overrides any configuration in the app manifest.
@@ -91,15 +89,12 @@ Where:
* `CUSTOM-HTTP-ENDPOINT` is the custom HTTP endpoint that you want to add to the health check. By default, an `http` health check uses `/` as its endpoint unless you specify a custom endpoint. For more information, see [Health check HTTP endpoints](#health_check_uri).
-You can also change the health check invocation timeout for
-an app, use cf set-health-check. This option also requires restarting the app. For more information, see Apps in the Cloud Foundry CLI Reference Guide.
+You can also change the health check invocation timeout for an app, use `cf set-health-check`.
+This option also requires restarting the app. For more information, enter `cf set-health-check --help`.
-For more information about the `cf set-health-check` command, see
-[set-health-check](http://cli.cloudfoundry.org/en-US/cf/set-health-check.html) in
-the Cloud Foundry CLI Reference Guide.
+For more information about the `cf set-health-check` command, enter `cf set-health-check --help`.
-Important
After you set the health check configuration of a deployed
app with the cf set-health-check command, you must restart the app for the change to
take effect.
@@ -145,7 +140,6 @@ circumstances in which to use them:
web app is ready to serve HTTP requests. The configured endpoint must respond within one second
to be considered healthy.
- Important
To prevent false
negatives, use a dedicated endpoint for health checks where response time and result do not
depend on business logic.
@@ -184,5 +178,4 @@ path portion of a URI that must be served by the app and return `HTTP 200` when
This command only checks the health of the default port of the app.
-Important
For HTTP apps, <%= vars.company_name %> recommends setting the health check type to http instead of a simple port check.
diff --git a/deploy-apps/large-app-deploy.html.md.erb b/deploy-apps/large-app-deploy.html.md.erb
index 6c0130e5..e9290868 100644
--- a/deploy-apps/large-app-deploy.html.md.erb
+++ b/deploy-apps/large-app-deploy.html.md.erb
@@ -26,6 +26,8 @@ To deploy large apps to <%= vars.app_runtime_abbr %>, ensure that:
* The size of each environment variable for your app does not exceed 130 KB. This includes <%= vars.app_runtime_abbr %> system environment variables such as `VCAP_SERVICES` and `VCAP_APPLICATION`. For more information, see [<%= vars.app_runtime_abbr %> environment variables](environment-variable.html).
+* If VCAP_SERVICES gets too large, either because of too many service bindings or too much data provided by the services, review the other two [Credential Delivery Methods](../services/application-binding.html#credential-delivery-methods); both of these have a limit of 1 MB.
+
* You push only the files that are necessary for your app. To meet this requirement, push only the directory for your app, and remove unneeded files or use the `.cfignore` file to specify excluded files. For more information about specifying excluded files, see [Ignore unnecessary files when pushing](prepare-to-deploy.html#exclude) in _Considerations for Designing and Running an App in the Cloud_.
* You configure Cloud Foundry Command Line Interface (cf CLI) staging, startup, and timeout settings to override settings in the manifest, as necessary:
@@ -37,7 +39,6 @@ To deploy large apps to <%= vars.app_runtime_abbr %>, ensure that:
For more information about using the cf CLI to deploy apps, see [Push](../../cf-cli/getting-started.html#push) in _Getting Started with the cf CLI_.
-Important
Changing the timeout setting for the cf CLI does not change the timeout limit for <%= vars.app_runtime_abbr %>
server-side jobs such as staging or starting apps. You must change server-side timeouts in the manifest. Because of the differences between the
<%= vars.app_runtime_abbr %> and cf CLI timeout values, your app might start even though the cf CLI reports App failed. To review the status of your app, run cf apps APP-NAME, where APP-NAME is the name of your app.
diff --git a/deploy-apps/manifest-attributes.html.md.erb b/deploy-apps/manifest-attributes.html.md.erb
index df1fce72..db1f6a4e 100644
--- a/deploy-apps/manifest-attributes.html.md.erb
+++ b/deploy-apps/manifest-attributes.html.md.erb
@@ -32,7 +32,6 @@ applications:
```
-Important
If your app name begins with the dash character (-), you cannot interact with the app using the cf CLI. This is because the cf CLI interprets the dash as a flag.
### Add schema version to a manifest
@@ -73,7 +72,6 @@ To add variables to an app manifest:
command: go_calls_ruby
```
- Note
You can also use variables for partial values. For example, you can specify host in your variables file and - route: ((host)).env.com in your manifest file.
1. Run:
@@ -115,7 +113,6 @@ memory for `bigapp`.
This section explains how to describe optional app attributes in manifests. You can also specify each of these attributes using a command line option. Command-line options override the manifest.
-Important
In cf CLI v6, the route component attributes domain, domains, host,
hosts, and no-hostname are deprecated in favor of the routes attribute. In cf CLI v7+, these attributes are
removed. For more information, see domain, domains, host, hosts, and no-hostname.
@@ -126,7 +123,9 @@ You can refer to a buildpack by name in a manifest or a command-line option. The
* **Custom buildpacks:** If your app requires a custom buildpack, you can use the `buildpacks` attribute to specify it in a number of ways:
* By name: `BUILDPACK`.
- * By GitHub URL: `https://github.com/cloudfoundry/java-buildpack.git`.
+ * By GitHub URL:
+ * For the source code repo: `https://github.com/cloudfoundry/java-buildpack.git` or
+ * For a fully-packaged asset: `https://github.com/cloudfoundry/java-buildpack/releases/download/v4.76.0/java-buildpack-v4.76.0.zip`
* By GitHub URL with a branch or tag: `https://github.com/cloudfoundry/java-buildpack.git#v3.3.0` for the `v3.3.0` tag.
```
@@ -138,21 +137,21 @@ You can refer to a buildpack by name in a manifest or a command-line option. The
* **Multiple buildpacks:** If you are using multiple buildpacks, you can provide an additional `-b` flag or add an additional value to your manifest:
- ```
- ---
- ...
- buildpacks:
- - buildpack_URL
- - buildpack_URL
- ```
-
-
Important
-
- - This feature does not work with the deprecated
buildpack attribute. For more information, see
- buildpack.
- - You must specify multiple buildpacks in the correct order: the buildpack uses the app start command given by the final buildpack. For more information, see the multi-buildpack repository on GitHub.
-
-
+
+ - This feature does not work with the deprecated
buildpack attribute. For more information, see
+ buildpack.
+ - You must specify multiple buildpacks in the correct order: the buildpack uses the app start command given by the final buildpack. For more information, see the multi-buildpack repository on GitHub.
+
+
-Important
Using the docker attribute with the buildpacks or path attributes causes an error.
+### features
+
+App features can be set using the manifest attribute `features`. The attribute value is a key-value mapping of app feature names to Boolean values indicating whether the feature is enabled or not. If omitted, a feature is enabled or disabled based on its default value (e.g. `revisions` is enabled by default, and the `ssh` status depends on the configuration of the foundation).
+
+For example:
+
+```
+---
+ ...
+ features:
+ ssh: true
+ revisions: true
+ service-binding-k8s: false
+ file-based-vcap-services: false
+```
+
### health-check-type
The `health-check-type` attribute sets the `health_check_type` flag to either `port`, `process` or `http`. If you do not provide a `health-check-type` attribute, the default is `port`.
@@ -368,6 +382,24 @@ The default number of instances is 1.
To ensure that platform maintenance does not interrupt your app, <%= vars.recommended_by %> recommends running at least two instances.
+### lifecycle
+
+The `lifecycle` attribute specifies which application lifecycle to use for staging and running the application. Three variants are supported at the moment:
+
+- [buildpack](../../buildpacks/classic.html)
+- [cnb](../../buildpacks/cnb/index.html)
+- [docker](push-docker.html)
+
+For example:
+
+```
+---
+ ...
+ lifecycle: buildpack
+```
+
+The default is `buildpack` unless the [`docker`](#docker) attribute is specified.
+
### log-rate-limit-per-second
The `log-rate-limit-per-second` attribute specifies the log rate limit for all instances of an app. This attribute requires a unit of measurement: `B`, `K`, `KB`, `M`, `MB`, `G`, or `GB`, in either uppercase or lowercase.
@@ -423,7 +455,6 @@ For more information about metadata, see [Using metadata](../../adminguide/metad
### no-route
-Important
If you use the no-route flag attribute in the manifest or the flag option, it overrides all route-related attributes.
By default, `cf push` assigns a route to every app. But, some apps process data while running in the background and must not be assigned routes.
@@ -536,17 +567,16 @@ The `--random-route` command-line flag overrides this attribute.
The `routes` attribute in the manifest provides multiple HTTP and TCP routes. Each route for this app is created if it does not already exist.
-Important
This attribute is a combination of push options that include --hostname, -d, and --route-path flags in v6. These flags are not supported in cf CLI v7, so the routes flag must be used.
You can specify the `protocol` attribute to configure which network protocol the route uses for app ingress traffic. This is optional. The available protocols are `http2`, `http1`, and `tcp`.
-Important
The protocol route attribute is available only for <%= vars.app_runtime_abbr %> deployments that use HTTP/2 routing. <%= vars.http2_admin_link %>
For example:
+
```
---
...
@@ -557,6 +587,26 @@ For example:
- route: tcp-example.com:1234
```
+Under each route, you can optionally include an `options` attribute to configure per-route options as described in [Configuring per-route options](../custom-per-route-options.html).
+
+Available options are:
+
+- `loadbalancing` - defines how Gorouter distributes requests across the application backends. Valid values are `round-robin` and `least-connection`.
+
+For example:
+
+```
+---
+ ...
+ routes:
+ - route: example.com
+ options:
+ loadbalancing: round-robin
+ - route: example2.com
+ options:
+ loadbalancing: least-connection
+```
+
#### Manifest attributes
If you use the `routes` attribute with the `host`, `hosts`, `domain`, `domains`, or `no-hostname` attributes, an error results.
@@ -640,7 +690,6 @@ You can increase the timeout length for very large apps that require more time t
The `-t` command-line flag overrides this attribute.
-Important
If you configure timeout with a value greater than
cc.maximum_health_check_timeout, the Cloud Controller reports a validation error with the maximum limit.
@@ -662,10 +711,9 @@ For example:
`cf push` deploys the app to a container on the server. The variables belong to the container environment.
-
Important
- You must name variables with alphanumeric characters and underscores. Non-conforming variable names might cause unpredictable behavior.
- - Do not use user-provided environment variables for security sensitive information such as credentials, because they might unintentionally show up in cf CLI output and Cloud Controller logs. Use user-provided service instances instead. The system-provided environment variable VCAP_SERVICES is properly redacted for user roles such as Space Supporter and in Cloud Controller log files.
+ - Do not use user-provided environment variables for security sensitive information such as credentials, because they might unintentionally show up in cf CLI output and Cloud Controller logs. Use user-provided service instances instead. Credentials that are provided to the app through service bindings are redacted for user roles such as Space Supporter and in Cloud Controller log files.
-Caution
Running cf push app -f manifest.yml fails if your manifest uses any of these deprecated features with the feature that replaces it.
### Top-level attributes
diff --git a/deploy-apps/push-docker.html.md.erb b/deploy-apps/push-docker.html.md.erb
index 5144321f..5929044b 100644
--- a/deploy-apps/push-docker.html.md.erb
+++ b/deploy-apps/push-docker.html.md.erb
@@ -20,7 +20,6 @@ To push an app based on a Docker image, you need:
* The total size of the Docker image file system layers must not exceed the disk quota for the app. The maximum disk allocation for apps is set by the Cloud Controller. The default maximum disk quota is 2048 MB per app.
- Important
If the total size of the Docker image file system layers exceeds the disk quota, the app instances do not start.
* The location of the Docker image on Docker Hub or another Docker registry. <%= vars.docker_auth1 %>
@@ -276,7 +275,6 @@ Where:
* The key.json file must point to the file you created earlier.
-Note
For information about specifying YOUR-REGISTRY-URL, see Pushing and Pulling Images in the Google Cloud documentation.
diff --git a/deploy-apps/rolling-deploy.html.md.erb b/deploy-apps/rolling-deploy.html.md.erb
index 5bcb3860..28f030aa 100644
--- a/deploy-apps/rolling-deploy.html.md.erb
+++ b/deploy-apps/rolling-deploy.html.md.erb
@@ -1,12 +1,11 @@
---
-title: Configuring rolling app deployments
+title: Configuring app deployments
owner: CAPI
---
-You can use Cloud Foundry Command Line Interface (cf CLI) commands
-or the Cloud Foundry API (CAPI) to push your apps to <%= vars.app_runtime_first %> using a rolling deployment.
+This page describes how to use the Cloud Foundry Command Line Interface (cf CLI) or API (CAPI) to push apps to <%= vars.app_runtime_first %> using rolling deployment or canary deployment strategies, which update apps safely and avoid downtime.
-For information about the traditional method for addressing app downtime while pushing app updates,
+For information about the older method for avoiding app downtime while pushing app updates,
see [Using blue-green deployment to reduce downtime and risk](./blue-green.html).
For more information about CAPI, see the
@@ -19,240 +18,189 @@ The procedures in this topic require one of the following:
* **cf CLI v7 or later**
-* **CAPI V3:** If you use CAPI V3, you must install the cf CLI.
+* **CAPI V3:** If you use CAPI V3 API, you must install the cf CLI.
+Or for canary deployments:
-## Commands
+* **cf CLI v8.8.0 or later**
-This section describes the commands for working with rolling app deployments.
+* **CAPI V3.173.0 or later**
-### Deploy an app
+## How Deployment Strategies Work
-To deploy an app without incurring downtime:
+Cloud Foundry provides two different strategies for deployments:
-
-Caution
-Review the limitations of this feature before running the command. For more information, see
-Limitations.
+* A **Rolling** deployment brings up one or more web processes for the new app version, with the number set by `max-in-flight`, which defaults to 1. After those instances report as healthy and routable, it brings down the same number of instances of the old version. The deployment repeats this process to replace all web process instances, and then updates all old non-web processes.
+* A **Canary** deployment brings up one or more web processes for the new app version, defaulting to one. It then pauses to let app operators or developers evaluate the health of a new version instances. App operators can then choose to either `cancel` or `continue` the deployment. When the deployment is continued, the canary deployment proceeds in the same way as a rolling deployment.
+ * To gradually increase instance counts and check app health in multiple steps, the latest cf CLI v8 supports an `--instance-steps` option that sets a series of increasing instance counts.
-* **For cf CLI v7+, run:**
+Each rolling or canary deployment increments the `revision` count for the new app deployment, as listed by the `cf revisions` command described in [App Revisions Overview](../revisions.html).
- ```
- cf push APP-NAME --strategy rolling
- ```
- Where `APP-NAME` is the name that you want to give your app.
-
-
- Note
- cf CLI v7 exits when one instance of each process is healthy.
- It also includes a --no-wait flag on push for users who don't want to wait
- for the operation to complete.
- cf push used with the --no-wait flag exits as soon as one instance is healthy.
-
-
- If the deployment stops and doesn't restart, cancel it and run it again as described in an earlier step.
- To cancel, see [Cancel a deployment](#cancel).
-
-* **For CAPI V3:**
- 1. Log in to the cf CLI.
-
- ```
- cf login
- ```
- 2. Create an empty app by running the following `curl` command with `POST /v3/apps`. Record the
- app GUID from the output.
-
- ```
- cf curl /v3/apps \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "name": "APP-NAME",
- "relationships": {
- "space": {
- "data": {
- "guid": "SPACE-GUID"
- }
- }
- }
- }'
- ```
-
- Where:
-
- APP-NAME is the name that you want to give your app.SPACE-GUID is the space identifier that you want to associate with your app.
- 3. Create a package with the following `curl` command with `POST /v3/packages`. Record the package
- GUID from the output.
-
- ```
- cf curl /v3/packages \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "type": "bits",
- "relationships": {
- "app": {
- "data": {
- "guid": "APP-GUID"
- }
- }
- }
- }'
- ```
- Where `APP-GUID` is the app GUID that you recorded in an earlier step. This app GUID is a
- unique identifier for your app.
- 4. Upload the package bits by running the following `curl` command with
- `POST /v3/packages/PACKAGE-GUID/upload`.
-
- ```
- cf curl /v3/packages/PACKAGE-GUID/upload \
- -X POST \
- -F bits=@"PACKAGED-APP" \
- ```
-
- Where:
-
- PACKAGE-GUID is the package GUID that you recorded in an earlier step.PACKAGED-APP is your app packaged in a file such as .zip.
- 5. Create the build by running the following `curl` command with `POST /v3/builds`. Record the
- droplet GUID from the output.
-
- ```
- cf curl /v3/builds \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "package": {
- "guid": PACKAGE-GUID"
- }
- }'
- ```
- Where `PACKAGE-GUID` is the package GUID that you recorded in an earlier step.
- 6. Deploy your app by running the following `curl` command with `POST /v3/deployments`. To verify
- the status of the deployment or take action on the deployment, record the deployment GUID from the
- output.
-
- ```
- cf curl /v3/deployments \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "droplet": {
- "guid": "DROPLET-GUID"
- },
- "strategy": "rolling",
- "relationships": {
- "app": {
- "data": {
- "guid": "APP-GUID"
- }
- }
- }
- }'
- ```
- Where `DROPLET-GUID` and `APP-GUID` are the GUIDs that you recorded in earlier steps.
+The following sections describe the rolling and canary deployment strategies and their limitations.
-For more information about this command, see [How it works](#how-it-works).
+### Rolling Deployments
-### Cancel a deployment
+This section describes pushing an app with the rolling deployment strategy.
-To stop the deployment of an app that you pushed:
+1. The `cf push APP-NAME --strategy rolling` command:
+ 1. Stages the updated app package.
+ 2. Creates a droplet with the updated app package.
+ 3. Creates a deployment with the new droplet and any new configuration.
+ * This starts up to `max_in_flight` processes that shares the route with the old process.
+ * If you run `cf app` on your app at this point, you see multiple `web` processes.
+
+ For more information about the deployment object, see the [Deployments](http://v3-apidocs.cloudfoundry.org/index.html#deployments) section of the CAPI V3 documentation.
-* **For cf CLI v7+, run:**
+2. After the command creates the deployment, the `cc_deployment_updater` BOSH job runs in the
+background, updating deployments as follows:
+ 1. Adds up to `max_in_flight` instances of the new web process and removes instances from the old web process. This step repeats until the new web process reaches the required number of instances.
+
+ This happens only if all instances of the new web process are running.
+ 2. Removes the old web process. The new web process now fully replaces the old web process.
+ 3. Restarts all non-web processes of the app.
+ 4. Sets the deployment to `DEPLOYED`.
- ```
- cf cancel-deployment APP-NAME
- ```
- Where `APP-NAME` is the name of the app.
+### Canary Deployments
-* **For CAPI V3, run:**
+This section describes pushing an app with the default canary deployment strategy, without specifying specific step weights as described in [Canary Deployments with Step Weights](#canary-step).
- ```
- cf curl /v3/deployments/DEPLOYMENT-GUID/actions/cancel" -X POST
- ```
- Where `DEPLOYMENT-GUID` is the GUID of the deployment that you recorded after following the
- CAPI procedure in [Deploy an app](#deploy).
+1. The `cf push APP-NAME --strategy canary` command:
+ 1. Stages the updated app package.
+ 2. Creates a droplet with the updated app package.
+ 3. Creates a deployment with the new droplet and any new configuration.
+
+ For more information about the deployment object, see the [Deployments](http://v3-apidocs.cloudfoundry.org/index.html#deployments) section of the CAPI V3 documentation.
-This reverts the app to its state from before the deployment started by:
+2. After the command creates the deployment, the `cc_deployment_updater` BOSH job runs in the
+background, updating deployments as follows:
+ 1. Adds one instance of the new web process (the `canary` instance).
+ * This process shares routes with the old process.
+ * If you run `cf app` on your app at this point, you see multiple `web` processes.
+ 2. Sets the deployment to `PAUSED`.
-* Scaling up the original web process
-* Removing any deployment artifacts
-* Resetting the `current_droplet` on the app
+1. After validating that the canary instance is running as expected, execute the command `cf continue-deployment APP-NAME`:
+ * Changes the deployment reason to `DEPLOYING` and resumes following the same process as a rolling deployment.
-
-Note
-The cancel command is designed to revert the app to its
-original state as quickly as possible and does not guarantee zero downtime. Additionally, changes
-to environment variables and service bindings will not be reverted.
+2. After the command changes the status of the deployment, the `cc_deployment_updater` BOSH job runs in the
+background, updating deployments as follows:
+ 1. Adds MaxInFlight number of instances (**by default it is 1**) of the new web process and removes MaxInFlight number of instance from the old web process. This step repeats until the new web process reaches the required number of instances.
+
+ This happens only if all instances of the new web process are running.
+ 2. Removes the old web process. The new web process now fully replaces the old web process.
+ 3. Restarts all non-web processes of the app.
+ 4. Sets the deployment to `DEPLOYED`.
-### Restart an app
+### Canary Deployments with Step Weights
-To restart your app without downtime, run the appropriate command. Restart an app to apply
-configuration updates that require a restart, such as environment variables or service bindings.
+By default, as described in [Canary Deployments](#canary), when you push an app with the canary deployment strategy, the process pauses after it deploys one canary instance, and you manually continue as described in [Continue a canary deployment](#continue) to update the remaining instances to the full-scale deployment.
-* **For cf CLI v7+, run:**
+To run a canary deployment more gradually, you can pass a series of step weights to the `--instance-steps` option of `cf push`.
- ```
- cf restart APP-NAME --strategy rolling
- ```
- Where `APP-NAME` is the name of the app.
+ - The series specifies increasing numbers of canary instances to deploy.
+ - The deployment will pause after each step, allowing you to manually [continue](#continue) the deployment and proceed to the next step, or [cancel](#cancel) the deployment.
+ - Each value represents a **percentage** or **weight** of the web process's instances of the web process to be rolled out as canary instances.
+ - Separate step weights with commas and without spaces, for example `5,10,20`.
+ - For each canary instance created after the first, a pre-deployment instance is torn down.
+ - Canary deployments use one extra instance than is normally allocated throughout the deployment process, until the target number of instances has been reached.
+ - Continuing after the last canary step proceeds to the full-scale deployment.
+ - As with the default canary deployment process, a rolling deployment strategy updates instances to the new instance count at each step.
-* **For CAPI V3, run:**
+For example, to update gradually in four steps, running 5, 10, and 20 percent of an app's instances as canary instances before replacing all running instances of an app:
- ```
- cf curl /v3/deployments \
- -X POST \
- -H "Content-type: application/json" \
- -d '{
- "droplet": {
- "guid": "DROPLET-GUID"
- },
- "strategy": "rolling",
- "relationships": {
- "app": {
- "data": {
- "guid": "APP-GUID"
- }
- }
- }
- }'
- ```
- Where `DROPLET-GUID` and `APP-GUID` are the GUIDs that you recorded in earlier steps.
+ ```
+ cf push APP-NAME --strategy canary --instance-steps 5,10,20
+ ```
+#### Detailed Example
-## How it works
+Steps are configured as a percentage of instances rather than as an explicit instance value. This allows the deployment definition to be independent of the number of instances used by a process.
-This section describes the rolling deployments and their limitations.
+**Cloud Controller matches a step weight to the nearest non-zero instance number, rounding down.**
-### Rolling deployment
+For example, take an application with 10 instances and the following step configuration:
-This section describes pushing an app with a rolling deployment strategy.
+```
+cf push APP-NAME --strategy canary --instance-steps 1,20,45,80,100
+```
-1. The `cf push APP-NAME --strategy rolling` command:
- 1. Stages the updated app package.
- 2. Creates a droplet with the updated app package.
- 3. Creates a deployment with the new droplet and any new configuration.
- * This starts a new process with one instance that shares the route with the old process.
- * Now, if you run `cf app` on your app, you see multiple `web` processes.
-
- For more information about the deployment object, see the [Deployments](http://v3-apidocs.cloudfoundry.org/index.html#deployments) section of the CAPI V3 documentation.
+This results in the following deployment plan:
-2. After the command creates the deployment, the `cc_deployment_updater` BOSH job runs in the
-background, updating deployments as follows:
- 1. Adds another instance of the new web process and removes an instance from the old web process. This step repeats until the new web process reaches the required number of instances.
-
- Important
- This happens only if all instances of the new web process are running.
- 2. Removes the old web process. The new web process now fully replaces the old web process.
- 3. Restarts all non-web processes of the app.
- 4. Sets the deployment to `DEPLOYED`.
+
+
+ | Step |
+ Step Weight |
+ Original Instances |
+ Canary Instances |
+ Actual Weighting |
+
+
+ | Pre-deploy |
+ n/a |
+ 10 |
+ 0 |
+ 0 |
+
+
+ | 1 |
+ 1% |
+ 10 |
+ 1 |
+ 9% |
+
+
+ | 2 |
+ 20% |
+ 9 |
+ 2 |
+ 18% |
+
+
+ | 3 |
+ 45% |
+ 6 |
+ 5 |
+ 45% |
+
+
+ | 4 |
+ 80% |
+ 3 |
+ 8 |
+ 72% |
+
+
+ | 5 |
+ 100% |
+ 0 |
+ 10 |
+ 100% |
+
+
+ | Post-deploy |
+ n/a |
+ 0 |
+ 10 |
+ 100% |
+
+
+
+A **Step Weight** of `100` allows app operators to use the `cancel-deployment` command even after all instances have been replaced.
+
+
+The cancel command is designed to revert the app to its
+original state as quickly as possible and does not guarantee zero downtime.
+
It is important to note that changes
+to environment variables and service bindings are not reverted.
+
+### Testing Canary Deployments
+
+To test an in-progress canary deployment, you can route HTTP requests to the canary process, or to an individual canary instance using the `X-Cf-Process-Instance` header, as described in [HTTP headers for process instance routing](../../concepts/http-routing.html#process-instance-routing).
+
+Alternatively, you can use session affinity to force a particular client to persistently make requests to a canary instance as described in [Session affinity](../../concepts/http-routing.html#sessions).
### Limitations
-The following table describes the limitations of when using rolling deployments.
+The following table describes the limitations when using these deployments.
@@ -262,7 +210,7 @@ The following table describes the limitations of when using rolling deployments.
| Multiple app versions |
During a deployment, <%= vars.app_runtime_abbr %> serves both the old and new version of your app at the
- same route. This can lead to user issues if you push backwards-incompatible API changes. |
+ same route. This can lead to user issues if you push API changes that are not backwards-compatible.
| Database migrations |
@@ -271,7 +219,7 @@ The following table describes the limitations of when using rolling deployments.
| Non-web processes |
- Rolling deployments only run web processes through the rolling update sequence described
+ | Deployments only run web processes through the update sequence described
earlier. The commands restart worker and other non-web processes in bulk after updating all web
processes.
The CAPI V3 API introduces the concept of processes as runnable units of an app. Each app has a
@@ -282,13 +230,13 @@ The following table describes the limitations of when using rolling deployments.
|
| Quotas |
- Pushing updates to your app using a rolling deployment strategy creates an extra instance
- of your app. If you lack sufficient quota, the deployment fails. Administrators might need to increase
- quotas to accommodate rolling deployments. |
+ Pushing updates to your app using a deployment strategy creates up to max_in_flight new instances (defaults to 1).
+ Additionally, canary deployments use an extra instance when pausing with the canary instance deployed.
+ If you lack sufficient quota, the deployment fails. Administrators might need to increase quotas to accommodate deployments. |
| Simultaneous apps when interrupting a push |
- If you push app before your previous push command for the same app has completed, your
+ | If you push an app before your previous push command for the same app has completed, your
first push gets interrupted. Until the last deployment completes, there might be many versions
of the app running at the same time. Eventually, the app runs the code from your most recent
push. |
@@ -296,17 +244,335 @@ The following table describes the limitations of when using rolling deployments.
| V3 APIs |
During a rolling deploy for an app, requests to the V3 APIs for scaling or updating a process fail with an error message
- like Cannot scale this process while a deployment is in flight.. For more information, see Scale a process
+ like Cannot scale this process while a deployment is in flight. For more information, see Scale a process
or Update a process in the CAPI V3 documentation. |
+
+ | New or stopped applications |
+
+ When pushing an application for the first time, or if the app is stopped, no deployment strategy is used and all application instances are started immediately.
+ |
+
+
+ | Evaluating the canary instance option 1 |
+
+ Because the current processes share the same route, the best way to validate that traffic is reaching the canary instance is by looking at the logs.
+ If app revision logging is enabled, the logs for all instances will be tagged with process_id and revision_version values. e.g. APP/REV/4/PROC/WEB/1
+
+
+ Retrieve the logs by running the cf CLI command cf logs APP_NAME.
+ |
+
+
+ | Evaluating the canary instance option 2 |
+
+ This method only works with routing-release 0.332.0 or higher.
+
+
+ Get the canary process guid via cf curl /v3/deployments?status_values=ACTIVE&app_guid=$(cf app APP_NAME --guid).
+ Add the X-CF-PROCESS-INSTANCE: header to traffic
+ to the app. Optionally, to send traffic to one specific canary instance,
+ add an index:
+ X-CF-PROCESS-INSTANCE::.
+ |
+
-## View the status of rolling deployments
+## Commands
+
+This section describes the commands for working with rolling app deployments.
+
+### Deploy an app
+
+To deploy an app without incurring downtime:
+
+#### For cf CLI v7+
+
+Run:
-You can use CAPI to view the status of rolling deployments.
+```
+cf push APP-NAME --strategy rolling
+```
-To view the status of a rolling deployment:
+Where `APP-NAME` is the name that you want to give your app.
+
+
+Review the limitations of this feature before running the command. For more information, see
+Limitations.
+
+
+cf CLI v7 exits when one instance of each process is healthy.
+It also includes a --no-wait flag for users who don't want to wait
+for the operation to complete.
+When cf push is used with the --no-wait flag, the process exits as soon as one instance is healthy.
+
+
+If the deployment stops and doesn't restart, cancel it and run it again as described in an earlier step.
+To cancel, see [Cancel a deployment](#cancel).
+
+
+#### For cf CLI v8.8.0+ and CAPI V3.173.0 or later
+
+Run:
+
+```
+cf push APP-NAME --strategy STRATEGY --max-in-flight MAX_IN_FLIGHT
+```
+
+Where:
+
+ APP-NAME is the name that you want to give your app.MAX_IN_FLIGHT specifies the maximum number of new instances to start up simultaneously until the deployment is complete. This parameter is optional and defaults to 1.STRATEGY is the strategy you want to use for the deployment. Valid strategies are rolling and canary.
+
+#### For CAPI V3
+
+1. Log in to the cf CLI.
+
+ ```
+ cf login
+ ```
+
+2. Create an empty app by running the following `curl` command with `POST /v3/apps`.
Record the
+app GUID from the output.
+
+ ```
+ cf curl /v3/apps \
+ -X POST \
+ -H "Content-type: application/json" \
+ -d '{
+ "name": "APP-NAME",
+ "relationships": {
+ "space": {
+ "data": {
+ "guid": "SPACE-GUID"
+ }
+ }
+ }
+ }'
+ ```
+
+ Where:
+
+
+ APP-NAME is the name that you want to give your app.SPACE-GUID is the space identifier that you want to associate with your app.
+
+1. Create a package with the following `curl` command with `POST /v3/packages`. Record the package
+GUID from the output.
+
+ ```
+ cf curl /v3/packages \
+ -X POST \
+ -H "Content-type: application/json" \
+ -d '{
+ "type": "bits",
+ "relationships": {
+ "app": {
+ "data": {
+ "guid": "APP-GUID"
+ }
+ }
+ }
+ }'
+ ```
+
+ Where `APP-GUID` is the app GUID that you recorded in an earlier step. This app GUID is a
+ unique identifier for your app.
+
+1. Upload the package bits by running the following `curl` command with
+`POST /v3/packages/PACKAGE-GUID/upload`.
+
+ ```
+ cf curl /v3/packages/PACKAGE-GUID/upload \
+ -X POST \
+ -F bits=@"PACKAGED-APP" \
+ ```
+
+ Where:
+
+
+ PACKAGE-GUID is the package GUID that you recorded in an earlier step.PACKAGED-APP is your app packaged in a file such as .zip.
+
+1. Create the build by running the following `curl` command with `POST /v3/builds`. Record the
+droplet GUID from the output.
+
+ ```
+ cf curl /v3/builds \
+ -X POST \
+ -H "Content-type: application/json" \
+ -d '{
+ "package": {
+ "guid": PACKAGE-GUID"
+ }
+ }'
+ ```
+
+ Where `PACKAGE-GUID` is the package GUID that you recorded in an earlier step.
+
+1. Deploy your app by running the following `curl` command with `POST /v3/deployments`. To verify
+the status of the deployment or take action on the deployment, record the deployment GUID from the
+output.
+
+ ```
+ cf curl /v3/deployments \
+ -X POST \
+ -H "Content-type: application/json" \
+ -d '{
+ "droplet": {
+ "guid": "DROPLET-GUID"
+ },
+ "strategy": STRATEGY,
+ "options": {
+ "max_in_flight": MAX_IN_FLIGHT
+ },
+ "relationships": {
+ "app": {
+ "data": {
+ "guid": "APP-GUID"
+ }
+ }
+ }
+ }'
+ ```
+
+ Where:
+
+
+ DROPLET-GUID and APP-GUID are the GUIDs that you recorded in earlier steps.MAX_IN_FLIGHT is an integer that specifies the maximum number of new instances to start up simultaneously until the deployment is complete. Optional and defaults to 1.STRATEGY is the strategy you would like to use for the deployment. Valid strategies are rolling and canary.
+
+For more information about this command, see [How Deployment Strategies Work](#how-deployment-strategies-work).
+
+### Cancel a deployment
+
+To stop the deployment of an app that you pushed:
+
+* **For cf CLI v7+, run:**
+
+ ```
+ cf cancel-deployment APP-NAME
+ ```
+
+ Where `APP-NAME` is the name of the app.
+
+* **For CAPI V3, run:**
+
+ ```
+ cf curl /v3/deployments/DEPLOYMENT-GUID/actions/cancel" -X POST
+ ```
+
+ Where `DEPLOYMENT-GUID` is the GUID of the deployment that you recorded after following the
+ CAPI procedure in [Deploy an app](#deploy).
+
+This reverts the app to its state from before the deployment started by:
+
+* Scaling up the original web process
+* Removing any deployment artifacts
+* Resetting the `current_droplet` on the app
+
+
+The cancel command is designed to revert the app to its
+original state as quickly as possible and does not guarantee zero downtime.
+
It is important to note that changes
+to environment variables and service bindings are not reverted.
+
+### Continue a canary deployment
+
+To finish a canary deployment after the deployment has paused and the canary instance has been validated:
+
+* **For cf CLI v8+, run:**
+
+ ```
+ cf continue-deployment APP-NAME
+ ```
+ Where `APP-NAME` is the name of the app.
+
+* **For CAPI V3, run:**
+
+ ```
+ cf curl /v3/deployments/DEPLOYMENT-GUID/actions/continue" -X POST
+ ```
+ Where `DEPLOYMENT-GUID` is the GUID of the deployment that you recorded after following the
+ CAPI procedure in [Deploy an app](#deploy).
+
+This continues the deployment of the app, following the same process as a rolling deployment.
+
+### Restart an app
+
+Restart your app to apply configuration updates that require a restart, such as environment variables or service bindings.
+
+To restart your app without downtime, run the appropriate command as shown here.
+
+* **For cf CLI v7+, run:**
+
+ ```
+ cf restart APP-NAME --strategy STRATEGY
+ ```
+
+ Where:
+
+ APP-NAME is the name of the app.STRATEGY is the strategy you would like to use for the deployment. Valid strategies are rolling and canary.
+
+* **For cf CLI v8.8.0+ and CAPI V3.173.0 or later, run:**
+
+ ```
+ cf restart APP-NAME --strategy STRATEGY --max-in-flight MAX_IN_FLIGHT
+ ```
+
+ Where:
+
+ APP-NAME is the name of the app.MAX_IN_FLIGHT specifies the maximum number of new instances to restart simultaneous until the deployment is complete. Optional and defaults to 1.STRATEGY is the strategy you would like to use for the deployment. Valid strategies are rolling and canary.
+
+* **For CAPI V3, run:**
+
+ ```
+ cf curl /v3/deployments \
+ -X POST \
+ -H "Content-type: application/json" \
+ -d '{
+ "droplet": {
+ "guid": DROPLET-GUID
+ },
+ "strategy": STRATEGY,
+ "options": {
+ "max_in_flight": MAX_IN_FLIGHT
+ },
+ "relationships": {
+ "app": {
+ "data": {
+ "guid": APP-GUID
+ }
+ }
+ }
+ }'
+ ```
+
+ Where:
+
+ DROPLET-GUID and APP-GUID are the GUIDs that you recorded in earlier steps.MAX_IN_FLIGH is an integer that specifies the maximum number of new instances to start up simultaneous until the deployment is complete. Optional and defaults to 1.STRATEGY is the strategy you would like to use for the deployment. Valid strategies are rolling and canary.
+
+
+## View the status of deployments
+
+You can use CAPI to view the status of deployments.
+
+To view the status of a deployment:
1. Log in to the cf CLI:
@@ -319,6 +585,7 @@ To view the status of a rolling deployment:
```
cf app APP-NAME --guid
```
+
Where `APP-NAME` is the name of the app.
1. Find the deployment for that app by running:
@@ -327,16 +594,16 @@ To view the status of a rolling deployment:
cf curl GET /v3/deployments?app_guids=APP-GUID&status_values=ACTIVE
```
Where `APP-GUID` is the GUID of the app. Deployments are listed in chronological order, with
- the latest deployment displayed as the last in a list.
+ the latest deployment displayed as the last in the list.
1. Run:
```
cf curl GET /v3/deployments/DEPLOYMENT-GUID
```
- Where `DEPLOYMENT-GUID` is the GUID of the rolling deployment.
+ Where `DEPLOYMENT-GUID` is the GUID of the deployment.
-`cf curl GET /v3/deployments/DEPLOYMENT-GUID` returns these status properties for rolling deployments:
+The `cf curl GET /v3/deployments/DEPLOYMENT-GUID` command returns the following status properties:
* `status.value`: Indicates if the deployment is `ACTIVE` or `FINALIZED`.
@@ -351,14 +618,20 @@ The following table describes the possible values for the `status.value` and `st
properties:
- status.value |
- status.reason |
- Description |
+
+ status.value |
+ status.reason |
+ Description |
ACTIVE |
DEPLOYING |
The deployment is deploying. |
+
+ ACTIVE |
+ PAUSED |
+ The deployment is paused waiting for the user to continue with the deployment. Used only for canary Deployments. |
+
ACTIVE |
CANCELLING |
@@ -367,7 +640,7 @@ properties:
FINALIZED |
DEPLOYED |
- The deployment was deployed. |
+ The deployment is complete. |
FINALIZED |
@@ -377,8 +650,8 @@ properties:
FINALIZED |
SUPERSEDED |
- The deployment was stopped and did not finish deploying because there was another
- deployment created for the app.
+ | The deployment was stopped and did not finish deploying because another
+ deployment was created for the app.
|
diff --git a/deploy-apps/routes-domains.html.md.erb b/deploy-apps/routes-domains.html.md.erb
index 26afe35d..e00a60b8 100644
--- a/deploy-apps/routes-domains.html.md.erb
+++ b/deploy-apps/routes-domains.html.md.erb
@@ -10,8 +10,8 @@ For more information about routing capabilities in <%= vars.app_runtime_abbr %>,
## Routes
-The <%= vars.app_runtime_abbr %> Gorouter routes requests to apps by associating an app with an address, known as a route. This is known as a _mapping_. Use
-the cf CLI [cf map-route](https://cli.cloudfoundry.org/en-US/cf/map-route.html) command to associate an app and route.
+The <%= vars.app_runtime_abbr %> Gorouter routes requests to apps by associating an app with an address, known as a route. This is known as a _mapping_.
+Use the `cf CLI cf map-route` command to associate an app and route.
The routing tier compares each request with a list of all the routes mapped to apps and attempts to find the best match. For example, the Gorouter makes the following matches for the two routes `example-app.<%= vars.app_domain %>` and `example-app.<%= vars.app_domain %>/products`:
@@ -77,185 +77,195 @@ Apps running on Windows cells cannot use internal, container-to-container routes
To create an internal route:
1. Use the [cf map-route](#map-internal-route) command with an [internal domain](#internal-domains). For example:
-
- $ cf map-route app apps.internal --hostname app
-
- * After an internal route is mapped to an app, the route resolves to IP addresses of the app instances. The IP addresses are visible in the application container:
-
- $ cf ssh app
- vcap@1234:~$ host app.apps.internal
- app.apps.internal has address 10.255.169.200
- app.apps.internal has address 10.255.49.7
- app.apps.internal has address 10.255.49.77
-
- * To resolve individual instances, prepend the index to the internal route.
-
- vcap@1234:~$ host 1.app.apps.internal
- 1.app.apps.internal has address 10.255.49.7
-
-
-1. Create a network policy that allows your apps to communicate with each other. By default, apps cannot communicate over the container network. For more
-information, see [Configuring container-to-container networking](cf-networking.html) and the [Cloud Foundry CLI reference guide](https://cli.cloudfoundry.org/en-US/cf/add-network-policy.html).
+
+ ```console
+ $ cf map-route app apps.internal --hostname app
+ ```
+
+ - After an internal route is mapped to an app, the route resolves to IP addresses of the app instances. The IP addresses are visible in the application container:
+
+
+ $ cf ssh app
+ vcap@1234:~$ host app.apps.internal
+ app.apps.internal has address 10.255.169.200
+ app.apps.internal has address 10.255.49.7
+ app.apps.internal has address 10.255.49.77
+
+
+ - To resolve individual instances, prepend the index to the internal route.
+
+
+ vcap@1234:~$ host 1.app.apps.internal
+ 1.app.apps.internal has address 10.255.49.7
+
+
+
+
+2. Create a network policy that allows your apps to communicate with each other. By default, apps cannot communicate over the container network. For more information, see [Configuring container-to-container networking](cf-networking.html), or enter `cf add-network-policy --help`.
### Create a route
When a developer creates a route using the cf CLI, <%= vars.app_runtime_abbr %> determines whether the route is an HTTP or a TCP route based on the domain. To create a HTTP route, a developer must choose an HTTP domain. To create a TCP route, a developer must choose a TCP domain.
-Domains in <%= vars.app_runtime_abbr %> provide a namespace from which to create routes. To list available domains for a targeted organization, use the [cf domains](https://cli.cloudfoundry.org/en-US/cf/domains.html) command. For more information about domains, see [Domains](#domains).
+Domains in <%= vars.app_runtime_abbr %> provide a namespace from which to create routes. To list available domains for a targeted organization, use the `cf domains` command. For more information about domains, see [Domains](#domains).
The following sections describe how developers can create HTTP and TCP routes for different use cases.
#### Create an HTTP route with host name
-In <%= vars.app_runtime_abbr %>, a host name is the label that indicates a subdomain of the domain associated with the route. Given a domain
+In <%= vars.app_runtime_abbr %>, a host name is the label that indicates a subdomain of the domain associated with the route.
+Given a domain
`<%= vars.app_domain %>`, a developer can create the route `example-app.<%= vars.app_domain %>` by specifying the host name `example-app` with the
-[cf create-route](https://cli.cloudfoundry.org/en-US/cf/create-route.html) command as shown in this example:
+`cf create-route` command as shown in this example:
-
-$ cf create-route <%= vars.app_domain %> --hostname example-app
-Creating route example-app.<%= vars.app_domain %> for org example-org / space example-space as username@example.com...
+```console
+$ cf create-route shared-domain.example.com --hostname example-app
+Creating route example-app.shared-domain.example.com for org example-org / space example-space as username@example.com...
OK
-
+```
-
-Important
-The cf CLI v7 create-route command does not require the space as an argument. It uses the space you are targeting.
+
+The cf CLI v7 create-route command does not require the space as an argument. It uses the space you are targeting.
This command instructs <%= vars.app_runtime_abbr %> to only route requests to apps mapped to this route for these URLs:
-* `http://example-app.<%= vars.app_domain %>`
-
-* `https://example-app.<%= vars.app_domain %>`
+
+ http://example-app.<%= vars.app_domain %>https://example-app.<%= vars.app_domain %>- Any path under either of the these URLs, such as
http://example-app.<%= vars.app_domain %>/bar
+
-* Any path under either of the these URLs, such as `http://example-app.<%= vars.app_domain %>/bar`
-#### Create an HTTP route without host name
+Create an HTTP route without host name
-This approach creates a route with the same address as the domain itself and is permitted for private domains only. For more information, see [Private
-Domains](#private-domains) .
+This approach creates a route with the same address as the domain itself and is permitted for private domains only. For more information, see
+Private Domains.
+
+A developer can create a route from the domain <%= vars.private_app_domain %> with no host name with the cf create-route command:
-A developer can create a route from the domain `<%= vars.private_app_domain %>` with no host name with the
-[cf create-route](https://cli.cloudfoundry.org/en-US/cf/create-route.html) command:
-
-
+
+
$ cf create-route <%= vars.private_app_domain %>
Creating route <%= vars.private_app_domain %> for org example-org / space example-space as username@example.com...
OK
-
+
If DNS is configured correctly, this command instructs <%= vars.app_runtime_abbr %> to route requests to apps mapped to this route from these URLs:
+
+ http://<%= vars.private_app_domain %>https://<%= vars.private_app_domain %>Any path under either of these URLs, such as `http://<%= vars.private_app_domain %>/foo
-* `http://<%= vars.private_app_domain %>`
-
-* `https://<%= vars.private_app_domain %>`
-
-* Any path under either of these URLs, such as `http://<%= vars.private_app_domain %>/foo`
-
-If there are no other routes for the domain, requests to any subdomain, such as `http://foo.<%= vars.private_app_domain %>`, fail.
+If there are no other routes for the domain, requests to any subdomain, such as http://foo.<%= vars.private_app_domain %>, fail.
A developer can also create routes for subdomains with no host names. The following command creates a route from the subdomain
-`foo.<%= vars.private_app_domain %>`:
+foo.<%= vars.private_app_domain %>:
-
+
+
$ cf create-route foo.<%= vars.private_app_domain %>
Creating route foo.<%= vars.private_app_domain %> for org example-org / space example-space as username@example.com...
OK
-
+
-If DNS is configured for this subdomain, this command instructs <%= vars.app_runtime_abbr %> to route requests to apps mapped to this route from these URLs:
+If DNS is configured for this subdomain, this command instructs <%=vars.app_runtime_abbr %> to route requests to apps mapped to this route from these URLs:
+
+ http://foo.<%= vars.private_app_domain %>https://foo.<%= vars.private_app_domain %>- Any path under either of these URLs, such as
http://foo.<%= vars.private_app_domain %>/foo
+
-* `http://foo.<%= vars.private_app_domain %>`
-
-* `https://foo.<%= vars.private_app_domain %>`
-
-* Any path under either of these URLs, such as `http://foo.<%= vars.private_app_domain %>/foo`
-
-#### Create an HTTP route with wildcard host name
+ Create an HTTP route with wildcard host name
An app mapped to a wildcard route acts as a fallback app for route requests if the requested route does not exist. To create a wildcard route, use an asterisk for the host name.
-
+
A developer can create a wildcard route from the domain `foo.<%= vars.app_domain %>` by running:
-
+
$ cf create-route foo.<%= vars.app_domain %> --hostname '*'
Creating route *.foo.<%= vars.app_domain %> for org example-org / space example-space as username@example.com...
OK
-
+
-If a client sends a request to `http://app.foo.<%= vars.app_domain %>` by accident, attempting to reach `example-app.foo.<%= vars.app_domain %>`,
-<%= vars.app_runtime_abbr %> routes the request to the app mapped to the route `*.foo.<%= vars.app_domain %>`.
+If a client sends a request to http://app.foo.<%= vars.app_domain %> by accident, attempting to reach example-app.foo.<%= vars.app_domain %>,
+<%= vars.app_runtime_abbr %> routes the request to the app mapped to the route *.foo.<%= vars.app_domain %>.
-#### Create an HTTP route with a path
+ Create an HTTP route with a path
Developers can use paths to route requests for the same host name and domain to different apps.
-
+
A developer can create three routes using the same host name and domain in the space `example-space` by running:
+
-
+
$ cf create-route <%= vars.app_domain %> --hostname store --path products
Creating route store.<%= vars.app_domain %>/products for org example-org / space example-space as username@example.com...
OK
-
-
+
+
+
$ cf create-route <%= vars.app_domain %> --hostname store --path orders
Creating route store.<%= vars.app_domain %>/orders for org example-org / space example-space as username@example.com...
OK
-
-
+
+
+
$ cf create-route <%= vars.app_domain %> --hostname store
Creating route store.<%= vars.app_domain %> for org example-org / space example-space as username@example.com...
OK
-
-
-The developer can then map the new routes to different apps by following the procedure in [Map a route to your app](#map-route).
-
-If the developer maps the first route with path `products` to the `products` app, the second route with path `orders` to the `orders` app, and the last route to the `storefront` app. After this:
+
-* <%= vars.app_runtime_abbr %> routes requests to `http://store.<%= vars.app_domain %>/products` to the `products` app.
+The developer can then map the new routes to different apps by following the procedure in
+Map a route to your app.
-* <%= vars.app_runtime_abbr %> routes requests to `http://store.<%= vars.app_domain %>/orders` to the `orders` app.
+If the developer maps the first route with path products to the products app, the second route with path orders to the orders app, and the last route to the storefront app. After this:
-* <%= vars.app_runtime_abbr %> routes requests to `http://store.<%= vars.app_domain %>` to the `storefront` app.
+
+ - <%= vars.app_runtime_abbr %> routes requests to
http://store.<%= vars.app_domain %>/products to the products app.
+ - <%= vars.app_runtime_abbr %> routes requests to
http://store.<%= vars.app_domain %>/orders to the orders app.
+ - <%= vars.app_runtime_abbr %> routes requests to
http://store.<%= vars.app_domain %> to the storefront app.
+
<%= vars.app_runtime_abbr %> attempts to match routes with a path, and then attempts to match host and domain.
-
Important
+Notes:
- Routes with the same domain and host name but different paths can only be created in the same space. Private domains do not have this limitation.
- <%= vars.app_runtime_abbr %> does not route requests for context paths to the root context of an app. Apps must serve requests on the context path.
Create a TCP route with a port
A developer can create a TCP route for `<%= vars.tcp_app_domain %>` on an arbitrary port. This is the default in the v7 version of the cf CLI.
* An arbitrary (random) port is the default. The `--random port` flag is not supported.
-
+ ```console
$ cf create-route example-space <%= vars.tcp_app_domain %> --random-port
Creating route <%= vars.tcp_app_domain %> for org example-org / space example-space as user@example.com...
OK
Route <%= vars.tcp_app_domain %>:60034 has been created
-
+ ```
In this example, <%= vars.app_runtime_abbr %> routes requests to `<%= vars.tcp_app_domain %>:60034` to apps mapped to this route.
To request a specific port, a developer can use the `--port` flag, so long as the port is not reserved for another space. To create a TCP route for
`<%= vars.tcp_app_domain %>` on port 60035, run:
-
+```console
$ cf create-route example-space <%= vars.tcp_app_domain %> --port 60035
Creating route <%= vars.tcp_app_domain %>:60035 for org example-org / space example-space as user@example.com...
OK
-
+```
### List routes
-Developers can list routes for the current space with the [cf routes](https://cli.cloudfoundry.org/en-US/cf/routes.html) command. A route is uniquely identified by the combination of host name, domain, port, and path.
+Developers can list routes for the current space with the `cf routes` command. A route is uniquely identified by the combination of host name, domain, port, and path.
-
+```console
$ cf routes
Getting routes as user@<%= vars.private_app_domain %> ...
@@ -266,7 +276,7 @@ example-space store <%= vars.app_domain %> /products pr
example-space store <%= vars.app_domain %> /orders orders
example-space store <%= vars.app_domain %> storefront
example-space <%= vars.app_domain %> 60000 tcp tcp-app
-
+```
Developers can only see routes in spaces where they are a member.
Note that cf CLI v7 removes the port and path columns from the output.
@@ -276,7 +286,7 @@ Note that cf CLI v7 removes the port and path columns
Developers can view a route and its destinations within the current space with the cf route command. A route is uniquely identified by the combination of a host name, domain, port, and path.
Note that the `cf route` command is available in cf CLI v8 only.
-
+```console
$ cf route <%= vars.app_domain %> --hostname example-app
Showing route example-app.<%= vars.app_domain %> in org o / space example-space as admin...
@@ -289,27 +299,27 @@ protocol: http
Destinations:
app process port protocol
mystore web 8080 http1
-
+```
Developers can only view a route within a space where they are a member.
### Check routes
-Developers cannot create a route that is already taken. To find out if a route is available, developers can use the [cf
-check-route](https://cli.cloudfoundry.org/en-US/cf/check-route.html) command.
+Developers cannot create a route that is already taken. To find out if a route is available, developers can use the
+`cf check-route` command.
To find out if a route with the host name `store` and the domain `<%= vars.app_domain %>` and the path `products` exists, run:
-
+```console
$ cf check-route <%= vars.app_domain %> --hostname store --path /products
Checking for route...
OK
Route store.<%= vars.app_domain %>/products does exist
-
+```
### Map a route to your app
-For an app to receive requests to a route, developers must map the route to the app with the [cf map-route](https://cli.cloudfoundry.org/en-US/cf/map-route.html) command. If the route does not already exist, this command creates it.
+For an app to receive requests to a route, developers must map the route to the app with the `cf map-route` command. If the route does not already exist, this command creates it.
Any app that is not routed to port 80 or port 443 must be explicitly mapped using the cf map-route command. Otherwise, the route is mapped to port 443.
@@ -317,7 +327,7 @@ You can create and reserve routes for later use by following the procedure in [M
Changes to route mappings are run asynchronously. On startup, an app becomes accessible at its route within a few seconds. Similarly, upon mapping a new route to a running app, the app becomes accessible at this route within a few seconds of the CLI exiting.
-#### Manually map a route
+Manually map a route
For these routes and apps:
@@ -346,57 +356,57 @@ For these routes and apps:
The following commands map the routes in the table to their respective apps. Developers use host name, domain, and path to uniquely identify a route to which to map their apps.
-
+```console
$ cf map-route products <%= vars.app_domain %> --hostname store --path products
$ cf map-route orders <%= vars.app_domain %> --hostname store --path orders
$ cf map-route storefront <%= vars.app_domain %> --hostname store
$ cf map-route tcp-app <%= vars.tcp_app_domain %> --port 60000
-
+```
The following command maps the wildcard route `*.foo.<%= vars.app_domain %>` to the app `myfallbackapp`.
-
+```console
$ cf map-route myfallbackapp foo.<%= vars.app_domain %> --hostname '*'
-
+```
In cf CLI v8, the following command maps the route `h2app.<%= vars.app_domain %>` as an HTTP/2 route to the HTTP/2 app `h2app`.
-
+```console
$ cf map-route h2app <%= vars.app_domain %> --hostname h2app --destination-protocol http2
-
+```
-#### Map a route with app push
+Map a route with app push
Developers can map a route to their app with the `cf push` command.
As of cf CLI v7, the best way to do this is by using the `routes` property in the manifest.
-
+```console
$ cf push example-app
-
+```
To customize the route during `push`, specify the domain using the `-d` flag and the host name with the `--hostname` flag. The following command creates the `foo.<%= vars.private_app_domain %>` route for `example-app`:
-
+```console
$ cf push example-app -d <%= vars.private_app_domain %> --hostname foo
-
+```
To map a TCP route during `push`, specify a TCP domain and request a random port using `--random-route`. To specify a port, push the app without a route, then create and map the route manually by following the procedure in [Create a TCP route with a port](#create-route-w-port).
-
+```console
$ cf push tcp-app -d <%= vars.tcp_app_domain %> --random-route
-
+```
-#### Map a route using app manifest
+Map a route using app manifest
Developers can map a route to their app with a manifest by editing the `route` attribute to specify the host, domain, port, and path components of the route. For more information, see [Deploying with app manifests](../deploy-apps/manifest.html#routes).
-#### Map a route to multiple apps
+Map a route to multiple apps
<%= partial 'routing_conflict' %>
For more information about troubleshooting this problem, see [Routing conflict](troubleshoot-app-health.html#routing-conflict) in _Troubleshooting app deployment and health_.
-#### Map multiple routes to one app
+Map multiple routes to one app
You can have multiple routes to an app, but those routes cannot have different context paths.
@@ -417,7 +427,7 @@ These routes are valid for a single app:
-These routes are _not_ valid for a single app:
+These routes are not valid for a single app:
@@ -434,15 +444,15 @@ These routes are _not_ valid for a single app:
-#### Map an internal route to an app
+Map an internal route to an app
You can map an internal route to any app. This internal route allows your app to communicate with other apps without leaving the platform. After it is mapped, this route becomes available to all other apps on the platform.
This example creates a `foo.apps.internal` internal route for `example-app`:
-
+```console
$ cf map-route example-app apps.internal --hostname foo
-
+```
### Unmap a route
@@ -450,19 +460,20 @@ Developers can remove a route from an app using the `cf unmap-route` command. Th
To unmap an HTTP route from an app, identify the route using the host name, domain, and path:
-
+```console
$ cf unmap-route tcp-app <%= vars.private_app_domain %> --hostname example-app --path mypath
-
+```
To unmap a TCP route from an app, identify the route using the domain and port:
-
+```console
$ cf unmap-route tcp-app <%= vars.tcp_app_domain %> --port 60000
-
+```
### Share a route with another space
-To follow the procedure in this section, you must use cf CLI v8.5.0 or later. To download cf CLI v8.5.0 or later, see the Cloud Foundry CLI repository on GitHub.
+
+To follow the procedure in this section, you must use cf CLI v8.5.0 or later. To download cf CLI v8.5.0 or later, see the
Cloud Foundry CLI repository on GitHub.
+ ```console
cf share-route example.com --hostname example-app --path example-path -s other-space -o other-org
-
+ ```
### Transfer ownership of a route to another space
-
-Important
-To follow the procedure in this section, you must use cf CLI v8.5.0 or later. To download cf CLI v8.5.0 or later, see the Cloud Foundry CLI repository on GitHub.
-
+
+To follow the procedure in this section, you must use cf CLI v8.5.0 or later. To download cf CLI v8.5.0 or later, see the
Cloud Foundry CLI repository on GitHub.
cf move-route command. You can use this command if you are unable to maintain or delete a shared route within the space with which it was shared. For information about sharing routes across spaces, see [Share a route with another space](#share-route).
@@ -532,9 +541,9 @@ To move a route:
The following example command moves the route `example-app.example.com/example-path` with the `other-space` space in the `other-org` org:
-
+ ```console
cf move-route example.com --hostname example-app --path example-path -s other-space -o other-org
-
+ ```
### Delete a route
@@ -542,47 +551,42 @@ Developers can delete a route from a space using the `cf delete-route` command.
To delete a HTTP route, identify the route using the host name, domain, and path:
-
+```console
$ cf delete-route <%= vars.private_app_domain %> --hostname example-app --path mypath
-
+```
To delete a TCP route, identify the route using the domain and port.
-
+```console
$ cf delete-route tcp.<%= vars.private_app_domain %> --port 60000
-
+```
### Routing requests to a specific app instance
Users can route HTTP requests to a specific app instance using the header `X-Cf-App-Instance`.
-
-Important
-Use of the X-Cf-App-Instance header is available only for users on the Diego architecture.
-
-
The format of the header is `X-Cf-App-Instance: APP_GUID:APP_INDEX`.
`APP_GUID` is an internal identifier for your app.
Use the `cf APP-NAME --guid` command to discover the `APP_GUID` for your app.
-
+```console
$ cf app example-app --guid
-
+```
`APP_INDEX`, for example, `0`,`1`, `2`, or `3`, is an identifier for a particular app instance. Use the CLI command `cf app APP-NAME` to get statistics on each
instance of a particular app.
-
+```console
$ cf app example-app
-
+```
The following example shows a request made to instance `9` of an app with GUID `5cdc7595-2e9b-4f62-8d5a-a86b92f2df0e` and mapped to route
`example-app.<%= vars.private_app_domain %>`.
-
+```console
$ curl example-app.<%= vars.private_app_domain %> -H "X-Cf-App-Instance: 5cdc7595-2e9b-4f62-8d5a-a86b92f2df0e:9"
-
+```
If the `X-Cf-App-Instance` header is set to an invalid value, Gorouter returns a `400` status code and the response from Gorouter contains a
`X-Cf-Routererror` header with more information about the error. Before the routing release v0.197.0, Gorouter returned a `404` error.
@@ -609,6 +613,72 @@ These are the possible error responses:
+### Routing requests to a specific process instance
+
+Since routing-release version 0.332.0, users can route HTTP requests to a specific
+process instance using the header `X-Cf-Process-Instance`.
+
+The format of the header is `X-Cf-Process-Instance: PROCESS_GUID:PROCESS_INDEX` or `X-Cf-Process-Instance: PROCESS_GUID`.
+
+`PROCESS_GUID` is an internal identifier for a specific app process.
+Use `cf curl /v3/apps/$(cf APP-NAME --guid)/processes` command to discover the `PROCESS_GUID`s related to your app.
+
+`PROCESS_INDEX`, for example, `0`,`1`, `2`, or `3`, is an identifier for a particular process instance. Use the CLI command `cf app APP-NAME` to get statistics on each
+instance of a particular app process.
+
+```console
+$ cf app example-app
+```
+
+The following example shows a request made to instance `9` of an process with GUID `5cdc7595-2e9b-4f62-8d5a-a86b92f2df0e` and mapped to route
+`example-app.<%= vars.private_app_domain %>`.
+
+```console
+$ curl example-app.<%= vars.private_app_domain %> -H "X-Cf-Process-Instance: 5cdc7595-2e9b-4f62-8d5a-a86b92f2df0e:9"
+```
+
+The following example shows a request made a process with GUID `5cdc7595-2e9b-4f62-8d5a-a86b92f2df0e` and mapped to route
+`example-app.<%= vars.private_app_domain %>`.
+
+```console
+$ curl example-app.<%= vars.private_app_domain %> -H "X-Cf-Process-Instance: 5cdc7595-2e9b-4f62-8d5a-a86b92f2df0e"
+```
+
+If the `X-Cf-Process-Instance` header is set to an invalid value, Gorouter returns a `400` status code and the response from Gorouter contains a
+`X-Cf-Routererror` header with more information about the error.
+
+These are the possible error responses:
+
+
+
+ | X-Cf-Routererror value |
+ Reason for error
+ | Response body |
+
+
+ invalid_cf_process_instance_header |
+ The value provided for X-Cf-Process-Instance was an incorrectly formatted GUID. |
+ None |
+
+
+ unknown_route |
+ The value provided for X-Cf-Process-Instance is a correctly formatted GUID, but no backend is found with that GUID and index for the route
+ requested. |
+ 400 Bad Request: Requested process instance ('1') with guid ('aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa') does not exist for route
+ ('example-route.cf.com') |
+
+
+ unknown_route |
+ The value provided for X-Cf-Process-Instance is a correctly formatted GUID but no backend is found with that GUID for the route
+ requested. |
+ 400 Bad Request: Requested process instance with guid ('aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa') does not exist for route
+ ('example-route.cf.com') |
+
+
+
+
+If the `X-Cf-App-Instance` header and the `X-Cf-Process-Instance` header are
+present on the same request, then the `X-Cf-App-Instance` takes presidence.
## Domains
@@ -621,14 +691,14 @@ Domains indicate to a developer that requests for any route created from the dom
When creating a route, developers select from domains available to them. Use the `cf domains` command to view a list of available domains for the targeted org:
-
+```console
$ cf domains
Getting domains in org example-org as user@example.com... OK
name status type
<%= vars.app_domain %> shared
<%= vars.tcp_app_domain %> shared tcp
<%= vars.private_app_domain %> owned
-
+```
This example displays three available domains: a shared HTTP domain `<%= vars.app_domain %>`, a shared TCP domain `<%= vars.tcp_app_domain %>`, and a private
domain `<%= vars.private_app_domain %>`. For more information, see [Shared domains](#shared-domains) and [Private domains](#private-domains).
@@ -650,47 +720,46 @@ When using shared domains, you cannot have routes with the same host name and do
Shared domains are HTTP by default, but can be configured to be TCP when associated with the TCP router group.
-#### Create a shared domain
+ Create a shared domain
Admins can create an HTTP shared domain with the `cf create-shared-domain` command:
-
+```console
$ cf create-shared-domain <%= vars.app_domain %>
-
+```
To create a TCP shared domain, first discover the name of the TCP router group.
-
-Important
-cf CLI v7 does not support TCP routing or creating shared domains with router groups.
+
+cf CLI v7 does not support TCP routing or creating shared domains with router groups.
-
+```console
$ cf router-groups
Getting router groups as admin ...
name type
default-tcp tcp
-
+```
Then create the shared domain using the `--router-group` option to associate the domain with the TCP router group.
-
+```console
$ cf create-shared-domain <%= vars.tcp_app_domain %> --router-group default-tcp
-
+```
-#### Delete a shared domain
+Delete a shared domain
Admins can delete a shared domain from <%= vars.app_runtime_abbr %> with the `cf delete-shared-domain` command:
-
+```console
$ cf delete-shared-domain example.com
-
+```
-#### Internal domain
+Internal domain
The internal domain is a special type of shared domain used for app communication internal to the platform. When you activate service discovery, the internal domain `apps.internal` becomes available for route mapping.
Admins can configure multiple internal domains. Add a custom internal domain name to the `internal_domains` property on the `bosh-dns-adapter` job. Then create an internal domain using the `--internal` option:
-
+```console
$ cf create-shared-domain <%= vars.app_domain %> --internal
-
+```
The `--router-group` option is not used with internal domains.
@@ -704,42 +773,41 @@ When using private domains, you can have routes with the same host name and doma
Private domains can be HTTP or HTTPS only. TCP routing is supported for shared domains only.
-#### Create a private domain
+Create a private domain
Org managers can create a private domain by running:
-
+```console
$ cf create-private-domain example-org <%= vars.private_app_domain %>
-
+```
Org managers can create a private domain for a subdomain by running:
-
+```console
$ cf create-private-domain example-org foo.<%= vars.private_app_domain %>
-
+```
-#### Sharing a private domain with one or more orgs
+Sharing a private domain with one or more orgs
Org managers can grant or revoke access to a private domain to other orgs if they have permissions for these orgs.
As of cf CLI v7, `cf unshare-private-domain` command provides a warning and requires confirmation before it proceeds.
-
+```console
$ cf share-private-domain test-org <%= vars.private_app_domain %>
$ cf unshare-private-domain test-org <%= vars.private_app_domain %>
-
+```
#### Delete a private domain
Org managers can delete a domain from <%= vars.app_runtime_abbr %> with the `cf delete-domain` command:
-
+```console
$ cf delete-private-domain <%= vars.private_app_domain %>
-
+```
-
-Important
-cf CLI v7 renames the delete-domain command to delete-private-domain.
+
+cf CLI v7 renames the delete-domain command to delete-private-domain.
### Requirements for parent and child domains
@@ -835,9 +903,8 @@ If you use a wildcard as the subdomain name, then your DNS provider can route fr
To use your root domain for apps on <%= vars.app_runtime_abbr %>, you can use custom DNS record types like ALIAS and ANAME, if your DNS provider offers them, or you can use subdomain redirection.
-
-Note
-Root domains are also called zone apex domains.
+
+Root domains are also called zone apex domains.
If your DNS provider supports using an ALIAS or ANAME record, configure your root domain with your DNS provider to point at a shared domain in
<%= vars.app_runtime_abbr %>.
@@ -859,11 +926,10 @@ If your DNS provider supports using an ALIAS or ANAME record, configure your roo
If your DNS provider does not support ANAME or ALIAS records, you can use subdomain redirection, also known as domain forwarding, to redirect requests for your root domain to a subdomain configured as a CNAME.
-
-Important
+
Configure the root domain to point at a subdomain such as `www`, and configure the subdomain as a CNAME record pointing at a shared domain in
<%= vars.app_runtime_abbr %>.
diff --git a/deploy-apps/ssh-apps.html.md.erb b/deploy-apps/ssh-apps.html.md.erb
index 6948aa9c..7738c9b8 100644
--- a/deploy-apps/ssh-apps.html.md.erb
+++ b/deploy-apps/ssh-apps.html.md.erb
@@ -7,8 +7,8 @@ owner: Diego
The Cloud Foundry Command Line Interface (cf CLI) lets you securely log in to remote host virtual machines (VMs) running <%= vars.app_runtime_full %> (<%= vars.app_runtime_abbr %>) app instances. The commands that activate SSH access to apps, and activate, deactivate, and verify permissions for such access are described here.
-Important
-The cf ssh command in cf CLI v7+ include the all_proxy environment variable, which allows you to specify a proxy server to activate proxying for all requests. For more information, see ssh in the Cloud Foundry CLI Reference Guide and Use SOCKS5 with cf v3-ssh in Using the cf CLI with a proxy server.
+The cf ssh command in cf CLI v7+ includes the all_proxy environment variable, which allows you to specify a proxy server to activate proxying for all requests. For more information, see Use SOCKS5 with cf v3-ssh in Using the cf CLI with a proxy server.
+For command details, enter cf ssh --help
The cf CLI looks up the `app_ssh_oauth_client` identifier in the Cloud Controller `/v2/info` endpoint, and uses this identifier to query the UAA server for an SSH authorization code. On the target VM side, the SSH proxy contacts the Cloud Controller through the `app_ssh_endpoint` listed in `/v2/info` to confirm permission for SSH access.
@@ -59,24 +59,24 @@ You must restart your app after enabling SSH access.
### Configuring SSH access at the app level
-[cf enable-ssh](http://cli.cloudfoundry.org/en-US/cf/enable-ssh.html) activates SSH access to all instances of an app:
+`cf enable-ssh` activates SSH access to all instances of an app:
$ cf enable-ssh MY-AWESOME-APP
-[cf disable-ssh](http://cli.cloudfoundry.org/en-US/cf/disable-ssh.html) deactivates SSH access to all instances of an app:
+`cf disable-ssh` deactivates SSH access to all instances of an app:
$ cf disable-ssh MY-AWESOME-APP
### Configuring SSH access at the space level
-[cf allow-space-ssh](http://cli.cloudfoundry.org/en-US/cf/allow-space-ssh.html) allows SSH access into all apps in a space:
+`cf allow-space-ssh` allows SSH access into all apps in a space:
$ cf allow-space-ssh SPACE-NAME
-[cf disallow-space-ssh](http://cli.cloudfoundry.org/en-US/cf/disallow-space-ssh.html) disallows SSH access into all apps in a space:
+`cf disallow-space-ssh` disallows SSH access into all apps in a space:
$ cf disallow-space-ssh SPACE-NAME
@@ -84,12 +84,12 @@ $ cf disallow-space-ssh SPACE-NAME
## Verify SSH permissions
-[cf ssh-enabled](http://cli.cloudfoundry.org/en-US/cf/ssh-enabled.html) verifies whether an app is accessible with SSH:
+`cf ssh-enabled` verifies whether an app is accessible with SSH:
$ cf ssh-enabled MY-AWESOME-APP
ssh support is disabled for 'MY-AWESOME-APP'
-[cf space-ssh-allowed](http://cli.cloudfoundry.org/en-US/cf/space-ssh-allowed.html) verifies whether all apps running within a space are accessible with SSH:
+`cf space-ssh-allowed` verifies whether all apps running within a space are accessible with SSH:
$ cf space-ssh-allowed SPACE-NAME
ssh support is enabled in space 'SPACE-NAME'
@@ -107,7 +107,7 @@ $ cf ssh MY-AWESOME-APP
### Common cf SSH flags
-You can tailor [cf ssh](http://cli.cloudfoundry.org/en-US/cf/ssh.html) commands with the following flags, most of which mimic flags for the UNIX or Linux `ssh` command. Run the `cf ssh --help` command for more details.
+You can tailor `cf ssh` commands with the following flags, most of which mimic flags for the UNIX or Linux `ssh` command. Run the `cf ssh --help` command for more details.
* The `-i` flag targets a specific instance of an app. To log in to the VM container hosting the third instance, `index=2`, of MY-AWESOME-APP, run:
@@ -149,17 +149,11 @@ _<%= vars.app_runtime_abbr %> Environment Variables_.
## App SSH access without cf CLI
In addition to `cf ssh`, you can use other SSH clients such as `ssh`, `scp`, or `sftp` to access
-your app, if you have SSH permissions.
+your app via its process GUID, if you have SSH permissions.
-Follow one of these procedures to securely connect to an app instance by logging in with a
-specially-formed user name that passes information to the SSH proxy running on the host VM. For the
-password, use a one-time SSH authorization code generated by
-[cf ssh-code](http://cli.cloudfoundry.org/en-US/cf/ssh-code.html).
+> **Note** Previous versions of <%= vars.app_runtime_abbr %> supported SSH access to apps via the app GUID, as archived at Access app SSH using app GUID
-* [Access app SSH using process GUID](#process-guid)
-* [Access app sSH using app GUID](#app-guid)
-
-### Access app SSH using process GUID
+To securely connect to an app instance using its process GUID:
1. Query the `/v2/info` endpoint of the Cloud Controller in your deployment. Record the domain name
and port number of the `app_ssh_endpoint` field, and the `app_ssh_host_key_fingerprint` field. You
@@ -225,95 +219,6 @@ authorization code returned by `cf ssh-code`. For example:
You have now securely connected to the app instance.
-### Access app SSH using app GUID
-
-1. Display the GUID of your target app by running:
-
- ```console
- cf app APP-NAME --guid`
- ```
- Where `APP-NAME` is the name of the app.
-
- For example:
-
- $ cf app my-app --guid
- abcdefab-1234-5678-abcd-1234abcd1234
-
-
-1. Query the `/v2/info` endpoint of the Cloud Controller in your deployment. Record the domain name
-and port number of the `app_ssh_endpoint` field, and the `app_ssh_host_key_fingerprint` field. You can compare the `app_ssh_host_key_fingerprint` with the fingerprint returned by the SSH proxy on your target VM. For example:
-
-
- $ cf curl /v2/info
- {
- ...
- "app_ssh_endpoint": "ssh.example.com:2222",
- "app_ssh_host_key_fingerprint": "a6:14:c0:ea:42:07:b2:f7:53:2c:0b:60:e0:00:21:6c",
- ...
- }
-
-
- In this example:
-
- - The domain name is
ssh.example.com.
- - The port number is
2222.
- - The fingerprint is
a6:14:c0:ea:42:07:b2:f7:53:2c:0b:60:e0:00:21:6c.
-
-
-
-1. Run `cf ssh-code` to obtain a one-time authorization code that substitutes for an SSH password. You can run `cf ssh-code | pbcopy` to copy the code to the clipboard. For example:
-
-
- $ cf ssh-code
- E1x89n
-
-
-1. Run your `ssh` or other command to connect to the app instance.
- - SSH into the container hosting the first instance of your app by running:
-
- ```console
- ssh -p `SSH-PORT` cf:APP-GUID/APP-INSTANCE-INDEX@SSH-ENDPOINT
- ```
-
- Where:
-
- SSH-PORT is the port number recorded in earlier steps.APP-GUID comes from earlier steps.APP-INSTANCE-INDEX is the index of the instance that you want to access.SSH-ENDPOINT comes from the earlier steps and is in the form ssh.MY-DOMAIN.com.
-
- For example:
-
- $ ssh -p 2222 cf:abcdefab-1234-5678-abcd-1234abcd1234/0@ssh.example.com
-
- - Or you can use `scp` to transfer files by running one of the following commands:
-
- ```console
- scp -P `SSH-PORT` -o User=cf:APP-GUID/APP-INSTANCE-INDEX ssh.MY-DOMAIN.com:REMOTE-FILE-TO-RETRIEVE LOCAL-FILE-DESTINATION
- ```
- ```console
- scp -P `SSH-PORT` -o User=cf:APP-GUID/APP-INSTANCE-INDEX LOCAL-FILE-TO-COPY ssh.MY-DOMAIN.com:REMOTE-FILE-DESTINATION
- ```
- - Or you can use `ssh` piped with `cat` to transfer the file:
-
- ```console
- cat local_file_path | cf ssh MY-AWESOME-APP -c "cat > remote_file_path"
- ```
-
-2. When the SSH proxy reports its RSA fingerprint, confirm that it matches the `app_ssh_host_key_fingerprint` recorded previously. When prompted for a password, paste in the authorization code returned by `cf ssh-code`, for example:
-
-
- $ ssh -p 2222 cf:abcdefab-1234-5678-abcd-1234abcd1234/0@ssh.MY-DOMAIN.com
- The authenticity of host '[ssh.MY-DOMAIN.com]:2222 ([203.0.113.5]:2222)' can't be established.
- RSA key fingerprint is a6:14:c0:ea:42:07:b2:f7:53:2c:0b:60:e0:00:21:6c.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '[ssh.MY-DOMAIN.com]:2222 [203.0.113.5]:2222' (RSA) to the list of known hosts.
- cf:d0a2e11d-e6ca-4120-b32d-140@ssh.ketchup.cf-app.com's password:
- vcap@ce4l5164kws:~$
-
-
-You have now securely connected to the app instance.
## SSH proxy security configuration
@@ -419,7 +324,6 @@ When present, `host_fingerprint` declares the expected fingerprint of the SSH da
```
-Important
To avoid security exposure, migrate your apps and custom buildpacks to use the cflinuxfs4 stack based on Ubuntu 22.04 LTS (Jammy Jellyfish). The cflinuxfs3 stack is based on Ubuntu 18.04 (Bionic Beaver), which reaches end of standard support in April 2023.
### Daemon discovery
diff --git a/deploy-apps/ssh-services.html.md.erb b/deploy-apps/ssh-services.html.md.erb
index 7580d0e8..e38efb1c 100644
--- a/deploy-apps/ssh-services.html.md.erb
+++ b/deploy-apps/ssh-services.html.md.erb
@@ -14,7 +14,6 @@ _This topic requires Cloud Foundry Command Line Interface (cf CLI) v6.15.0 or la
<%= vars.mutual_tls_ssh %>
-Important
The procedure in this topic requires use of a service key, and not all services support service keys. Some services support credentials through app binding only.
@@ -29,7 +28,7 @@ The procedure in this topic requires use of a service key, and not all services
<%=vars.ssh_marketplace_output %>
-1. Create your service instance. As part of the [create-service](http://cli.cloudfoundry.org/en-US/cf/create-service.html) command, indicate the service name, the service plan, and the name you choose for your service instance.
+1. Create your service instance. As part of the `cf create-service` command, indicate the service name, the service plan, and the name you choose for your service instance.
$ cf create-service <%=vars.ssh_service %> <%=vars.ssh_service_plan %> MY-DB
@@ -58,13 +57,13 @@ To activate SSH access to your app, SSH access must also be activated for both t
To establish SSH access to your service instance, you must create a service key that contains critical information for configuring your SSH tunnel.
-1. Create a service key for your service instance using the [cf create-service-key](http://cli.cloudfoundry.org/en-US/cf/create-service-key.html) command.
+1. Create a service key for your service instance using the `cf create-service-key` command.
```console
cf create-service-key MY-DB EXTERNAL-ACCESS-KEY
```
-1. Retrieve your new service key using the [cf service-key](http://cli.cloudfoundry.org/en-US/cf/service-key.html) command.
+2. Retrieve your new service key using the `cf service-key` command.
```console
cf service-key MY-DB EXTERNAL-ACCESS-KEY
@@ -81,7 +80,7 @@ To establish SSH access to your service instance, you must create a service key
## Configure your SSH tunnel
-Configure an SSH tunnel to your service instance using [cf ssh](http://cli.cloudfoundry.org/en-US/cf/ssh.html). Tailor the following example command with information from your service key.
+Configure an SSH tunnel to your service instance using the `cf ssh` command. Tailor the following example command with information from your service key.
$ cf ssh -L 63306:<%= vars.ssh_service_host %>:3306 YOUR-HOST-APP
* You can use any available local port for port forwarding; for example, `63306`.
diff --git a/deploy-apps/stacks.html.md.erb b/deploy-apps/stacks.html.md.erb
index ff0082ba..c1afa39c 100644
--- a/deploy-apps/stacks.html.md.erb
+++ b/deploy-apps/stacks.html.md.erb
@@ -22,13 +22,12 @@ You can also use the Stack Auditor plug-in for the Cloud Foundry Command Line In
A stack is a prebuilt root file system (rootfs) that supports a specific operating system. For example, Linux-based systems need `/usr` and `/bin` directories at their root. The stack works in tandem with a buildpack to support apps running in compartments. Under Diego architecture, cell VMs can support multiple stacks.
-Note
Docker apps do not use stacks.
## Available stacks
-<%= vars.product_short %> <%= vars.current_major_version ? "v#{vars.current_major_version}" : "" %> includes support for `cflinuxfs3`. The Linux `cflinuxfs3` stack is derived from Ubuntu Bionic 18.04. For more information about supported libraries, see the [GitHub stacks page](https://github.com/cloudfoundry/cflinuxfs3/blob/main/receipt.cflinuxfs3.x86_64).
+Cloud Foundry includes support for `cflinuxfs3`. The Linux `cflinuxfs3` stack is derived from Ubuntu Bionic 18.04. For more information about supported libraries, see the [GitHub stacks page](https://github.com/cloudfoundry/cflinuxfs3/blob/main/receipt.cflinuxfs3.x86_64).
The latest versions of <%= vars.product_short %> include support for `cflinuxfs4` which is derived from Ubuntu 22.04 LTS (Jammy Jellyfish). For more information, see [GitHub cflinuxfs4 stack receipt](https://github.com/cloudfoundry/cflinuxfs4/blob/main/receipt.cflinuxfs4.x86_64).
diff --git a/deploy-apps/stop-delete.html.md.erb b/deploy-apps/stop-delete.html.md.erb
index dde9217e..66af01bb 100644
--- a/deploy-apps/stop-delete.html.md.erb
+++ b/deploy-apps/stop-delete.html.md.erb
@@ -29,7 +29,6 @@ Example:
## Delete an app
-Caution
Deleting an app is irreversible. We recommend that you run cf target before you start to confirm you are deleting the app from the correct org and space.
Many apps use services and routes. Deleting an app does not delete the services used by the app, and you must explicitly remove routes between your app and the Internet.
@@ -55,7 +54,6 @@ Example:
$ cf delete -r my-example-app
-Important
In cf CLI v7+, -r no longer deletes routes when the route is mapped to more than one app.
If you delete an app without the `r` option, you can delete the route manually.
diff --git a/deploy-apps/streaming-logs.html.md.erb b/deploy-apps/streaming-logs.html.md.erb
index 75f95173..dcaa465b 100644
--- a/deploy-apps/streaming-logs.html.md.erb
+++ b/deploy-apps/streaming-logs.html.md.erb
@@ -111,6 +111,18 @@ For example:
2016-06-14T14:10:15.18-0700 [APP/0] OUT Exit status 0
+The logs allow you to determine the particular revision and process of the application instance logging.
+
+For example, below shows the log line from two different revisions and web instances.
+
+2022-09-15T01:59:33.99+0000 [APP/REV/2/PROC/WEB/0] OUT hello world from new
+2022-09-15T01:59:34.99+0000 [APP/REV/1/PROC/WEB/1] OUT hello world from old
+
+
+
+Logs with revision id are only available if the application uses revisions and it is enabled in the platform
+
+
Each app might have a configured log rate limit. If the app logs exceed the configured log rate limit, you see a log entry indicating that the limit was exceeded.
For example:
@@ -129,7 +141,7 @@ For example:
2016-06-14T14:16:11.49-0700 [SSH/0] OUT Successful remote access by 192.0.2.33:7856
-For more information about the `cf ssh` command, see the [Cloud Foundry CLI reference guide](https://cli.cloudfoundry.org/en-US/cf/ssh.html).
+For more information about the `cf ssh` command, enter `cf ssh --help`.
### CELL
@@ -152,7 +164,7 @@ debugging because it might affect app performance.
## Viewing Logs
-To view logs, run the `cf logs` command. You can tail, dump, or filter log output. For more information about the `cf logs` command, see the [Cloud Foundry CLI reference guide](https://cli.cloudfoundry.org/en-US/cf/logs.html).
+To view logs, run the `cf logs` command. You can tail, dump, or filter log output. For more information about the `cf logs` command, enter `cf logs --help`.
### Tailing logs
diff --git a/deploy-apps/troubleshoot-app-health.html.md.erb b/deploy-apps/troubleshoot-app-health.html.md.erb
index cf524594..e251be78 100644
--- a/deploy-apps/troubleshoot-app-health.html.md.erb
+++ b/deploy-apps/troubleshoot-app-health.html.md.erb
@@ -211,7 +211,6 @@ To view app logs streamed in real time, run `cf logs APP-NAME`.
To aggregate your app logs to view log history, bind your app to a syslog drain service. For more information, see [Streaming app logs to log management services](./../services/log-management.html).
-Important
The Diego architecture does not support the cf files command, and cf files was removed as of cf CLI v7.
### Trace Cloud Controller REST API calls
@@ -240,7 +239,6 @@ export CF_TRACE=PATH-TO-TRACE.LOG
```
-Caution
CF_TRACE is a local environment variable that modifies the behavior of the cf CLI. Do not confuse CF_TRACE with the variables in the container environment where your apps run. For more information about these container variables, see Examine environment variables.
### Analyze Zipkin trace IDs
@@ -261,7 +259,6 @@ Some cf CLI commands return connection credentials. Remove credentials and other
* `cf app APP-NAME`: Returns information about the processes in the current space. Apps are listed alphabetically.
- Important
CPU values returned by cf app show the total usage of each app instance on all CPU cores on a host VM, where each core contributes 100%. For example, the CPU of a single-threaded app instance on a Diego Cell with one core cannot exceed 100%, and four instances sharing the Diego Cell cannot exceed an average CPU of 25%. A multi-threaded app instance running alone on a Diego Cell with eight cores can draw up to 800% CPU.
* `cf env APP-NAME`: Returns environment variables set using `cf set-env` and variables existing in the container environment.
@@ -275,7 +272,6 @@ Logging in <%= vars.app_runtime_abbr %>_.
* `cf logs APP-NAME`: Returns a real-time stream of the app stdout and stderr. Press **Ctrl+C** or **Command+C** on your keyboard to exit the real-time stream.
-Important
Your app must direct its logs to stdout and stderr. The cf logs command also returns messages from any Log4j facility that you configure to send logs to STDOUT. For more information, see the Log4j website.
diff --git a/deploy-apps/windows-stacks.html.md.erb b/deploy-apps/windows-stacks.html.md.erb
index f75d1784..eed02d9d 100644
--- a/deploy-apps/windows-stacks.html.md.erb
+++ b/deploy-apps/windows-stacks.html.md.erb
@@ -20,13 +20,12 @@ You can also use the Stack Auditor plug-in for the Cloud Foundry Command Line In
A stack is a prebuilt root file system (rootfs) that supports a specific operating system. For example, Linux-based systems need `/usr` and `/bin` directories at their root and Windows needs `/windows`. The stack works in tandem with a buildpack to support apps running in compartments. Under Diego architecture, cell VMs can support multiple stacks.
-Note
Docker apps do not use stacks.
## Available stacks
-If you push your <%= vars.windows_runtime_abbr %> <%= vars.current_major_version ? "v#{vars.current_major_version}" : "" %> app to a Windows stack, you must use `windows`.
-The `windows2016` stack is not supported on <%= vars.windows_runtime_abbr %>.
+If you push your Cloud Foundry app to a Windows stack, you must use `windows`.
+The `windows2016` stack is not supported on Cloud Foundry.
## Restaging apps on a new stack
diff --git a/http2-protocol.html.md.erb b/http2-protocol.html.md.erb
index f50a25ed..fc34263e 100644
--- a/http2-protocol.html.md.erb
+++ b/http2-protocol.html.md.erb
@@ -91,8 +91,8 @@ To push an HTTP/1.1 app that can serve HTTP/2 traffic:
```
Where `MY-APP.EXAMPLE.COM` is the route mapped to your app.
The request and response are both issued over HTTP/2.
+
- Important
To issue this request, you must use a version of curl that supports HTTP/2.
1. Review the app logs by running:
@@ -144,8 +144,7 @@ For example, you can use the HTTP/2 test app from [Cloud Foundry Acceptance Test
The recommended way to do this is using the `routes` attribute in the manifest YAML file.
-Important
-The following procedure is supported only for cf CLI v6. The `--hostname` flag is deprecated in cf CLI v7, and must be specified in the manifest.
+The following procedure is supported only for cf CLI v6. The --hostname flag is deprecated in cf CLI v7, and must be specified in the manifest.
To push an app that serves HTTP/2 traffic using the cf CLI (v6 only):
diff --git a/index.html.md.erb b/index.html.md.erb
index 9677d668..6dd3d23e 100644
--- a/index.html.md.erb
+++ b/index.html.md.erb
@@ -33,14 +33,14 @@ If you do these things, you are a <%= vars.app_runtime_abbr %> **developer**, a
* [Starting, restarting, and restaging apps](deploy-apps/start-restart-restage.html)
* [Pushing an app with multiple processes](multiple-processes.html)
* [Running cf push sub-step commands](push-sub-commands.html)
- * [Canary app deployments](deploy-apps/canary-deploy.html)
- * [Rolling app deployments](deploy-apps/rolling-deploy.html)
+ * [Configuring app deployments](deploy-apps/rolling-deploy.html)
* [Pushing apps with sidecar processes](sidecars.html)
* [Using blue-green deployment to reduce downtime and risk](deploy-apps/blue-green.html)
* [Troubleshooting app deployment and health](deploy-apps/troubleshoot-app-health.html)
* **Routes and Domains:** How to configure routes and domains.
* [Configuring routes and domains](deploy-apps/routes-domains.html)
+ * [Configuring per-route options](custom-per-route-options.html)
* [Configuring <%= vars.app_runtime_abbr %> to route traffic to apps on custom ports](custom-ports.html)
* [Routing HTTP/2 and gRPC traffic to apps](http2-protocol.html)
diff --git a/multiple-processes.html.md.erb b/multiple-processes.html.md.erb
index f1ed829b..b5ac0b93 100644
--- a/multiple-processes.html.md.erb
+++ b/multiple-processes.html.md.erb
@@ -124,5 +124,4 @@ To view the processes running as part of an app:
- Important
To avoid security exposure, ensure that you migrated your apps and custom buildpacks to use the cflinuxfs4 stack based on Ubuntu 22.04 LTS (Jammy Jellyfish). The cflinuxfs3 stack is based on Ubuntu 18.04 (Bionic Beaver), which reaches end of standard support in April 2023.
diff --git a/push-sub-commands.html.md.erb b/push-sub-commands.html.md.erb
index 39010adc..bb7ce7a7 100644
--- a/push-sub-commands.html.md.erb
+++ b/push-sub-commands.html.md.erb
@@ -13,6 +13,7 @@ Here are some example use cases for the sub-step commands:
* Calling external services to report audit data during push
* Scanning a droplet before deploy
* Integrating with a change request system
+* Running droplets built on a different Cloud Foundry deployment
To support these custom push workflows, Cloud Foundry divides apps into smaller building blocks.
@@ -20,15 +21,11 @@ The following table describes the building blocks as resources and lists the com
For information about using these commands, see [Example workflows](#example-workflows).
-
-Important
-The cf CLI v6 commands described in this topic are experimental and unsupported, but are supported in cf CLI v7. The latest supported cf CLI release is cf CLI v8. To upgrade to cf CLI v7, see Upgrading to cf CLI v7. To upgrade to cf CLI v8, see Upgrading to cf CLI v8.
-
| Resource |
Description |
- Command |
+ Commands |
| App |
@@ -36,6 +33,8 @@ The cf CLI v6 commands described in this topic are experimental and unsupported,
For more information, see Apps in the CAPI documentation.
+ cf appcf appscf create-app
|
@@ -47,12 +46,13 @@ The cf CLI v6 commands described in this topic are experimental and unsupported,
cf create-packagecf packages
|
| Build |
- Staging the app. Creating a build combines a Package with a Buildpack and builds it into an executable resource.
+ | Staging the app. Creating a build combines a Package with a Buildpack and builds it into an executable resource, called a Droplet.
For more information, see Builds in the CAPI documentation. |
@@ -66,6 +66,8 @@ The cf CLI v6 commands described in this topic are experimental and unsupported,
For more information, see Droplet in the CAPI documentation. |
+ cf download-dropletcf dropletscf set-droplet
|
@@ -76,7 +78,8 @@ The cf CLI v6 commands described in this topic are experimental and unsupported,
For more information, see Space Manifest in the CAPI documentation.
- cf create-app-manifest, cf apply-manifestcf apply-manifestcf create-app-manifest
|
@@ -105,7 +108,7 @@ This example workflow describes how to push an app using sub-step commands inste
```
Where `APP-NAME` is the name of your app.
-1. Locate and copy the `package guid` from the output of an earlier step. See the following example output:
+1. Locate and copy the `package guid` from the output of an earlier step or by using the `cf packages` command. See the following example output:
Uploading and creating bits package for app APP-NAME in org test / space test as admin...
@@ -124,7 +127,7 @@ This example workflow describes how to push an app using sub-step commands inste
PACKAGE-GUID is the package GUID you recorded in an earlier step.
-3. Locate and copy the `droplet guid` from the output of an earlier step. See the following example output:
+3. Locate and copy the `droplet guid` from the output of an earlier step or by using the `cf droplets` command. See the following example output:
Staging package for APP-NAME in org test / space test as admin...
@@ -138,7 +141,7 @@ This example workflow describes how to push an app using sub-step commands inste
4. Assign the droplet to your app:
```
- cf set-droplet APP-NAME -d DROPLET-GUID
+ cf set-droplet APP-NAME DROPLET-GUID
```
Where:
@@ -182,10 +185,14 @@ This example workflow describes how to roll back to a previous droplet used by y
cf stop APP-NAME
```
+ If you wish to avoid incurring downtime when changing your droplet,
+ consider using [Rolling deployments](./deploy-apps/rolling-deploy.html)
+ instead of stopping and starting your app.
+
1. Set the app to use the previous droplet:
```
- cf set-droplet APP-NAME -d PREVIOUS-DROPLET-GUID
+ cf set-droplet APP-NAME PREVIOUS-DROPLET-GUID
```
Where:
@@ -199,3 +206,29 @@ This example workflow describes how to roll back to a previous droplet used by y
cf start APP-NAME
```
Where `APP-NAME` is the name of your app.
+
+### Downloading and uploading droplets
+
+This example workflow describes how to download a built droplet and then push
+it to an app. You might want to use this for building apps in one location and
+then deploying it elsewhere. For instance, you might use this to promote
+built apps from pre-production environments to production environments without
+having to re-build the app.
+
+1. Download the current droplet for your app:
+
+ ```
+ cf download-droplet APP-NAME --path PATH
+ ```
+
+ Where `APP-NAME` is the name of your app and `PATH` is the file path to download the droplet to.
+
+1. Log in to the desired Cloud Foundry environment and target the organization and space where you want to run the droplet you downloaded.
+
+1. Push a new or existing app with the downloaded droplet:
+
+ ```
+ cf push APP-NAME --droplet PATH
+ ```
+
+ Where `APP-NAME` is the name of your app and `PATH` is the file path to the downloaded droplet.
diff --git a/push.html.md.erb b/push.html.md.erb
index d7fa41ee..8e7940c6 100644
--- a/push.html.md.erb
+++ b/push.html.md.erb
@@ -9,6 +9,7 @@ These topics contain the procedures for deploying apps with `cf push`:
* [Pushing your app using Cloud Foundry CLI (cf push)](./deploy-apps/deploy-app.html)
* [Deploying with app manifests](./deploy-apps/manifest.html)
+
* [App manifest attribute reference](./deploy-apps/manifest-attributes.html)
* [Deploying an app with Docker](./deploy-apps/push-docker.html)
@@ -23,12 +24,10 @@ These topics contain the procedures for deploying apps with `cf push`:
* [Running cf push sub-step commands](push-sub-commands.html)
-* [Configuring canary app deployments](./deploy-apps/canary-deploy.html)
+* [Configuring canary app deployments](./deploy-apps/rolling-deploy.html#canary)
* [Configuring rolling app deployments](./deploy-apps/rolling-deploy.html)
-* [Starting a canary app deployments](./deploy-apps/canary-deploy.html)
-
* [Pushing apps with sidecar processes](./sidecars.html)
diff --git a/revisions.html.md.erb b/revisions.html.md.erb
index 59fdc47c..9f467ffa 100644
--- a/revisions.html.md.erb
+++ b/revisions.html.md.erb
@@ -9,29 +9,33 @@ App revisions do not include any tasks run on the app.
For additional information about app revisions, see [Revisions](http://v3-apidocs.cloudfoundry.org/version/release-candidate/#revisions) in the Cloud Foundry API (CAPI) documentation.
-Important
CAPI v3 is the recommended API version for revisions. While revisions work with CAPI v2, there are several inconsistencies. For example, revision descriptions for apps with multiple processes can be inaccurate because CAPI v2 does not support apps with multiple processes. Additionally, pushing an app for the first time with revisions in CAPI v2 creates two revisions.
-
-Caution
-The app revisions API is experimental, and future releases might have breaking changes.
-## Revisions use cases
+## Overview
-Some use cases for revisions include:
+Every <%= vars.platform_name %> app has a name.
+When you first deploy an app, <%= vars.platform_name %> gives it the revision version number `1`.
+When you re-deploy the app under the same name, for example as an update, <%= vars.platform_name %> increments its version number and saves the old version.
-* **Viewing revisions for an app:** This can help you understand how your app has changed over time.
+This saved application history is used by the `revisions` and `revision` CAPI endpoints and cf CLI commands to let you:
-* **Rolling back to a previous revision:** This allows you to deploy a version of the app that you had running previously without needing to track that previous state yourself or have multiple apps running. When you create a deployment and reference a revision, the revision deploys as the current version of your app.
+* **View revisions for an app:** To help you understand how your app has changed over time.
-### Events that trigger revisions
+* **Roll back to a previous revision:** To deploy a version of the app that you had running previously without needing to track that previous state yourself or have multiple apps running. When roll back an app, the specified revision deploys as the new current version of your app.
-Revisions are generated through these events:
+> **Note** The `cf revision` command takes a `--version` flag to specify a version number, but the command's output lists the same number as its `revision`.
+
+### When current app revision changes
+
+The app's revision version number increments when:
* A new droplet is deployed for an app.
-* An app is deployed with new environment variables.
+* An app is deployed with `--strategy rolling` or `--strategy canary` as described in [Configuring app deployments](./deploy-apps/rolling-deploy.html).
+* An app is deployed with a new environment variables.
* An app is deployed with a new or changed custom start command.
* An app rolls back to a prior revision.
+ - In this case, the newly-running version is identical to the specified old version.
By default, CAPI retains a maximum of 100 revisions per app.
@@ -61,68 +65,107 @@ Operators can configure <%= vars.platform_name %> to retain more droplets if nec
This section describes how to use CAPI endpoints for viewing revisions.
-### List revisions for an app
+### List revision history for an app
-To list revisions for an app:
+To list both current and stopped revisions for an app:
-1. Retrieve the GUID of the app by running:
+* Using the `revisions` command:
- ```
- cf app APP-NAME --guid
- ```
- Where `APP-NAME` is the name of your app.
+ ```
+ cf revisions APP-NAME
+ ```
+ Where `APP-NAME` is the name of your app.
-1. Run:
+* Using the `curl` command:
- ```
- cf curl /v3/apps/GUID/revisions
- ```
- Where `GUID` is the GUID you retrieved in an earlier step.
+ 1. Retrieve the GUID of the app by running:
-### List deployed revisions for an app
+ ```
+ cf app APP-NAME --guid
+ ```
+ Where `APP-NAME` is the name of your app.
-Deployed revisions are revisions linked to started processes in an app. To list deployed revisions:
+ 1. Run:
-1. Retrieve the GUID of the app by running:
+ ```
+ cf curl /v3/apps/GUID/revisions
+ ```
+ Where `GUID` is the GUID you retrieved in an earlier step.
- ```
- cf app APP-NAME --guid
- ```
- Where `APP-NAME` is the name of your app.
+### Get an app's current revision(s)
-1. Run:
+The current revision of an app is its currently-deployed, running revision, linked to started processes. There may be multiple currently running revisions during an active canary or rolling deployment. To list an app's current revision(s):
+
+* Using the `revision` command:
+
+ ```
+ cf revision APP-NAME
+ ```
+ Where `APP-NAME` is the name of your app.
+
+* Using the `curl` command
+
+ 1. Retrieve the GUID of the app by running:
+
+ ```
+ cf app APP-NAME --guid
+ ```
+ Where `APP-NAME` is the name of your app.
+
+ 1. Run:
+
+ ```
+ cf curl /v3/apps/GUID/revisions/deployed
+ ```
+ Where `GUID` is the GUID you retrieved in an earlier step.
+
+ When the current app is still deploying or is in a `stopped` state, the command output states, `It is not possible to show which revision is currently deployed.`
- ```
- cf curl /v3/apps/GUID/revisions/deployed
- ```
- Where `GUID` is the GUID you retrieved in an earlier step.
### Retrieve a revision
To retrieve a revision:
-1. Run:
+* Using the `revision` command:
+
+ ```
+ cf revision APP-NAME --version VERSION
+ ```
+ Where `APP-NAME` is the name of your APP and `VERSION` is the revision version.
- ```
- cf curl /v3/revisions/GUID
- ```
- Where `GUID` is the GUID of the revision.
+* Using the `curl` command:
+
+ 1. Run:
+
+ ```
+ cf curl /v3/revisions/GUID
+ ```
+ Where `GUID` is the GUID of the revision.
## Roll back to a previous revision
To roll back to a previous revision:
-1. Retrieve the GUID of the app by running:
+* Using the `rollback` command:
+
+ ```
+ cf rollback APP-NAME --version VERSION
+ ```
+ Where `APP-NAME` is the name of your APP and `VERSION` is the revision version you want to rollback to.
- ```
- cf app APP-NAME --guid
- ```
- Where `APP-NAME` is the name of your app.
+* Using `curl` command:
+
+ 1. Retrieve the GUID of the app:
+
+ ```
+ cf app APP-NAME --guid
+ ```
+ Where `APP-NAME` is the name of your app.
-1. Retrieve the GUID of the revision. See [Retrieve a revision](#get).
+ 1. Retrieve the GUID of the revision. See [Retrieve a revision](#get).
-1. Create a deployment using CAPI by running:
+ 1. Create a deployment using CAPI by running:
```
cf curl v3/deployments \
@@ -164,14 +207,14 @@ To deactivate revisions for an app:
1. Retrieve the GUID of the app by running:
- ```
- cf app APP-NAME --guid
- ```
- Where `APP-NAME` is the name of your app.
+ ```
+ cf app APP-NAME --guid
+ ```
+ Where `APP-NAME` is the name of your app.
1. Run:
- ```
- cf curl /v3/apps/GUID/features/revisions -X PATCH -d '{ "enabled": false }'
- ```
- Where `GUID` is the GUID you retrieved in an earlier step.
+ ```
+ cf curl /v3/apps/GUID/features/revisions -X PATCH -d '{ "enabled": false }'
+ ```
+ Where `GUID` is the GUID you retrieved in an earlier step.
diff --git a/routing-index.html.md.erb b/routing-index.html.md.erb
index e7e898d9..37e392d9 100644
--- a/routing-index.html.md.erb
+++ b/routing-index.html.md.erb
@@ -7,6 +7,8 @@ These topics contain information about configuring routes and domains:
* [Configuring routes and domains](deploy-apps/routes-domains.html)
+* [Configuring per-route options](custom-per-route-options.html)
+
* [Configuring <%= vars.app_runtime_abbr %> to route traffic to apps on custom ports](custom-ports.html)
* [Routing HTTP/2 and gRPC traffic to apps](http2-protocol.html)
diff --git a/services/_using-vol-services.html.md.erb b/services/_using-vol-services.html.md.erb
index 5db07eb0..50af4505 100644
--- a/services/_using-vol-services.html.md.erb
+++ b/services/_using-vol-services.html.md.erb
@@ -44,7 +44,6 @@ The following sections describe how to mount an external file system to your app
To use a volume service deployed by your <%= vars.admin %>, you must first create an instance of the specific volume service that you need.
-Note
You can also bind volume services using an app manifest. However, app manifests do not support bind configuration. To bind a volume service using an app manifest, you must specify bind configuration when you create the service instance. The releases that support this are nfs-volume v1.3.1 and later and smb-volume v1.0.0 and later. For more information, see Services in Deploying with App Manifests.
To create and bind an instance for the volume service:
@@ -81,13 +80,11 @@ To create and bind an instance for the volume service:
file permissions can be granted at the app level. If this is not needed, the you can eliminate the performance overhead of mapfs by managing permissions on the NFS server.
The user specified by uid must have access to the files on the share. When uid and gid are omitted, the app file operations use the UID of the running app process. For buildpack apps, this UID is always 2000. For Docker apps, the effective UID is the same as the UID of the process inside the Docker container, except for root, which is mapped to 4294967294 outside the Docker container.
- Caution
Specifying UID and GID values affects performance because the FUSE file system mapfs is used to translate UID and GID values.
-
(Optional)
OPTIONAL-MOUNT-PATH is a JSON string that indicates that the volume must be mounted to a particular path in your app rather than the default path. Choose a path with a root-level directory that already exists in the container, such as /home, /usr, or /var.
- Important
Do not specify a MOUNT-PATH in the /app directory, which is where <%= vars.app_runtime_abbr %> unpacks the droplet. For more information, see Mount a shared volume in the /app directory.
-
@@ -115,7 +112,6 @@ To create and bind an instance for the volume service:
-
(Optional)
OPTIONAL-MOUNT-PATH is a JSON string that indicates the volume must be mounted to a particular path within your app rather than the default path. Choose a path with a root-level directory that already exists in the container, such as /home, /usr, or /var.
- Important
Do not specify a MOUNT-PATH within the /app directory, which is where <%= vars.app_runtime_abbr %> unpacks the droplet. For more information, see Mount a shared volume in the /app directory.
@@ -137,6 +133,8 @@ To access the volume service from your app, you must know which file path to use
You can view the file path in the details of the service binding, which are available from the `VCAP_SERVICES` environment variable. See [VCAP_SERVICES](../deploy-apps/environment-variable.html#view-env).
+See [Credential Delivery Methods](./application-binding.html#credential-delivery-methods) for information about how to retrieve the volume mount information if you use file-based service bindings.
+
To access the volume service from your app:
1. View environment variables for your app. Run:
@@ -230,7 +228,6 @@ This section describes how to use the NFS volume service.
Both services offer a single plan called `Existing`.
-Note
NFS is not available on Windows systems.
### Create an NFS volume service
@@ -249,7 +246,6 @@ To create an NFS volume service using the `Existing` plan of the `nfs` service:
SERVICE-INSTANCE-NAME is a name you provide for this NFS volume service instance.SERVER/SHARE is the NFS address of your server and share.
- Important
Omit the : that usually follows the server name in the address.
-
@@ -258,15 +254,13 @@ To create an NFS volume service using the `Existing` plan of the `nfs` service:
<% if vars.platform_code != "CF" %>
- Important
Tanzu Application Service versions shipping with nfs-volume versions v7.1.45 - v7.1.47 or v5.0.55 - 5.0.58 (as of 22 Feb., 2024: 2.11.52 - 2.11.53, 2.13.34 - 2.13.35, 4.0.15 - 4.0.17, 5.0.6 - 5.0.7) do not support specifying NFS version: 3.0. These updated the contained nfs-utils (a dependency of nfs-volume-service) to a newer version that uses stricter option parsing.
NFSv3 does not utilize a MINOR version, but NFSv4 introduced MINOR versions that can be specified.
This has been mitigated by adding auto-correction logic to the nfsdriver process available with nfs-volume >= v7.1.48 and >= v5.0.59.
<% else %>
- Important
nfs-volume versions v7.1.45 - v7.1.47 ship with a recent version of nfs-utils (a dependency of nfs-volume-service). Recent versions of nfs-utils have stricter option parsing. This leads to an issue with environments that configured the `vers=3.0` mount option.
- NFSv3 does not utilize a MINOR version, but NFSv4 introduced MINOR versions that can be specified.
+ NFSv3 does not utilize a MINOR version, but NFSv4 introduced MINOR versions that can be specified.
This has been mitigated by adding auto-correction logic to the nfsdriver process available with nfs-volume >= v7.1.48.
<% end %>
@@ -298,13 +292,13 @@ To deploy and bind a sample app:
cd ~/workspace
```
```console
- git clone https://github.com/cloudfoundry/persi-acceptance-tests.git
+ git clone https://github.com/cloudfoundry/cf-acceptance-tests.git
```
-1. Change into the `persi-acceptance-tests/assets/pora/` directory:
+1. Change into the `cf-acceptance-tests/assets/pora/` directory:
```console
- cd ~/workspace/persi-acceptance-tests/assets/pora
+ cd ~/workspace/cf-acceptance-tests/assets/pora
```
1. Push the `pora` test app by running:
@@ -336,7 +330,6 @@ To deploy and bind a sample app:
while allowing <%= vars.app_runtime_abbr %> to run your app as an arbitrary user.
UID and GID must be positive integer values.
- Important
In NFS v2.0.0 and later, uid and gid values of 0 are no longer permissible because of security concerns.
@@ -454,7 +447,7 @@ To create an SMB volume service:
SERVICE-INSTANCE-NAME is a name you provide for this SMB volume service instance.
//SERVER/SHARE is the SMB address of your server and share.
- (Optional) SMB-VERSION is the SMB protocol version you want to use. For example, to use SMB 2.1, set the version to 2.1. Valid values are 1.0, 2.0, 2.1, or 3.0. If you do not specify a version, the client and server negotiate a protocol version at mount time. The client and server usually select the latest available version.
+ (Optional) SMB-VERSION is the SMB protocol version you want to use. For example, to use SMB 2.1, set the version to 2.1. Valid values are 1.0, 2.0, 2.1, or 3.0, 3.1.1. If you do not specify a version, the client and server negotiate a protocol version at mount time. The client and server usually select the latest available version. 3.1.1 is supported as of [v3.2.0 smb-volume-release](https://github.com/cloudfoundry/smb-volume-release/releases/tag/v3.2.0).
@@ -476,13 +469,13 @@ To deploy and bind a sample app:
cd ~/workspace
```
```console
- git clone https://github.com/cloudfoundry/persi-acceptance-tests.git
+ git clone https://github.com/cloudfoundry/cf-acceptance-tests.git
```
-1. Change into the `persi-acceptance-tests/assets/pora/` directory:
+1. Change into the `cf-acceptance-tests/assets/pora/` directory:
```console
- cd ~/workspace/persi-acceptance-tests/assets/pora
+ cd ~/workspace/cf-acceptance-tests/assets/pora
```
1. Push the `pora` test app. Run:
diff --git a/services/application-binding.html.md.erb b/services/application-binding.html.md.erb
index 362f1556..182b4bfc 100644
--- a/services/application-binding.html.md.erb
+++ b/services/application-binding.html.md.erb
@@ -9,7 +9,9 @@ You can bind your apps to service instances for the purpose of generating creden
## Bind a service instance
-Binding a service instance to your app triggers credentials to be provisioned for the service instance and delivered to the app runtime in the [VCAP_SERVICES](../deploy-apps/environment-variable.html) environment variable. For details about consuming these credentials with your app, see [Using bound service instances](#use).
+Binding a service instance to your app triggers credentials to be provisioned for the service instance and delivered to the app runtime. CloudFoundry offers 3 different methods to deliver those credentials to the app.
+
+For details about the different delivery methods and consumption of these credentials with your app, see [Credential Delivery Methods](#credential-delivery-methods).
Not all services support binding, as some services deliver value to users directly without integration with an app. In many cases, binding credentials are unique to an app, and another app bound to the same service instance receives different credentials, but this depends on the service.
@@ -23,9 +25,147 @@ $ cf restart my-app
-Important
You must restart or in some cases re-push your app for changes to be applied to the VCAP_SERVICES environment variable and for the app to recognize these changes.
+### Credential Delivery Methods
+
+After your service instance is created and bound to your app, the credentials, along with some metadata, are available in the app container and can be consumed by your app.
+There are three delivery methods, which are mutually exclusive. The developer can choose which one to use and then must adjust the consumption in the app accordingly.
+For details about consuming credentials specific to your development framework, see the Service Binding section in the documentation for your framework's [buildpack](../../buildpacks/index.html).
+
+
+If the application is unable to consume the credentials through the selected delivery method, it may cause downtime for the application. This is because the application won't be able to connect to the services it is bound to.
+
+
+
+#### Default VCAP_SERVICES environment variable
+
+By default, credentials and additional metadata for all bound service instances are stored in the VCAP_SERVICES environment variable.
+
+There are two methods developers can use to have their apps consume binding credentials.
+
+* **Parse the JSON yourself:** See the documentation for [VCAP_SERVICES](../deploy-apps/environment-variable.html#VCAP-SERVICES). Helper libraries are available for some frameworks.
+* **Auto-configuration:** Some buildpacks create a service connection for you by creating additional environment variables, updating config files, or passing system parameters to the JVM.
+
+For checking the binding data manually app developers can use `cf env`. See [View Env](../deploy-apps/environment-variable.html#view-env).
+
+
+The maximum size of content of the VCAP_SERVICES environment variable is 130 KB. If you want to bind more services to the app or the services you want to bind provide lots of data, you can use one of the other methods.
+
+#### File-based VCAP services (experimental)
+
+This delivery method is used when the app feature [file-based-vcap-services](https://v3-apidocs.cloudfoundry.org/index.html#app-features) is enabled.
+The environment variable [VCAP_SERVICES_FILE_PATH](../deploy-apps/environment-variable.html#VCAP-SERVICES-FILE-PATH) will be made available in the app container and contains the path to a file containing the same content as the VCAP_SERVICES environment variable above.
+
+The binding data can be viewed like this:
+
+```
+cf ssh -c 'cat $VCAP_SERVICES_FILE_PATH'
+```
+
+
+The vcap_services file content cannot exceed 1 MB, otherwise an IncompatibleBindings error is raised.
+
+#### Service Binding K8s (experimental)
+
+This delivery method is used when the app feature [service-binding-k8s](https://v3-apidocs.cloudfoundry.org/index.html#app-features) is enabled.
+The environment variable [SERVICE_BINDING_ROOT](../deploy-apps/environment-variable.html#SERVICE-BINDING-ROOT) is made available in the app container. It contains the path to the root folder of a file structure containing binding information.
+This method is fully compatible with the specification on [servicebinding.io](https://servicebinding.io/), which is used by Kubernetes as well.
+
+The binding data can be viewed like this:
+
+```
+cf ssh -c 'find $SERVICE_BINDING_ROOT -type f -exec bash -c "echo {}: \$(cat {})" \;'
+```
+
+
+The bytesize of all files and their content combined cannot exceed 1 MB, otherwise an IncompatibleBindings error is raised.
+
+Here are some examples outlining the transformation of VCAP_SERVICES to the file structure:
+
+Nested structures inside their value will be serialized as JSON objects. The same applies if the value is a list.
+
+```
+VCAP_SERVICES= {
+ "foo": [
+ {
+ "name": "foo",
+ "credentials": {
+ "simple": "value",
+ "deeply": {
+ "nested": "value"
+ },
+ "list": ["v", "a", "l", "u", "e"]
+ }
+ }
+ ]
+}
+
+Service Binding Files:
+ foo/name: foo
+ foo/simple: value
+ foo/deeply: {"nested":"value"}
+ foo/list: ["v","a","l","u","e"]
+```
+
+Existing credential keys can be overwritten by other attributes -- [VCAP_SERVICES](../deploy-apps/environment-variable.html#VCAP-SERVICES) attributes plus type and provider. The full list of reserved file names is: binding-guid, binding-name, instance-guid, instance-name, name, label, tags, plan, syslog-drain-url, volume-mounts, type, and provider. Overwriting an existing key does not result in an error.
+
+```
+VCAP_SERVICES= {
+ "foo": [
+ {
+ "name": "foo",
+ "credentials": {
+ "name": "user",
+ "secret": "password"
+ }
+ }
+ ]
+}
+
+Service Binding Files:
+ foo/name: foo
+ foo/secret: password
+```
+
+Empty lists or null values are omitted; that is, no file will be created.
+
+```
+VCAP_SERVICES= {
+ "foo": [
+ {
+ "name": "foo",
+ "binding_guid": "45436ca8-0a7c-45e3-9439-ca1b44db7a2b",
+ "syslog_drain_url": null,
+ "volume_mounts": []
+ }
+ ]
+}
+
+Service Binding Files:
+ foo/name: foo
+ foo/binding-guid: 45436ca8-0a7c-45e3-9439-ca1b44db7a2b
+```
+
+Binding names and keys resulting in filenames must match [a-z0-9\-.]{1,253}. Invalid binding names and keys result in IncompatibleBindings error. VCAP_SERVICES attributes are transformed to comply with this schema; that is, underscores are replaced by hyphens, so that, for example, `VCAP_SERVICES attribute binding_guid` becomes file name `binding-guid`.
+
+```
+VCAP_SERVICES= {
+ "foo": [
+ {
+ "name": "foo",
+ "binding_guid": "45436ca8-0a7c-45e3-9439-ca1b44db7a2b",
+ "instance_guid": "83745ca8-0a7c-45e3-9439-ca1b44db7a2b"
+ }
+ ]
+}
+
+Service Binding Files:
+ foo/name: foo
+ foo/binding-guid: 45436ca8-0a7c-45e3-9439-ca1b44db7a2b
+ foo/instance-guid: 83745ca8-0a7c-45e3-9439-ca1b44db7a2b
+```
+
### Arbitrary parameters
Some services support additional configuration parameters with the bind request. These parameters are passed in a valid JSON object containing service-specific configuration parameters, provided either in-line or in a file. For a list of supported configuration parameters, see documentation for the particular service offering.
@@ -91,7 +231,7 @@ OK
The provided name is available in the `name` and `binding_name` properties in the [VCAP_SERVICES](../deploy-apps/environment-variable.html) environment variable:
-~~~
+```
"VCAP_SERVICES": {
"service-name": [
{
@@ -101,16 +241,7 @@ The provided name is available in the `name` and `binding_name` properties in th
}
]
}
-~~~
-
-### Using bound service instances
-
-After your service instance is created and bound to your app, you must configure the app to dynamically fetch the credentials for your service instance. The [VCAP_SERVICES](../deploy-apps/environment-variable.html#VCAP-SERVICES) environment variable contains credentials and additional metadata for all bound service instances. There are two methods developers can use to have their apps consume binding credentials.
-
-* **Parse the JSON yourself:** See the documentation for [VCAP_SERVICES](../deploy-apps/environment-variable.html#VCAP-SERVICES). Helper libraries are available for some frameworks.
-* **Auto-configuration:** Some buildpacks create a service connection for you by creating additional environment variables, updating config files, or passing system parameters to the JVM.
-
-For details about consuming credentials specific to your development framework, see the Service Binding section in the documentation for your framework's [buildpack](../../buildpacks/index.html).
+```
## Update service credentials
@@ -177,5 +308,4 @@ OK
-Important
You must restart or in some cases re-push your app for changes to be applied to the VCAP_SERVICES environment variable and for the app to recognize these changes.
diff --git a/services/fluentd.html.md.erb b/services/fluentd.html.md.erb
index a76a5b64..4be4faf1 100644
--- a/services/fluentd.html.md.erb
+++ b/services/fluentd.html.md.erb
@@ -58,7 +58,6 @@ To set up Fluentd for Cloud Foundry, configure the syslog input of Fluentd as fo
2. Restart the Fluentd service.
-Important
The Fluentd syslog input plug-in supports tls and tcp options. You must use the same transport that Cloud Foundry is using.
Fluentd starts listening for syslog message on port 8080 and tagging the messages with `cf.app`, which can be used later for data routing. For more details about the full setup for the service, see [Config File](https://docs.fluentd.org/configuration/config-file).
diff --git a/services/index.html.md.erb b/services/index.html.md.erb
index e49f9f24..78802800 100644
--- a/services/index.html.md.erb
+++ b/services/index.html.md.erb
@@ -13,7 +13,6 @@ Cloud Foundry offers a Marketplace of services, from which users can provision r
For more information about provisioning service instances and other life cycle operations, see [Managing service instances](./managing-services.html).
-Note
For a service to be available in the Marketplace, it must be integrated with Cloud Foundry by way of APIs. <%= vars.custom_services %>
### User-provided service instances
@@ -38,7 +37,6 @@ Credentials managed manually are known as service keys. Use service keys when yo
For more information about creating a user-provided service instance with service keys, see [User-provided service instances](./user-provided.html). For more information about service keys, see [Managing service keys](./service-keys.html).
-Important
Not all services support service keys. Some services support credentials through app binding only.
@@ -71,7 +69,6 @@ If your app relies on a relational database, you must apply schema changes perio
For more information about running cf CLI tasks, see [Running tasks in your apps](../using-tasks.html).
-Important
To run tasks with the cf CLI, you must install cf CLI v6.23.0 or later. The current supported version is cf CLI v8. For information about downloading, installing, and uninstalling the cf CLI, see the Installing the cf CLI.
To do a database schema migration with cf CLI:
@@ -82,7 +79,6 @@ To do a database schema migration with cf CLI:
Where `APP-NAME` is the name of the app.
- Note
To run a task without starting the app, push the app with cf push -i 0 and then run the task. You can run the app later by scaling up its instance count.
1. Do a database schema migration as a task on the app:
diff --git a/services/log-management.html.md.erb b/services/log-management.html.md.erb
index 4232e6a7..451b3b8e 100644
--- a/services/log-management.html.md.erb
+++ b/services/log-management.html.md.erb
@@ -68,7 +68,7 @@ You can create a syslog drain service and bind apps to it using Cloud Foundry Co
SYSLOG-DRAIN-URL is the syslog URL from Step 1: Configure the Log Management Service.
- By default, the syslog agent forwards only application logs to a syslog server. To have the application [container metrics](../../loggregator/container-metrics.html) like CPU, memory, or disk usage forwarded as well, use the `drain-data` parameter to specify if only logs (default), only container metrics, only traces ([timers](https://github.com/cloudfoundry/loggregator-api/blob/master/README.md#timer) from the Loggregator v2 API specification), or all of them are forwarded by the syslog drain. Add the `drain-data` parameter to the `SYSLOG-DRAIN-URL`.
+ By default, the Syslog Agent forwards only application logs to a syslog server. To have the application [container metrics](../../loggregator/container-metrics.html) like CPU, memory, or disk usage forwarded as well, use the `drain-data` parameter to specify if only logs (default), only container metrics, only traces ([timers](https://github.com/cloudfoundry/loggregator-api/blob/master/README.md#timer) from the Loggregator v2 API specification), or all of them are forwarded by the syslog drain. Add the `drain-data` parameter to the `SYSLOG-DRAIN-URL`.
$ cf create-user-provided-service DRAIN-NAME -l SYSLOG-URL?drain-data=DRAIN-DATA-VALUE
@@ -101,7 +101,7 @@ You can create a syslog drain service and bind apps to it using Cloud Foundry Co
If you are using the mTLS feature delivered in [CAPI release 1.143.0](https://github.com/cloudfoundry/capi-release/releases/tag/1.143.0), you can use the `-p` flag to define the client certificate and key as credentials, filling in values as follows.
- $ cf create-user-provided-service DRAIN-NAME -l SYSLOG-URL -p '{"cert":"-----BEGIN CERTIFICATE-----\nMIIH...-----END CERTIFICATE-----","key":"-----BEGIN PRIVATE KEY-----\nMIIE...-----END PRIVATE KEY-----"}
+ $ cf create-user-provided-service DRAIN-NAME -l SYSLOG-URL -p '{"cert":"-----BEGIN CERTIFICATE-----\nMIIH...-----END CERTIFICATE-----","key":"-----BEGIN PRIVATE KEY-----\nMIIE...-----END PRIVATE KEY-----"}'
If your certs include the V3 extension `X509v3 Extended Key Usage`, ensure that you are using the right key policies. For TLS, you need server authentication, and for mTLS, you also need client authentication. For example, TLS Web Server Authentication for TLS with TLS Web Client Authentication for mTLS is defined as follows:
@@ -121,12 +121,29 @@ You can create a syslog drain service and bind apps to it using Cloud Foundry Co
A combination of the approaches described earlier uses a certificate authority for a server certificate signed by your private ca and a client certificate and key.
- $ cf create-user-provided-service DRAIN-NAME -l SYSLOG-URL -p '{"ca":"-----BEGIN CERTIFICATE-----\nMIIH...-----END CERTIFICATE-----", "cert":"-----BEGIN CERTIFICATE-----\nMIIH...-----END CERTIFICATE-----","key":"-----BEGIN PRIVATE KEY-----\nMIIE...-----END PRIVATE KEY-----"}
+ $ cf create-user-provided-service DRAIN-NAME -l SYSLOG-URL -p '{"ca":"-----BEGIN CERTIFICATE-----\nMIIH...-----END CERTIFICATE-----", "cert":"-----BEGIN CERTIFICATE-----\nMIIH...-----END CERTIFICATE-----","key":"-----BEGIN PRIVATE KEY-----\nMIIE...-----END PRIVATE KEY-----"}'
+ When setting up your syslog drain, it is important to choose the correct scheme for your SYSLOG-URL:
+
+ - Use the syslog-tls scheme for endpoints that require TLS or mTLS.
+ - Use the syslog scheme for endpoints that do not require TLS.
+ - Use the https scheme when shipping logs to an HTTPS endpoint.
+
+
+ If you need to use TLS or mTLS, ensure that you provide the necessary CA certificate. Additionally to the CA certificate for mTLS configuration, both the client certificate and the key must be provided.
+
+ Ensure that certificates and keys are PEM-encoded as specified in RFC-1422. They should be provided as string values, with new lines represented by the `\n` character, and must not have trailing new lines. You can convert a PEM-encoded certificate string to a processable format using the following command:
+
+
+ $ awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' cert.pem | sed 's/\\n$//' | tr -d '\n'
+
+
+ The `cf create-user-provided-service` command accepts any JSON payload without validating the certificates or credentials while creating the syslog drain. There is no error message for wrong certificates or credentials in the cf CLI; you can only validate in your target log service if your syslog drain was configured correctly. To troubleshoot your certificates, you can use the openssl command line tool.
+
For more information, see [User-provided service instances](./user-provided.html).
-2. To bind an app to the service instance, do one of these:
+1. To bind an app to the service instance, do one of these:
* Run `cf push` with a manifest. The services block in the manifest must specify the service instance that you want to bind.
* Run `cf bind-service`:
diff --git a/services/managing-services.html.md.erb b/services/managing-services.html.md.erb
index 765c5c9c..83b01300 100644
--- a/services/managing-services.html.md.erb
+++ b/services/managing-services.html.md.erb
@@ -82,7 +82,7 @@ OK
### Instance tags
_Instance tags require cf CLI v6.12.1+_
-Some services provide a list of tags that Cloud Foundry delivers in the [VCAP_SERVICES environment variable](../deploy-apps/environment-variable.html#VCAP-SERVICES). These tags provide developers with a more generic way for apps to parse `VCAP_SERVICES` for credentials. Developers might provide their own tags when creating a service instance by including the `-t` flag followed by a comma-separated list of tags.
+Some services provide a list of tags that Cloud Foundry delivers to the app when the service is bound. These are included in the [VCAP_SERVICES environment variable](../deploy-apps/environment-variable.html#VCAP-SERVICES) or the file system, depending on the chosen [Credential Delivery Method](./application-binding.html#credential-delivery-methods). These tags provide developers with a more generic way for apps to parse the service binding data for credentials. Developers might provide their own tags when creating a service instance by including the `-t` flag followed by a comma-separated list of tags.
Example providing a comma-separated list of tags:
@@ -151,7 +151,7 @@ Not all services support binding, as some services deliver value to users direct
Depending on the service, binding a service instance to your app might deliver credentials for the service instance to the app. See [Delivering service credentials to an app](application-binding.html) for more information.
Binding a service instance to an app can trigger app logs to be streamed to the service instance. See [Streaming app logs to log management services](log-management.html).
-You must restart, or in some cases, re-push your app for changes to be applied to the VCAP_SERVICES environment variable and for the app to recognize these changes.
+You must restart, or in some cases re-push, your app so that new or changed binding data is delivered in the VCAP_SERVICES environment variable or the file system, depending on the chosen [Credential Delivery Method](./application-binding.html#credential-delivery-methods).
$ cf bind-service my-app mydb
@@ -222,9 +222,9 @@ Binding service my-db to app rails-sample in org console / space development as
### Unbind a service instance from an app
-Unbinding a service instance from an app removes the credentials created for your app from the [VCAP_SERVICES](../deploy-apps/environment-variable.html) environment variable.
+Unbinding a service instance from an app removes the credentials from the VCAP_SERVICES environment variable or the file system, depending on the chosen [Credential Delivery Method](./application-binding.html#credential-delivery-methods).
-You must restart or in some cases re-push your app for changes to be applied to the VCAP_SERVICES environment variable and for the app to recognize these changes.
+You must restart, or in some cases re-push, your app for changes to be applied.
$ cf unbind-service my-app mydb
@@ -252,7 +252,7 @@ OK
## Rename a service instance
-You can change the name given to a service instance. Upon restarting any bound apps, the name of the instance changes in the [VCAP_SERVICES](../deploy-apps/environment-variable.html) environment variable. If your app depends on the instance name for discovering credentials, changing the name might break your app's use of the service instance.
+You can change the name given to a service instance. Upon restarting any bound apps, the name of the instance changes in the [VCAP_SERVICES](../deploy-apps/environment-variable.html) environment variable or the file system depending on the chosen [Credential Delivery Method](./application-binding.html#credential-delivery-methods). If your app depends on the instance name for discovering credentials, changing the name might break your app's use of the service instance.
$ cf rename-service mydb mydb1
@@ -294,8 +294,6 @@ Updating service instance mydb as user@example.com...
### Instance tags
_Instance tags require cf CLI v6.12.1+_
-Some services provide a list of tags that Cloud Foundry delivers in the [VCAP_SERVICES environment variable](../deploy-apps/environment-variable.html#VCAP-SERVICES). These tags provide developers with a more generic way for apps to parse `VCAP_SERVICES` for credentials. Developers can provide their own tags when creating a service instance by including a comma-separated list of tags with the `-t` flag.
-
$ cf update-service my-db -t "staging, web"
@@ -306,7 +304,6 @@ OK
## Upgrade a service instance
-Important
Upgrading a Service instance requires at least cf CLI v6.46.0+ and CAPI release 1.83.0+.
diff --git a/services/route-binding.html.md.erb b/services/route-binding.html.md.erb
index 2f2fc64a..3a8279d2 100644
--- a/services/route-binding.html.md.erb
+++ b/services/route-binding.html.md.erb
@@ -22,10 +22,9 @@ To view an example demonstrating the use of a sample route service, see [Route S
You must install the Cloud Foundry Command Line Interface (cf CLI) to bind a route to a service instance. For more information, see [Installing the cf CLI](../../cf-cli/install-go-cli.html).
-Important
Gorouter rejects WebSocket requests for routes that are bound to route services. These requests return a 503 error and a X-Cf-Routererror route_service_unsupported header.
-Run [cf bind-route-service](http://cli.cloudfoundry.org/en-US/cf/bind-route-service.html) to bind a route from an app to a service instance.
+Run `cf bind-route-service` to bind a route from an app to a service instance.
The following example binds the route from `my-app.<%=vars.app_domain%>` to the service instance `my-route-service`.
@@ -37,7 +36,6 @@ OK
-Caution
When binding a service instance to a route, Cloud Foundry might have proxy requests for the route to the service instance, or configure a network component already in the request path.
### Bind with parameters
@@ -66,7 +64,7 @@ OK
You must install the Cloud Foundry Command Line Interface (cf CLI) to bind a route to a service instance. For more information, see [Installing the cf CLI](../../cf-cli/install-go-cli.html).
-Run the [cf unbind-route-service](http://cli.cloudfoundry.org/en-US/cf/unbind-route-service.html) command to unbind a route from an app to a service instance.
+Run the `cf unbind-route-service` command to unbind a route from an app to a service instance.
This example removes the route from `my-app.<%=vars.app_domain%>` to the service instance `my-route-service`.
diff --git a/services/service-keys.html.md.erb b/services/service-keys.html.md.erb
index fd41c5bd..afb17ecc 100644
--- a/services/service-keys.html.md.erb
+++ b/services/service-keys.html.md.erb
@@ -10,7 +10,6 @@ Here are instructions for managing service instance credentials (binding credent
Service keys generate credentials for manually configuring consumers of Marketplace services. After you configure them for your service, local clients, apps in other spaces, or entities outside your deployment can access your service with these keys.
-Important
Some service brokers do not support service keys. To build a service broker that supports service keys, see Services. To use a service broker that does not support service keys, see Delivering service credentials to an app.
## Create a service key
diff --git a/services/sharing-instances.html.md.erb b/services/sharing-instances.html.md.erb
index 45ce8165..7d01e26d 100644
--- a/services/sharing-instances.html.md.erb
+++ b/services/sharing-instances.html.md.erb
@@ -146,7 +146,6 @@ In this case, no information about other spaces is exposed.
## Unsharing a service instance
-Caution
Unsharing a service instance deletes all bindings to apps in the spaces it was shared into. This might cause apps to fail. Before unsharing a service instance, run the cf service SERVICE-INSTANCE command to find out how many bindings exist in the spaces the service instance is shared into.
You can unshare a service instance if you have the Space Developer role in the
@@ -201,7 +200,6 @@ If a service binding is not deleted, the script continues trying to unshare subs
To use this script, you must be logged in as an administrator and have jq installed.
-Caution
This script was tested on macOS Sierra 10.12.4 and Ubuntu 14.04.5. Use the script at your own risk.
```
diff --git a/services/user-provided.html.md.erb b/services/user-provided.html.md.erb
index 1cece067..050538d7 100644
--- a/services/user-provided.html.md.erb
+++ b/services/user-provided.html.md.erb
@@ -15,13 +15,13 @@ After creation, user-provided service instances behave like service instances cr
## Create a user-provided service instance
-The alias for [cf create-user-provided-service](http://cli.cloudfoundry.org/en-US/cf/create-user-provided-service.html) is `cf cups`.
+The alias for the `cf create-user-provided-service` command is `cf cups`.
### Deliver service credentials to an app
Suppose a developer obtains a URL, port, user name, and password for communicating with an Oracle database managed outside of Cloud Foundry. The developer can manually create custom environment variables to configure their app with these credentials (of course you never hard code these credentials in your app!).
-User-provided service instances allow developers to configure their apps with these using the familiar [App binding](application-binding.html) operation and the same app runtime environment variable used by Cloud Foundry to deliver credentials for Marketplace services ([VCAP_SERVICES](../deploy-apps/environment-variable.html#VCAP-SERVICES)).
+User-provided service instances allow developers to inject credentials into the app container using the familiar [App binding](application-binding.html) operation and the same [Credential Delivery Methods](./application-binding.html#credential-delivery-methods) used by Cloud Foundry to deliver credentials for Marketplace services.
cf cups SERVICE_INSTANCE -p '{"username":"admin","password":"pa55woRD"}'
@@ -47,7 +47,6 @@ After creating the user-provided service instance, to deliver the credentials to
User-provided service instances allow developers to stream app logs to a syslog compatible aggregation or analytics service that isn't available in the Marketplace. For more information about the syslog protocol see [RFC 5424](http://tools.ietf.org/html/rfc5424) and [RFC 6587](http://tools.ietf.org/html/rfc6587).
-Important
RFC-5424 is used to establish connections over HTTP/HTTPS. RFC-6587 is used for TCP based communication over syslog/syslog-tls drains.
@@ -70,7 +69,6 @@ OK
-Important
When creating the user-provided service, the route service URL you specify must be "https."
@@ -79,12 +77,11 @@ For more information, see [Managing app requests with route services](./route-bi
## Update a user-provided service instance
-You can use [cf update-user-provided-service](http://cli.cloudfoundry.org/en-US/cf/update-user-provided-service.html) to update the attributes of an instance of a user-provided service. New credentials overwrite old credentials, and parameters that are not provided are deleted.
+You can use `cf update-user-provided-service` to update the attributes of an instance of a user-provided service. New credentials overwrite old credentials, and parameters that are not provided are deleted.
The alias for `update-user-provided-service` is `uups`. Bound apps can access the new configuration after restart.
You can use rolling restarts to avoid any app downtime.
For more information, see [Restart an app](../deploy-apps/rolling-deploy.html#restart) in _Rolling App Deployments_.
-Caution
If you are rotating credentials, the old credentials must be active until the restart is finished.
diff --git a/sidecars.html.md.erb b/sidecars.html.md.erb
index dd1a79d4..fad6fe77 100644
--- a/sidecars.html.md.erb
+++ b/sidecars.html.md.erb
@@ -9,7 +9,6 @@ are called sidecar processes, or sidecars. An example of a sidecar is an Applica
Monitoring (APM) tool.
-Important
The cf CLI v6 commands described in this topic are unsupported, but are supported in cf CLI v7. The latest supported cf CLI release is cf CLI v8. To upgrade to cf CLI v7, see Upgrading to cf CLI v7. To upgrade to cf CLI v8, see Upgrading to cf CLI v8.
<%= vars.capi_sidecar_req %>
@@ -188,7 +187,6 @@ To push an app with a sidecar:
You can explore sidecars using the app in the [capi-sidecar-samples](https://github.com/cloudfoundry-samples/capi-sidecar-samples) repository on GitHub. The following sections describe the app, how to build and push the app, and some ways to observe the app and its processes after pushing.
-Important
In this tutorial, you are pushing the Ruby sample app. You can also follow this tutorial for a Java app using the sidecar-dependent-java-app and push_java_app_with_binary_sidecar.sh in the samples repository. When pushing a Java app, follow the requirements listed in Requirements for Java apps.
### About the sample app
@@ -255,9 +253,13 @@ To push the app and sidecar:
cf push sidecar-dependent-app
```
-After you push the app, you can further explore it in [View the processes running in the container](#view-processes) and [View the web URL and app logs](#view-logs).
+After you push the app, you can further explore it as described in the sections below:
-### View the processes running in the container
+- [View processes running in the app container via SSH](#view-processes-ssh)
+- [View the web URL and app logs via SSH](#view-logs)
+- [View and debug processes running in the app container via HTTP](#debug-processes-http)
+
+### View processes running in the app container via SSH
To view the app and sidecar process running in the container:
@@ -300,7 +302,7 @@ To view the app and sidecar process running in the container:
ruby 13 vcap 11u IPv4 17274965 0t0 TCP localhost:42266->localhost:8082 (ESTABLISHED)
-### View the web URL and app logs
+### View the web URL and app logs via SSH
To view the web URL and logs for the app:
@@ -338,3 +340,124 @@ To view the web URL and logs for the app:
"crash_count"=>1, "crash_timestamp"=>1555544935367052708,
"version"=>"50892dcb-274d-4cf6-b944-3eda1e000283"}
+
+### View and debug processes running in the app container via HTTP
+
+Sidecars can be used to collect debug information (e.g. thread dumps) from
+another process running in the same container. This is especially useful if you
+want to debug a running process using an HTTP request, for instance if you do
+not have ssh access to the application container.
+
+This is an example of a simple routable debug sidecar for java applications,
+but the same concept can be adapted to more advanced debug tooling and other
+languages or frameworks.
+
+#### Prerequisites
+
+Before you begin, you must have:
+
+* A java app with [a manifest](./deploy-apps/manifest.html) that is ready to be
+pushed. For example, the [java sample
+app](https://github.com/cloudfoundry/cf-acceptance-tests/tree/main/assets/java)
+from CF Acceptance Tests.
+
+* A route to map to the debug sidecar
+
+#### Procedure
+
+To add a debug sidecar to the java app:
+
+1. Create a sidecar that responds to HTTP requests and calls `kill -3` on the
+java process. When a java process receives the resulting SIGQUIT signal, it
+will print a thread dump to STDOUT. For an example, see the
+[java_debug_sidecar](https://github.com/Gerg/java-debug-buildpack/blob/main/java_debug_sidecar.go)
+on GitHub.
+
+1. Place the sidecar binary in the root directory of your java app
+
+1. Add the following to your app manifest:
+
+ ```
+ sidecars:
+ - name: debug-sidecar
+ process_types: [ 'web' ]
+ command: START-COMMAND
+ memory: 256MB
+ ```
+
+ Where `START-COMMAND` is the command used to start the sidecar. For the above
+ example sidecar, `./java_debug_sidecar`.
+
+1. Push the java application. For example:
+
+ ```
+ cf push APP-NAME -f manifest.yml -m 1G
+ ```
+
+ Where `APP-NAME` is the name of your app.
+
+1. Map a route to the sidecar process's port. For detailed steps, see
+[Configuring Cloud Foundry to route traffic to apps on custom ports](./custom-ports.html).
+
+ ```
+ cf curl -X PATCH /v3/routes/ROUTE-GUID/destinations -d '{
+ "destinations": [
+ {
+ "app": {
+ "guid": "APP-GUID",
+ "process": {
+ "type": "web"
+ }
+ },
+ "port": PORT,
+ "protocol": "http1"
+ }
+ ]
+ }'
+ ```
+
+ Where:
+
+ APP-GUID is the GUID of your app.ROUTE-GUID is the GUID of the route to map to the sidecar.PORT is a custom port on which your app is configured to
+ receive requests. This is 8081 for the above example.
+
+1. Restart the app to complete the port mapping
+
+ ```
+ cf restart APP_NAME
+ ```
+
+ Where `APP-NAME` is the name of your app.
+
+1. Tail the app logs:
+
+ ```
+ cf logs APP_NAME
+ ```
+
+ Where `APP-NAME` is the name of your app.
+
+1. In another terminal, make a HTTP request to the sidecar, to trigger the
+thread dump. For example:
+
+ ```
+ curl https://debug-sidecar.example.com/threaddump
+ ```
+
+1. Observe the thread dump in the app logs
+
+### Next Steps
+
+Now that you have a simple debugging sidecar working, here are some ideas for
+next steps:
+
+* Use more sophisticated debugging tools
+* Return the debug information in the HTTP response, rather than logging to STDOUT
+* Inject the debug sidecar via a [Sidecar
+buildpacks](../buildpacks/sidecar-buildpacks.html). For example:
+[java-debug-buildpack](https://github.com/Gerg/java-debug-buildpack) on GitHub.
+* Add authentication for the debug sidecar's HTTP route, for instance using an
+authentication [Route Service](../services/route-services.html).
diff --git a/using-tasks.html.md.erb b/using-tasks.html.md.erb
index 363c0427..486469dc 100644
--- a/using-tasks.html.md.erb
+++ b/using-tasks.html.md.erb
@@ -49,7 +49,6 @@ The life cycle of a task is as follows:
The container also inherits environment variables, service bindings, and security groups bound to the app.
-Note
You cannot SSH into the container running a task.
### Task logging and execution history
@@ -65,8 +64,8 @@ more information, see the [Cloud Foundry API documentation](http://v3-apidocs.cl
Admins can set the default memory, disk usage and log rate quotas for tasks on a global level.
-Tasks use the same memory, disk usage, and log rate limit defaults as apps, unless you customize them using the `cf run-task` command. For more information
-about the `cf run-task` command, see the [Cloud Foundry CLI reference guide](https://cli.cloudfoundry.org/en-US/v8/run-task.html).
+Tasks use the same memory, disk usage, and log rate limit defaults as apps, unless you customize them using the `cf run-task` command.
+For more information about the `cf run-task` command, enter `cf help run-task`.
<% if vars.platform_code == 'PCF' %>
<%= partial "/pcf/core/tasks_rec_alloc_pcf" %>
@@ -80,7 +79,6 @@ about the `cf run-task` command, see the [Cloud Foundry CLI reference guide](htt
You can use the Cloud Foundry Command Line Interface (cf CLI) to run a task in the context of an app.
-
Important
- To run tasks with the cf CLI, you must install cf CLI v6.23.0 or later, or install cf CLI v7 or v8. To download, install, and uninstall the cf CLI, see Installing the Cloud Foundry Command Line Interface.
- To run a task using cf CLI v6 without starting the app, push the app with
cf push -i 0 and then run the task. You can run the app later by scaling up its instance count.
@@ -125,7 +123,6 @@ To run a task on an app with cf CLI v6:
- Note
To run a task again, you must run it as a new task using the previous command.
1. To display the recent logs of the app and all its tasks, run:
@@ -187,7 +184,6 @@ To run a task on an app with cf CLI v7:
- Important
cf run-task allows you to include the --process and --command flags. Including the --command flag overrides the manifest property.
The following example command runs a task on the `example-app` app:
@@ -210,6 +206,42 @@ To run a task on an app with cf CLI v7:
```
Where `APP-NAME` is the name of your app.
+##
Get a task for an app
+
+To get a task for a given app:
+
+1. In a terminal window, run:
+
+ ```
+ cf task APP-NAME TASK-ID
+ ```
+
+ Where `APP-NAME` is the name of your app and `TASK-ID` is the ID of the task you want to get.
+
+ The command returns output similar to the following example:
+
+
+ Getting task 4 for app static in org org-1 / space space-1 as admin...
+
+ id: 4
+ name: 125c884d
+ state: FAILED
+ start time: 2024-11-22T17:41:19Z
+ command: custom_command
+ memory in mb: 256
+ disk in mb: 1024
+ log rate limit: -1
+ failure reason: APP/TASK/125c884d: Exited with status 127
+
+
+Tasks can be in the states shown in the following table:
+
+| State | Description |
+| ----- | ----------- |
+| `RUNNING` | The task is in progress. |
+| `FAILED` | The task did not complete. This state occurs when a task does not work correctly or a user cancels the task. |
+| `SUCCEEDED` | The task completed successfully. |
+
##
List tasks running on an app