Cloud Foundry Diego (BOSH release)

This repository is a BOSH release for deploying Diego and associated tasks for testing a Diego deployment. Diego is the new container runtime system for Cloud Foundry, replacing the DEAs and Health Manager.

This release depends on external services such as a relational database (either MySQL or Postgres) for data storage and Consul or BOSH DNS for inter-component service discovery. It also integrates with NATS to register routes to applications and Loggregator to emit application logs and Diego component metrics. In practice, these dependencies typically come from cf-deployment.

The Diego Design Notes present an overview of Diego, and links to the various Diego components.

Table of Contents

1. Diego Operator Resources
   1. Deploying Diego-Backed Cloud Foundry
   2. Deployment Examples
   3. Deployment Requirements and Constraints
   4. Configuration at Scale
   5. Security Configuration
   6. Data Store Configuration
   7. Component Coordination
   8. Monitoring and Inspection
2. CF App Developer Resources
3. Diego Contributor Resources

Diego Operator Resources

Deploying Diego-Backed Cloud Foundry

Diego is typically deployed as part of a Cloud Foundry Application Runtime deployment to serve as its container runtime. The cf-deployment repository contains the latest recommended way to use BOSH to deploy a Cloud Foundry cluster to infrastructure platforms such as AWS, GCP, and Azure.

• Release Compatibility illustrates how to select versions of CF and other BOSH releases to deploy alongside Diego.

Deployment Examples

Deploying to BOSH-Lite

• Create a BOSH-Lite VM using either the v2 BOSH CLI or bosh-bootloader. Note that to create a BOSH-Lite VM in your local VirtualBox, you must use the BOSH CLI.
• Follow the instructions in CF-Deployment to deploy CF to the BOSH-Lite VM.

Deployment Requirements and Constraints

• Required Dependency Versions details the minimum versions of the BOSH director, stemcell, and dependency releases required to deploy Diego correctly.
• Deployment Constraints describes the dependencies that must be deployed before deploying the Diego cluster and restrictions on Diego instance update order and rates to ensure correct cluster operation.
• Deprecations lists deprecated BOSH job properties, component metrics, and endpoints and fields for Diego component APIs.

Configuration at Scale

• Component Scaling & Performance Tuning describes recommendations and considerations on how to scale Diego components and their dependencies effectively.

Security Configuration

• TLS Configuration describes how to generate TLS certificates for secure communication amongst the Diego and greater CF components.
• Enabling Instance Identity explains how to enable the Diego cell reps to provide per-instance identity credentials.
• Envoy Proxy Configuration explains how to enable the per-instance Envoy proxy to support improved route integrity, as well as some guidelines for operators to account for its additional memory overhead.

Data Store Configuration

• Supported Data Stores for Diego describes how to configure Diego to use SQL for its data store.
• Data Store Encryption explains how to manage the ring of encryption keys that Diego uses to secure data at rest.

Component Coordination

• Migrating from Consul to SQL Locks explains how to migrate the BBS and auctioneer from coordinating around a lock in Consul to coordinating around one stored in the Diego relational database.

Monitoring and Inspection

• Diego Metrics lists the various component metrics that Diego emits through the Loggregator system.
• Container Metrics lists the various container metrics that Diego emits through the Loggregator system.
• cfdot Setup shows how to set up the cfdot CF Diego Operator Tool CLI for use in inspecting and interacting with a Diego deployment.
• Logging format shows how to configure the logging format for Diego components.

CF App Developer Resources

• Migrating to Diego describes how developers can switch from the DEAs to Diego and details various operational differences between the DEAs and Diego.
• The Docker Support Notes describe how Diego runs Docker-image-based apps in Cloud Foundry.

Diego Contributor Resources

• The Contribution Guidelines describes the developer workflow for making changes to Diego.
• The CF Runtime Diego Pivotal Tracker project shows active areas of work for the Diego team in the backlog section.
• The Diego Dev Notes provide a detailed explanation of how the Diego components and internal state machine interact, as well as information on development workstation setup.
• The BBS Benchmarks provides information about results from the BBS benchmark tests that run in the Diego team's continuous integration testing pipeline.