Pivotal Cloud Foundry and Docker - Part 1

This post will be going through setting up Docker support for Pivotal Cloud Foundry (PCF). I will also go over integrating current PCF tiles to support the Docker container life cycle.  The PCF tiles that will be discussed are the Cloudbees Jenkins and JFrog Artifactory tiles.  Since this is a big topic, I am breaking the post up into multiple parts.

Prerequisite Step - Docker PCF Feature Flag

Pushing Docker images is not supported unless the Diego Docker feature flag is enabled. To turn this feature on, sign into your foundation with admin privileges and run the following command:

cf enable-feature-flag diego_docker

You can turn this feature on or off at any time.  The big issue you need to watch out for is that if you disable the feature flag, all of the Docker based applications will stop.

Prerequisite Step - CF CLI Version

Command line support for pushing Docker images is in version 6.13 and later.  To check to see if you have the required version, run the following command:

cf -v

If you don't have the required version, you can download the latest release from the Cloud Foundry CLI GitHub site.

Pushing Docker Images to PCF Using Docker Hub

The easy button for deploying Docker images to PCF is to have unrestricted access to the Internet where PCF can connect to Docker Hub and deploy the image.  An example of a cf push in this unrestricted environment is below:

cf push docker-test -o cloudfoundry/test-app

This is a normal cf push command that you would run except the feature "-o" represents pushing a Docker image.  The cloudfoundry/test-app is a good baseline app to test your PCF environment for Docker compatibility.  

Pushing Docker Images to PCF Using An Internal Registry

In the real world, you are probably in an environment that does not have unrestricted access to the Internet.  A repository for artifacts is setup in the environment to proxy dependencies for your applications and to store your custom applications.  

Pivotal has a tile from JFrog Artifactory which comes pre-configured with a Docker registry.  For more information, go to the following Pivotal documentation site.  In my example, I will be using the JFrog Artifactory tile for an internal Docker registry.  An example of using an internal registry to push a Docker image is below:

cf push docker-test -o artifactory-docker-dev.system.domain.com:443/cloudfoundry/test-app

With this example, I have locally cached the cloudfoundry/test-app Docker image inside of the Artifactory registry.  To be more specific, it was placed in the pre-configured Artifactory repository called docker-dev-local2.  I will get into more of the configuration of Artifactory in the next blog post.

Workflow

Below is the workflow I will be working off of to explain how this integration with Artifactory works.

Here is an explanation of these steps.

1. A developer runs the command; cf push docker-test -o artifactory-docker-dev.system.domain.com:443/cloudfoundry/test-app .  This will place a request to the foundation's API URL hosted on the security appliance (firewall) / load balancer.
2. The load balancer will pass the request to the PCF GoRouters.
3. The GoRouters will send the request to the PCF Cloud Controllers.
4. The Cloud Controllers perform a staging step that tells the PCF Diego components to fetch the Docker image.
5. Diego Brain sends a request to get the Docker image from the internal registry (artifactory-docker-dev.system.domain.com).  The request is sent to the load balancer outside of PCF.
6. The load balancer finds the address, artifactory-docker-dev.system.domain.com, and knows to route that back to PCF
7. Going through the GoRouters, that URL is hosted on the Artifactory tile's NGINX webserver acting as a reverse proxy.
8. The reverse proxy knows to send the request for the image to one of Artifactory's highly available servers.
9. Image is sent back through the reverse proxy.
10. Now the Garden-Linux container is created on a Diego Cell with the Docker image that was requested in the CF push command.  The Docker image is started and accessible from the route that was created.

Summary

This was just a high level overview of the steps to get the PCF environment ready for Docker images.  In the next part of this blog post, I will go over the internal Docker registry (Artifactory) setup and what connectivity is needed between PCF and Artifactory.  

~RRRII