Since its inception, Pivotal Cloud Foundry® (PCF) has joined industrialized open source software with superior business outcomes. That’s once again the case with Pivotal Cloud Foundry 2.3, now generally available.
What’s industrialized open source? We start by actively contributing to the most useful open source projects. Then, we package up this tech, and make it consumable by enterprises like yours, by:
Testing security updates and new releases to make the bits enterprise-ready. (We respond to vulnerabilities quickly too.)
Providing tooling that helps you rapidly perform security updates and platform upgrades.
Refining and packaging new open source projects as they mature.
Simplifying the adoption of new distributed computing patterns.
Building a thriving ecosystem, with structured ways to engage with partners.
PCF 2.3 does this with all the usual projects like Cloud Foundry, Kubernetes, Spring, and Steeltoe. We do this for the embedded OS that powers PCF, as well (both Linux and Windows).
Why do we do all this? That’s where the business outcomes come into play.
What do we mean by business outcomes? You should talk to a Pivotal customer! But the next best thing is to recap the 5 Ss:
Speed. Your goals are shorter cycle times and more frequent deployments.
Stability. What’s the uptime of your customer-facing apps? Can your internal teams count on a reliable “dial tone” of platform services for their software?
Scale. You want to be comfortable with the resiliency of your apps, even as traffic surges.
Security. You want your patch level to be 100%.
Savings. You’re being asked to build and run more software than ever before. Are you spending money on the projects that matter?
Keep industrialized open source and business outcomes in mind as you read through the updates.
Ask any IT leader what they want from Kubernetes and they will likely tell you they want it “to work as expected.” Yup. That’s why we say the killer feature for Kubernetes is operability. You need the system to work properly before you can do anything of business value. Operability has been the focus for Pivotal Container Service® (PKS) since its launch earlier this year.
That is true for PKS 1.2 as well. The new version is jam-packed with oodles of great features that simplify how you run Kubernetes at scale in production.
The top enhancements:
Kubernetes 1.11. Did you know Kubernetes ships new releases every 3 months? It’s true. And Pivotal helps you keep pace with this fast-moving project. That’s why PKS 1.2 will include Kubernetes 1.11, the latest, GA’d version of Kubernetes at this time. (And yes, PKS 1.2 has been certified by CNCF for Kubernetes conformance.)
Resilience and High Availability. PKS 1.2 will add multi-master capabilities across availability zones. This boosts stability in case of a disaster.
Enterprise Security. PKS 1.2 will enable Kubernetes-native role-based access controls (via
kubectl) through enterprise directories such as LDAP. This is a follow-on feature that expands how the PKS control plane works with LDAP. Separately, PKS 1.2 will include several important security enhancements related to credential management.
Check out the in-depth PKS 1.2 blog for all the details. Also, our friends at VMware have their own blog post up with their take. [UPDATE: PKS 1.2 is now live!]
This feature, previously a beta, graduates to GA in PCF 2.3. The name says it all—Service Instance Sharing—it helps development teams get access to the backing service instances used by others. When engineers get quick access to the data stores they need, it’s easier for them to go faster.
But you can’t share data at random. That’s why Service Instance Sharing supports the isolation of responsibilities and respects the roles of each team member. This diagram explains how it works:
Curious about the CLI experience? Here’s a demo walkthrough of Service Instance Sharing with RabbitMQ for PCF.
Service Instance Sharing in PCF. Note: the commands have changed slightly since this recording.
Use CredHub to manage credentials for your on-demand service instances and your shared service instances
What keeps InfoSec pros up at night? You can bet leaked credentials are on the shortlist. A while back, CredHub launched to mitigate the risk from this perpetual bugaboo. Over time, it has become a larger and larger part of the Cloud Foundry project.
Stale or in-the-clear creds? They're everywhere. @BrianMMcClain— Richard Seroter (@rseroter) July 19, 2018
takes a look at where CredHub solves that problem. https://t.co/rIUNmvhJKY <
CredHub has quietly grown up to be a pretty awesome little credential mgmt component of @cloudfoundry.
Here’s how CredHub improves your security posture in PCF 2.3.
Use CredHub with on-demand service instances
The on-demand services SDK was recently updated to support CredHub. Now, tile authors that use this SDK can easily make CredHub the repository for all service instance secrets!
Service Instance Sharing <3 the CredHub Service Broker
Service Instance Sharing gets even better with the new CredHub Service Broker.
With the CredHub Service Broker and Service Instance Sharing, platform owners can reduce the complexity of managing external service credentials throughout the platform. Better still, this dynamic duo is designed to ensure that platform credentials aren't exposed to unauthorized users.
We’ll have a tutorial blog post with more details on this use case in the coming days! In the meantime, enjoy this fun sketch of CredHub! [UPDATE: Here's the tutorial.]
Still wasting time with operating system patches and upgrades? Pivotal customers never do. Case in point: in PCF 2.3, several core components now embed Ubuntu 16.04. Platform engineers will roll this update out—along with the rest of PCF 2.3—at the click of a button, with zero downtime.
Here’s the list of tiles now powered by this OS:
PCF Operations Manager 2.3
Pivotal Application Service 2.3
PCF Event Alerts 1.2.3
Metrics Forwarder for PCF 1.11.3
MySQL for PCF 2.4
Scheduler for PCF 1.2.3
Spring Cloud Services for PCF 2.0.2
Spring Cloud Data Flow for PCF 1.2.0
Single Sign-On (SSO) for PCF 1.7.1
Other tiles will be updated in future releases. Want to know more about this enhancement? Check the release notes.
PAS for Windows includes Windows Server v1803
We automate patches and upgrades on the Windows side of the house, too. Where, by the way, the pain of managing the OS is almost certainly more acute. Why? Well, the tooling for the Windows Server ecosystem is a few years behind the Linux world. (But the gap is closing.) And Microsoft has dramatically accelerated the Windows Server release cycle. Instead of a 10-year support term, you’re looking at 18 months! You need to find a way to go faster if you want some semblance of operational hygiene.
Savvy Windows Server admins already have an answer: “Pivotal does this for me.” To wit: PAS for Windows ships with Windows Server v1803, the latest version. The new Windows release reduces the memory footprint for apps, thanks to a smaller container image. Security is better, because PAS for Windows leverages network ACLs provided in v1803 to control network traffic.
No matter how often Microsoft pushes out updates, you can bump the Windows Servers in your PCF deployment instantly. And with Windows Server 2019 right around the corner, why would you do it any other way?
Speaking of Windows...there’s more to PAS for Windows 2.3 than just a new OS version. The tile now supports multi-buildpacks for .NET apps. Here’s what we wrote about this feature when we launched it for PAS:
Thanks to multi-buildpack support in PCF 1.12, you don’t need to rely on DIY buildpacks (or docker packaging) as much. The familiar, supported buildpack flow now applies in more scenarios. This helps you go faster.
Go ahead and use the tried-and-true buildpack model in more scenarios. For starters, .NET developers can more easily consume app dependencies, like database drivers, Microsoft-provided frameworks, and partner integrations. You’re likely to find this useful with a bevy of monitoring, metrics, and logging tools in the Pivotal Services Marketplace.
What comes to mind when you think of cloud-native patterns? Microservices? Sure. 12-factor apps? Definitely. Service discovery, and circuit breakers? Yes and yes.
Pivotal launched the Steeltoe® project to make these patterns easy and accessible for .NET developers. Fast forward two years, and it’s amazing to see how far the project has come!
Steeltoe 2.1 is a massive release that gives .NET devs incredible convenience when it comes to running .NET Framework apps on PCF.
🔥 Steeltoe 2.1 GA is here! 🔥— Steeltoe (@SteeltoeOSS) August 20, 2018
We are proud to announce our new features and enhancements including: Distributed tracing, new management endpoints, health contributors, enhanced .NET Framework support, and more! @OpenCensus @dotnetfdn @pivotal - Our blog: https://t.co/QuHnOq8QV5
Management and Monitoring (M&Ms)
Microservices are the architecture of choice for high-velocity development teams. (Just know that everything doesn’t have to be a microservice.) One trade-off? Monitoring and diagnosing production issues can be challenging. Steeltoe 2.1 adds an excellent set of features to help you in this regard.
Think Steeltoe is just for .NET Core apps? Not anymore. Dave Tillman explains:
When we started the Steeltoe project (over two years ago!) we decided to focus solely on supporting .NET Core and ASP.NET Core. We discovered pretty quickly that was not a great choice. Many organizations were simply trying to do a “lift-and-shift” of their ASP.NET 4.x apps to Cloud Foundry. What they really needed were tools to help make that easier.
Steeltoe 2.0 enabled the Config Server, Eureka Server, and Connectors to be used with a 4.x application. This version tacks on security and management capabilities, specifically for single sign-on (via SSO) and identity management (UAA).
.NET Core & ASP.NET Core 2.1
Of course your ASP.NET 4.x apps can benefit from running on a modern platform like PCF. But .NET Core and ASP.NET Core is the future. Dave Tillman writes:
Finally, with this release, in addition to supporting .NET Core 2.0, ASP.NET Core 2.0, and .NET 4.6.1+, we are also adding support for .NET Core 2.1 and ASP.NET Core 2.1. We preserve compatibility with .NET Core/ASP.NET core 2.0. So, if you drop the Steeltoe 2.1 release into a .NET/ASP.NET Core 2.0 app, you should see only a few “Microsoft.Extensions” packages (e.g., Logging, Options, Configuration) that will update to 2.1. Your ASP.NET Core dependencies should not be impacted.
And be on the lookout for the recordings of these excellent SpringOne Platform .NET talks. They will be posted in the coming days!
Lots going on with .NET at SpringOne Platform. Training, sessions, and more! https://t.co/fA0czAXv8M— cwsteve (@cwsteve) August 14, 2018
Spring Cloud Services 2.0 is built atop the latest major releases from the open source Spring Boot and Spring Cloud projects. That’s right: along with the service broker, all of the server-side components provided by Spring Cloud Services—Config Server, Service Registry, and Circuit Breaker Dashboard—are now based on Spring Boot 2.0 and Spring Cloud Finchley. That means that each Spring Cloud Services component will work seamlessly with client applications written in or upgraded to Spring Boot 2.0.
And if you’re not on Spring Boot 2 yet, we’ve got you covered with backward compatibility.
“Spring Cloud Services for PCF Turns 2.0, Adds Support for Your Spring Boot 2 Apps” This is a big release for our team, and I’m really proud of everything we’ve accomplished. Looking forward to seeing you at @s1p! https://t.co/9zheU0Gtsw #SpringBoot #SpringCloud #CloudFoundry— Roy Clarkson (@royclarkson) August 24, 2018
Spring Cloud Data Flow for PCF 1.2 adds integration with Scheduler for PCF, plus the latest open-source SCDF Features
Kubernetes support enhancements
App hosting tool
Composed Task Runner security
DSL and deployment property parsing refinements
Batch database schema and optimization
Though we notice and acknowledge the shift from batch to streaming architectures, we also continue to learn new requirements for batch processing. It is not going away anytime soon.
For instance, to address the scheduling requirements for batch use cases, Spring Cloud Scheduler and Spring Cloud Scheduler for Cloud Foundry have joined the Spring Cloud Data Flow ecosystem. The first iteration of this begins with the native PCF Scheduler integration in SCDF’s Cloud Foundry implementation.
The definition of a task/batch pipeline and the launching of the pipeline are two essential steps, and now there’s a new addition to the workflow —a pipeline can now be scheduled with a cron-expression. The PCF Scheduler interacts with the staged task droplet in Cloud Foundry and it launches the task when the cron-evaluated outcome matches the current time.
Check out this screencast, and get some ideas on how you can automate task scheduling in your workflows!
It’s not really a PCF update unless we’ve got a TLS enhancement, right? We’ve been hard at work adding this encryption tech throughout the platform. In PAS 2.3, operators can make sure that only the Gorouters can communicate with app containers. These components use mutual TLS to verify each other’s identity. This option increases security over one-way TLS, because it ensures that the Gorouter is the only client that can communicate with app instances. In fact, this feature prevents other anonymous clients on the IaaS network from even sending requests to apps.
The mTLS app identity verification isn’t currently compatible with TCP routing or CF SSH. But you should definitely enable this for the HTTP/S workloads you have on PCF!
Had a ton of questions recently about how @PivotalCF uses @EnvoyProxy for transparent TLS all the way to the app container, so I wrote up a blog post about it: https://t.co/xZVaVSkgkk pic.twitter.com/hXYSdyIbYp— Eric Malm (@emalminator) April 5, 2018
The reception of PCF Healthwatch—an “out of the box” monitoring for your platform—has been overwhelmingly positive. We’ve partnered with customers to implement their feedback to make the product even better. These interactions are reflected in two nifty enhancements, Alerting History and a new Alert Stream dashboard. With PCF Healthwatch 1.4 and Event Alerts installed, you are alerted when there might be a problem. You don’t have to fixate on your tools unless you have to! From there, our curated monitoring will help drive you to a resolution fast.
When your system isn’t working as expected, you need all hands on deck to help diagnose and fix the issue. The new Alerting History Details feature is your go-to starting point in this scenario. All your practitioners with access to Healthwatch see the same data and will literally be on the same page. No more wasted time tracking down your fellow engineers for context. It’s all right there.
The new Alerts History Details in PCF Healthwatch 1.4
The PCF Healthwatch UI gets a makeover! The UI is more extensible, so you can better understand the state of your platform across a variety of sources.
PCF Healthwatch features a new, extensible UI.
One other important update: PCF Healthwatch 1.4, per usual, is automatically updated to reflect the latest PCF KPI/KSI changes. (PCF Healthwatch can help you move to SRE monitoring principles. Read how internal Pivotal teams have modernized their practices.)
If platform engineers use PCF Healthwatch to look after the platform, what can developers use to look after their apps? PCF Metrics of course! (We’ve written about plenty of times before.) PCF Metrics is tailored to help devs quickly root-cause issues in the era of microservices.
New in PCF Metrics 1.5: a snazzy streaming metrics feature. Turn it on, and your metrics charts are updated in real-time as data is ingested. Neat, huh? Use this feature when you want to closely examine your systems, like after a deployment. Is everything going as expected? Is there any weird behavior going on? PCF Metrics will tell you!
PCF Metrics 1.5: Note the new “play” button in the upper right next to the timeline. This enables real-time streaming of your metrics data.
Also updated in this release: the log data is now stored in PostgreSQL; the Metrics MySQL datastore is now Percona.
Operations Manager includes handy verification checks to give you quick feedback when you bump up against incompatibilities and version conflicts. These act as useful guardrails if you’re new to PCF. But they can sometimes get in the way of power users who have unique configurations. Now, experienced platform engineers can override verification checks in Ops Manager.
For example, your deployment may have a unique configuration that the verifier cannot detect. In this case, you can unblock your deployment by disabling the verifier. So if you don’t want to waste time slogging through potential issues, this API-only feature is for you. Please note: we recommend you work with Pivotal Support when using this feature. This is the best way to ensure your platform stays healthy!
Here’s a handy addition. We announced polyglot service discovery in the last PCF release. In PCF 2.3, you can use a custom internal domain with your apps, instead of the default
.internal domain. Simply modify this value in Application Developer Controls pane of the PAS tile.
Just a reminder that Cloud Foundry has internal routing and service discovery available, out of the box, for container-to-container networking between microservices.https://t.co/80Z5LvO22V— Mike Dalessio (@flavorjones) May 16, 2018
Apps Manager gets greater parity with the cf CLI
Developers new to PAS can use Apps Manager to become proficient with common platform functions. In PAS 2.3, Apps Manager gains additional parity with the CLI for restaging, named service bindings, and more.
Pivotal Cloud Foundry 2.2 and higher are now OpenID Connect certified
Hurray for standards! The UAA and SSO Service modules are now OpenID Connect certified. (Check out the OIDC list.) Alignment with this industry standard gives assurances that identity and access management in PCF will interoperate with other compliant tools.
Multiple Data Centers on OpenStack
Building redundancy at the AZ level for on-prem deployments is now much easier. Why? Because Ops Manager now allows you to configure multiple OpenStack data centers to a single BOSH Director. (You may recall, we launched this feature for vSphere in PCF 2.2.) NOTE: This feature is not recommended for use with regions, where data centers are physically hundreds of miles apart.
PSA: Start to plan your migration to the new cflinuxfs3-based buildpacks
Pivotal now maintains cflinuxfs3 stack, based on Ubuntu 18.04, and associated buildpacks. So now is a good time to start planning your migration to this updated stack. Work with your platform architect to create a migration plan to cflinuxfs3 from the current cflinuxfs2 stack. This should be a smooth process for the vast majority of your applications.
Learn from Your Peers on the SpringOne Platform Live Stream
IT leaders like you will tell their stories on the main stage all week at the SpringOne Platform conference. Watch the live stream, learn from your peers, and get inspired! And join the conversation online via #SpringOne.
In case you can't make it to #SpringOne next week (there's still time to get a ticket though!). You can catch the main stage livestream on @Pivotal's Twitter, YouTube and Facebook pages, as well as on https://t.co/ucNQ3mKMGM — who's excited for next week? pic.twitter.com/fnB8JgLaUn— SpringOne Platform (@s1p) September 18, 2018
Hungry for more details on Pivotal Cloud Foundry 2.3? Check out the links below and read up on the newest capabilities. If you’re ready to get started now, check out many of the latest PCF 2.3 features on Pivotal Web Services for free.
SAFE HARBOR STATEMENT
This blog contains statements relating to Pivotal’s expectations, projections, beliefs and prospects which are "forward-looking statements” within the meaning of the federal securities laws and by their nature are uncertain. Words such as "believe," "may," "will," "estimate," "continue," "anticipate," "intend," "expect," "plans," and similar expressions are intended to identify forward-looking statements. Such forward-looking statements are not guarantees of future performance, and you are cautioned not to place undue reliance on these forward-looking statements. Actual results could differ materially from those projected in the forward-looking statements as a result of many factors, including but not limited to: (i) our limited operating history as an independent company, which makes it difficult to evaluate our prospects; (ii) the substantial losses we have incurred and the risks of not being able to generate sufficient revenue to achieve and sustain profitability; (iii) our future success depending in large part on the growth of our target markets; (iv) our future growth depending largely on Pivotal Cloud Foundry and our platform-related services; (v) our subscription revenue growth rate not being indicative of our future performance or ability to grow; (vi) our business and prospects being harmed if our customers do not renew their subscriptions or expand their use of our platform; (vii) any failure by us to compete effectively; (viii) our long and unpredictable sales cycles that vary seasonally and which can cause significant variation in the number and size of transactions that can close in a particular quarter; (ix) our lack of control of and inability to predict the future course of open-source technologies, including those used in Pivotal Cloud Foundry; and (x) any security or privacy breaches. All information set forth in this release is current as of the date of this release. These forward-looking statements are based on current expectations and are subject to uncertainties, risks, assumptions, and changes in condition, significance, value and effect as well as other risks disclosed previously and from time to time in documents filed by us with the U.S. Securities and Exchange Commission (SEC), including our prospectus dated April 19, 2018, and filed pursuant to Rule 424(b) under the U.S. Securities Act of 1933, as amended. Additional information will be made available in our quarterly report on Form 10-Q and other future reports that we may file with the SEC, which could cause actual results to vary from expectations. We disclaim any obligation to, and do not currently intend to, update any such forward-looking statements, whether written or oral, that may be made from time to time except as required by law.
This blog also contains statements which are intended to outline the general direction of certain of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding the pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. All software releases are on an if and when available basis and are subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. Any purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this blog remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward-looking information in this blog.
About the AuthorFollow on Twitter Follow on Linkedin More Content by Jared Ruckle