Cloud Foundry How Tos¶
This section describe common activities for managing your Cloud Foundry environment. This collection does only cover some aspects of Cloud Foundry and are not intended to replace the official documentation.
Add a New User¶
After the initial account registration the Tenant Owner will be assigned the Org Manager role within his tenants Cloud Foundry Org. He can then assign roles to new users via the Cloud Foundry CLI.
Prerequisites for adding a new user:
The new user has access to a DevOps Plan.
The new user has logged into the Cloud Foundry once before (see Connecting to Cloud Foundry via CF CLI).
The tenant role and the Cloud Foundry role are not the same and need to be assigned separately.
Change a User's Permissions¶
Users can have one or more roles. The combination of these roles defines the user's overall permissions in the Org and within specific app spaces in that Org.
Use the following commands for managing users on an Org level.
|View the organizations belonging to an account||
|View all users in an organization by role||
|Assign an Org role to a user||
|Remove an Org role from a user||
And these for only assigning access to specific spaces.
|View the spaces in an Org||
|View all users in a space by role||
|Assign a space role to a user||
|Remove a space role from a user||
Create a New Space¶
cf create-space SPACE to create a new space within your Org. Next, you can proceed and assign one of your developers the
SpaceDeveloper role by using
cf set-space-role USERNAME ORG SPACE ROLE. You can list all users of an space with
Assign a User to a Space¶
cf set-space-role USERNAME ORG SPACE ROLE to add a user to a space.
Create a Service Instance¶
MindSphere provides multiple backing services out of the box that can be used for application development and operation. These services are managed and will be provisioned on a dedicated VM. Depending on your Org quota and settings you can create multiple service instances. Each instance is related to a backing service plan that describes the hardware, capabilities and the number of instances (e.g. clustered instances).
Service instances are always tied to a specific space and cannot be used across multiple spaces. This is a design choice of Cloud Foundry to ensure isolated sub-environments.
cf marketplace or
cf m to list all available Backing Services and their associated plans. Choose your desired service and create a new instance with
cf create-service SERVICE PLAN SERVICE_INSTANCE. As a next step you can bind this service to one of your apps.
cf service SERVICE_INSTANCE to get detailed information about your service instance.
Bind a Service Instance¶
Bind the service with
cf bind-service my-app myservice to one of your apps running in the same space as the service. After the binding the service credentials are available as environment variables and can be used within your application.
Backup & Restore Service Instances¶
You can use the service URL to visit the Backing Service Dashboard and start backups and restore an older one.
Background Tasks / Processes¶
Cloud Foundry also allows to run background processes that for example data crunching. Those background processes are normal Cloud Foundry apps, but without a route. Therefore, it is necessary to use the
--no-route parameter for pushing applications or set this as a attribute in your
If you forget to disable the route, Cloud Foundry is going to perform periodically health checks that will fail. Due to this failing health checks the Cloud Controller is going to stop your application.
Refer to the official documentation for further details:
How Can I Find my Current Usage of my Org¶
cf org ORG command to get information about your Org.
Which IP does my App Use for Accessing the Internet¶
MindSphere applications running on Cloud Foundry access the internet via a NAT gateway, which uses the following IP addresses:
1 2 3
18.104.22.168 22.214.171.124 126.96.36.199
Create a User-Provided-Service¶
Refer to the official Cloud Foundry documentation on how to create and use these:
Heads up! Only use this feature if you are aware about the security and operational consequences of this feature. Consider using restrictive firewall settings or set up a peering connection!
Any questions left?
Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.