Skip to content

Cloud Foundry How Tos

This section describes common activities for managing your Cloud Foundry environment. This collection does only cover some aspects of Cloud Foundry and are not intended to replace the official documentation.

Space Management

Add a New User

After the initial account registration the Tenant Owner will be assigned the Org Manager role within his tenants Cloud Foundry Org. He can then assign roles to new users via the Cloud Foundry CLI.


Prerequisites for adding a new user:


The tenant role and the Cloud Foundry role are not the same and need to be assigned separately.

Change a User's Permissions

Users can have one or more roles. The combination of these roles defines the user's overall permissions in the Org and within specific app spaces in that Org.

Use the following commands for managing users on an Org level.

Function Command Example
View the organizations belonging to an account cf orgs cf orgs
View all users in an organization by role cf org-users {org_name} cf org-users my-mindsphere-org
Assign an Org role to a user cf set-org-role {user_name} {org_name} {role} cf set-org-role Alice my-mindsphere-org OrgManager
Remove an Org role from a user cf unset-org-role {user_name} {org_name} {role} cf unset-org-role Alice my-mindsphere-org OrgManager

And these for only assigning access to specific spaces.

Function Command Example
View the spaces in an Org cf spaces cf spaces
View all users in a space by role cf space-users {org_name} {space_name} cf space-users my-mindsphere-org development
Assign a space role to a user cf set-space-role {user_name} {org_name} {space_name} {role} cf set-space-role Alice my-example-org development SpaceAuditor
Remove a space role from a user cf unset-space-role {user_name} {org_name} {space_name} {role} cf unset-space-role Alice my-mindsphere-org development SpaceAuditor

Create a New Space

Use cf create-space {space_name} to create a new space within your Org. Next, you can proceed and assign one of your developers the SpaceManager or SpaceDeveloper role by using cf set-space-role {user_name} {org_name} {space_name} {role}. You can list all users of an space with cf space-users.

Assign a User to a Space

Use cf set-space-role {user_name} {org_name} {space_name} {role} to add a user to a space.

Get the Current Usage of my Org

Use the cf org {org_name} command to get information about your Org.

Service Instances

Create a Service Instance

MindSphere provides multiple backing services out of the box that can be used for application development and operation. These services are managed and will be provisioned on a dedicated VM. Depending on your Org quota and settings you can create multiple service instances. Each instance is related to a backing service plan that describes the hardware, capabilities and the number of instances (e.g. clustered instances).

Service instances are always tied to a specific space and cannot be used across multiple spaces. This is a design choice of Cloud Foundry to ensure isolated sub-environments. Use cf marketplace or cf m to list all available Backing Services and their associated plans. Choose your desired service and create a new instance with cf create-service {service_name} {plan} {service_instance}. As a next step you can bind this service to one of your apps.

Use cf service {service_instance} to get detailed information about your service instance.

Bind a Service Instance

Bind the service with cf bind-service {app_name} {service_instance} to one of your apps running in the same space as the service. After the binding the service credentials are available as environment variables and can be used within your application.

Backup & Restore Service Instances

You can use the service URL to visit the Backing Service Dashboard and start backups and restore an older one.

Enable Sharing of a Service Instance

  1. Navigate into the Cloud Foundry space where your service instance was created.
  2. Share the service with {another_space} using cf share-service {service_instance} -s {another_space}.


  • For sharing service instances among spaces you need the Space Developer role in both spaces.
  • You cannot share a service instance with a space where a service instance with the same name already exists.


Avoid overload of service instances when binding them to multiple apps. Refer to the respective service plan specification.

Disable Sharing of a Service Instance

  1. Navigate into the Cloud Foundry space where your service instance was created.
  2. Disable sharing of the service with {another_space} using cf unshare-service {service_instance} -s {another_space}.


  • You need the Space Developer role in the space where the service instance is running to disable its sharing.
  • You cannot delete a service instance while it is being shared with other spaces.


Unsharing a service instance removes all bindings to apps in the space it was shared with. This may cause apps to fail. Run the cf service {service_instance} command to see if bindings exist in the spaces the service instance is shared with before unsharing it.

Sharing a Backing Service in MindSphere Operator Cockpit

  1. Log into Cloud Foundry: cf login -a --sso
  2. Select your Cloud Foundry org: cf target -o {org_name}
  3. Create a new space: cf create-space {space_name}


To use Auto deployment feature of the Operator Cockpit, the {space_name} should be equal the name of the app to be registered.

  1. Switch to the space with the service instance to be shared:
    cf target -s {service_instance_space_name}
  2. Share the service instance with the new space:
    cf share-service {service_instance} -s {space_name}
    The name of the service instance is the same in all spaces. Make sure it is set correctly in your manifest file.
  3. Deploy your app in the new space and bind the service instance to it.


It is prohibited to share service instances across multiple organizations and might be blocked in the future.

Create a User-Provided-Service

Refer to the official Cloud Foundry documentation on how to create and use these:


Heads up! Only use this feature if you are aware about the security and operational consequences of this feature. Consider using restrictive firewall settings or set up a peering connection!

Background Tasks / Processes

Cloud Foundry supports running background processes, for example data crunching. Those background processes are normal Cloud Foundry apps, but without a route. Therefore, it is necessary to use the --no-route parameter for pushing applications or set this as an attribute in your manifest.yml.


If you forget to disable the route, Cloud Foundry is going to perform periodically health checks that will fail. Due to this failing health checks the Cloud Controller is going to stop your application.

Refer to the official documentation for further details:


Stacks are prebuilt root file systems that support specific operating systems. Linux-based systems need /usr and /bin directories at their root.

Find out which Stack an App Uses

The following Cloud Foundry Stacks are currently available:

  • cflinuxfs3: Based on Ubuntu Bionic 18.04
  • cflinuxfs2: Deprecated and based on Ubuntu Trusty 14.04

We advise to always use the latest available stack. You can find out the stack which your application is using with the following command:

cf app app_name

The command line will list a summary of the application including the used stack:

Showing health and status for app app_name in org org_name / space space_name as

name:              app_name
requested state:   started
instances:         1/1
usage:             500M x 1 instances
last uploaded:     Thu 21 Feb 12:37:11 CET 2019
stack:             cflinuxfs3
buildpack:         staticfile_buildpack

    state     since                  cpu    memory         disk         details
#0  running   2019-02-25T14:13:14Z   0.0%   1.5M of 500M   6M of 512M

Update the Stack of an App

To change the stack to cflinuxfs3, either add the stack attribute in your Single Manifest file or use the following command:

cf push {app_name} -s cflinuxfs3

The push command causes a restaging of the application and ensures that all statically linked dependencies are updated.

Docker container in Cloud Foundry


Running Docker containers in Cloud Foundry is currently only possible for Developer Tenants. Apps cannot be validated by App Validation and not be forwarded to Operator Tenant.


Running Docker containers in Cloud Foundry is currently only supported in region Europe 1.

Docker containers based on docker images, which are stored in a Container Registry, can be directly run in Cloud Foundry.


The following are the prerequisites for running containers which are stored in MindSphere Container Registry Lite:

  • You have created MindSphere Container Registry Robot Account
  • You have logged into docker registry in command line
  • You have tagged the image
  • You have pushed the image to MindSphere Container Registry

Push a Docker Image from MindSphere Container Registry

To deploy a Docker image from MindSphere Container Registry, execute the following command:

  export CF_DOCKER_PASSWORD={robot_account_password}
  cf push {app_name} --docker-image{tenant}/{image}:{tag} --docker-username '{robot_account_user}'

For more information refer Deploying an App with Docker.


Binary Buildpack

Use the binary buildpack for running arbitrary binary web servers. For further information refer Binary Buildpack.


The binary_buildpack is running on cflinuxfs3 stack, which is based on Ubuntu Bionic 18.04. Therefore the binary has to be build on Ubuntu Bionic 18.04.


In push command, use the -b option and specify the buildpack binary_buildpack. Alternatively, the buildpack can be specified in manifest.yml with buildpack: binary_buildpack.
In push command, use the -c option to specify the start command, for example ./hello_world. Alternatively, the start command can be specified in Procfile like web: ./hello_world.

Operator Cockpit

For using the Auto deployment in Operator Tenants's Operator Cockpit, specify the following:

  • buildpack in manifest.yml
  • start command in Procfile

IPs via which Apps Access the Internet

MindSphere applications running on Cloud Foundry access the internet via a NAT gateway, which uses the following IP addresses:

  • In region Europe 1 / Europe 2:

  • In region China 1:


Any questions left?

Ask the community

Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.