Pair of backend/frontend apps to demonstrate C2C networking in Pivotal Cloud Foundry - using .NET Core 2.0
- PCF with container networking enabled (1.12 or later recommended)
- Spring cloud services with service registry
- .NET CLI installed
This is a pair of apps, a backend and frontend that use Eureka's direct registration method to enable container-to-container networking.
The frontend simply prints out whatever the backend sends it, or an error if it cannot connect (e.g. the network is blocked).
pushd c2c-frontend
dotnet publish -c Release
popd
pushd c2c-backend
dotnet publish -c Release
popd
You require the network.write
permission in Cloud Foundry to make network changes. To do so:
$ gem install cf-uaac
$ uaac target uaa.sys.yourdomain.com
$ uaac token client get admin -s MyAdminPassword
You can find your admin password in Elastic Runtime -> Credentials -> Admin Client Credentials
$ uaac member add network.write myuser
Note: network.write
allows a user to modify networking on spaces where they are a developer, for foundation-wide network access use network.admin
instead.
Create a c2c service registry:
$ cf create-service p-service-registry standard c2c-registry
This may take some time to come up. On PWS I had to wait about 2-3 minutes.
Next push the backend and frontend apps:
pushd c2c-frontend
cf push
popd
pushd c2c-backend
cf push
popd
If you're using self-signed certificates, Eureka registration won't work by default. To enable it, add your API server to the trust store:
$ cf set-env c2c-backend-dotnet TRUST_CERTS api.apps.mydomain.com
$ cf set-env c2c-frontend-dotnet TRUST_CERTS api.apps.mydomain.com
Now restart the apps:
cf restart c2c-backend-dotnet && cf restart c2c-frontend-dotnet
Verify the backend app is working as intended by visiting it, for example:
$ curl http://c2c-backend-dotnet-random.cfapps.io/ping
It should print a bit of information about itself:
Remote hello from c2c-backend (IP: 10.240.155.75:8080)
Now check the frontend:
$ curl http://c2c-frontend-dotnet-random.cfapps.io/ping
It should return an error like this:
Could not reach backend (networking problem?)
Enable C2C networking between the apps:
cf add-network-policy c2c-frontend-dotnet --destination-app c2c-backend-dotnet
It may take a couple of seconds to work, but repeating the frontend request should now show it's connected to the backend directly:
Remote hello from c2c-backend (IP: 10.240.155.75:8080)
You can be sure it's working properly by removing the route from the backend app:
cf unmap-route c2c-backend-dotnet mydomain --hostname c2c-backend-dotnet-random
You can then disable the policy again if you like:
cf remove-network-policy c2c-frontend-dotnet --destination-app c2c-backend-dotnet --port 8080 --protocol tcp
There is a basic website available on the frontend component that allows a bit more advanced testing.
You can initiate requests from the frontend or backend to arbitrary URLs. This can be used to test CNI integration from 3rd parties.
For example, a lower level CNI policy may forbid the frontend app from accessing an external IP, but allow the backend to do so. This will allow you to test/verify.
It's very early days - and I much prefer Spring Boot!