PCF on GCP Requirements

Page last updated:

This guide describes how to install Pivotal Cloud Foundry (PCF) on Google Cloud Platform (GCP).

To view production-level deployment options for PCF on GCP, see the Reference Architecture for Pivotal Cloud Foundry on GCP.

General Requirements

The following are general requirements for deploying and managing a PCF deployment with Ops Manager and Pivotal Application Service (PAS):

  • A wildcard DNS record that points to your router or load balancer. Alternatively, you can use a service such as xip.io. For example,

    • PAS gives each application its own hostname in your app domain.
    • With a wildcard DNS record, every hostname in your domain resolves to the IP address of your router or load balancer, and you do not need to configure an A record for each app hostname. For example, if you create a DNS record *.example.com pointing to your load balancer or router, every application deployed to the example.com domain resolves to the IP address of your router.
  • At least one wildcard TLS certificate that matches the DNS record you set up above, *.example.com.

  • Sufficient IP allocation:

    • One static IP address for each job in the Ops Manager tile. See the Resource Config pane for each tile for a full list.
    • One static IP address for each job listed below:
      • Consul
      • NATS
      • File Storage
      • MySQL Proxy
      • MySQL Server
      • Backup Prepare Node
      • HAProxy
      • Router
      • MySQL Monitor
      • Diego Brain
      • TCP Router
    • One IP for each VM instance created by the service.
    • An additional IP address for each compilation worker. So the formula for total IPs needed is IPs needed = static IPs + VM instances + compilation workers.

      Note: Pivotal recommends that you allocate at least 36 dynamic IP addresses when deploying Ops Manager and PAS. BOSH requires additional dynamic IP addresses during installation to compile and deploy VMs, install PAS, and connect to services.

  • One or more NTP servers if not already provided by your IaaS.

  • (Recommended) A network without DHCP available for deploying the PAS VMs.

    Note: If you have DHCP, refer to the Troubleshooting Guide to avoid issues with your installation.

  • (Optional) External storage. When you deploy PCF, you can select internal file storage or external file storage, either network-accessible or IaaS-provided, as an option in the PAS tile. Pivotal recommends using external storage whenever possible. See Upgrade Considerations for Selecting File Storage in Pivotal Cloud Foundry for a discussion of how file storage location affects platform performance and stability during upgrades.

  • (Optional) External databases. When you deploy PCF, you can select internal or external databases for the BOSH Director and for PAS. Pivotal recommends using external databases in production deployments. An external database must be configured to use the UTC timezone.

  • (Optional) External user stores. When you deploy PCF, you can select a SAML user store for Ops Manager or a SAML or LDAP user store for PAS, to integrate existing user accounts.

  • The most recent version of the Cloud Foundry Command Line Interface (cf CLI).


GCP Requirements

You must have the following to install PCF on GCP:

  • A GCP project with sufficient quota to deploy all the VMs needed for a PCF installation. For a list of suggested quotas, see Recommended GCP Quotas.

    You can request a quota increase on the GCP Quotas page.

  • A GCP account with adequate permissions to create resources within the selected GCP project. Per the Least Privileged User principle, the permissions required to set up a GCP environment for PCF include:

    • Permissions to create firewalls, networks, load balancers, and other resources:
      • Compute Engine > Compute Instances Admin (beta)
      • Compute Engine > Compute Network Admin
      • Compute Engine > Compute Security Admin
    • If using Google Cloud Storage (GCS) for Cloud Controller file storage, permissions to create buckets:
      • Storage > Storage Admin
    • If you are using Cloud DNS, permissions to add and modify DNS entries:
      • Project > Editor

        Note: When you deploy PCF, the deployment processes run under a separate service account with the minimum permissions required to install Ops Manager and Pivotal Application Service (PAS).

  • The Google Cloud SDK installed on your machine and authenticated to your GCP account.

  • Sufficiently high VM instance limits, or no instance limits, on your GCP account. The exact number of VMs depends on the number of tiles and availability zones you plan to deploy.

    • PAS: At a minimum, a new GCP deployment requires the following custom VMs for PAS:
      PAS and Ops Manager VM Count vCPU Count per VM RAM (GB)
      30 1 1
      3 1 2
      4 2 4
      3 2 8
      3 4 16
      By default, PAS deploys the number of VM instances required to run a highly available configuration of PCF. If you are deploying a test or sandbox PCF that does not require HA, then you can scale down the number of instances in your deployment. For information about the number of instances required to run a minimal, non-HA PCF deployment, see Scaling PAS.
    • Small Footprint PAS: To run Small Footprint PAS, a new GCP deployment requires:
      VM Type VM Count vCPU Count per VM RAM (GB) Notes
      Small Footprint PAS micro 12 1 1 Add 1 to VM count if using HAProxy
      small 3 1 2
      xlarge.disk 1 4 16
      xlarge 1 4 16
      medium.mem 1 1 6
      large.disk 1 2 8
      Ops Manager large.disk 1 2 8
      large.cpu 4 4 4
  • Administrative rights to a domain for your PCF installation. You need to be able to add wildcard records to this domain. You specify this registered domain when configuring the SSL certificate and Cloud Controller for your deployment. For more information see the Providing a Certificate for your SSL Termination Point topic.

  • An SSL certificate for your PCF domain. This can be a self-signed certificate, which Ops Manager can generate for you, but Pivotal recommends using a self-signed certificate for development and testing purposes only. If you plan to deploy PCF into a production environment, you must obtain a certificate from your Certificate Authority.

Certificate Requirements on GCP

If you are deploying PCF on GCP, then you must add your certificate to both the frontend configuration of your HTTP Load Balancer and to the Gorouter (PAS Router). For more information, see Create Instance Groups and the HTTP(S) Load Balancer.

GCP load balancers actually forward both encrypted (WebSockets) and unencrypted (HTTP and TLS-terminated HTTPS) traffic to the Gorouter. When configuring the point-of-entry for a GCP deployment, select Forward SSL to PAS Router in your PAS network configuration. This point-of-entry selection accommodates this special characteristic of GCP deployments.

See Certificate Requirements for general certificate requirements for deploying PCF.

GCP Permissions Guidelines

Pivotal recommends following the principle of least privilege by scoping privileges to the most restrictive permissions possible for a given role. See IaaS Permissions Guidelines for recommendations on how to create and scope GCP accounts for PCF.

GCP Security Documents

Install PCF on GCP

Install PCF on GCP Manually

Complete the following procedures to install PCF on GCP:

  1. Preparing to Deploy PCF on GCP

  2. Launching a Ops Manager Director Instance on GCP

  3. Configuring Ops Manager Director on GCP

  4. (Optional) Configuring a Shared VPC on GCP

  5. (Optional) Installing the PCF IPsec Add-On

  6. Deploying PAS on GCP

Install PCF on GCP Using Terraform

Complete the following procedures to install PCF on GCP:

  1. Preparing to Deploy PCF on GCP Using Terraform

  2. Configuring Ops Manager Director on GCP Using Terraform

  3. (Optional) Configuring a Shared VPC on GCP

  4. (Optional) Installing the PCF IPsec Add-On

  5. Deploying PAS on GCP Using Terraform

Delete PCF on GCP

You can use the GCP console to remove an installation of all components, but retain the objects in your bucket for a future deployment:

Troubleshoot PCF on GCP

The troubleshooting document for PCF on GCP infrastructure.

Create a pull request or raise an issue on the source for this page in GitHub