This topic describes the architecture of Windows cells that PAS for Windows deploys to run containerized .NET apps, and the stemcells that it supplies to BOSH as the operating system for the Windows cell VMs.
Operators who want to run Windows cells in PCF to enable developers to push .NET apps can deploy the PAS for Windows tile.
Deploying this tile creates a separate BOSH deployment populated with the Garden Windows release, which runs on a Windows cell built from a Windows stemcell.
Once the Windows cell is running, developers can specify a Windows stack when pushing .NET apps from the command line. PCF passes the app to the Windows cell in the PAS for Windows BOSH deployment. The diagram below illustrates the process.
App instances in PCF run inside containers. Garden is the API that creates and manages these containers. An implementation equivalent to that on Linux cells provides this infrastructure on Windows cells, utilizing native Windows Server Containers.
By installing the PAS for Windows tile, operators create a Windows cell from a stemcell that contains the Windows Server operating system. Garden on Windows uses Windows Containers to isolate resources on Windows cells that Cloud Foundry manages alongside Linux cells.
A Windows cell includes the following components:
- Guardian: Implements the Garden API on Windows
- Metron Agent: Forwards app logs, errors, and metrics to the Loggregator system
- BOSH Agent: Executes instructions from the BOSH Director
- Consul Client: Registers the cell as a service in a Consul cluster
- Diego Rep: Runs and manages Tasks and Long Running Processes
The following diagram illustrates the architecture of a Windows cell:
Garden on Windows uses the following runtime plugins to create and manage Windows Containers for PAS:
- Container plugin
winc: Creates OCI-compliant containers, executes processes in the containers, and sets their CPU and RAM limits.
- Network plugin
winc-network: Creates a network compartment for the container, applies its DNS settings, and defines its inbound/outbound network access rules.
- Rootfs image plugin
groot: Sets up the container filesystem volume and uses the FSRM API to define its disk usage quotas.
A “stemcell” is a customized operating system image containing the filesystem for BOSH-managed virtual machines. When deployed, the operating system includes the BOSH Agent process, which is dedicated to communicating with the orchestrating VM, the BOSH Director. The BOSH Agent executes and monitors BOSH jobs on its VM.
Deployments of Windows Server on PCF currently use a stemcell containing Windows Server 2019.
See Downloading or Creating Windows Stemcells for documentation about how to obtain or create a stemcell for PAS for Windows.
Note: Traffic between the Gorouter and Windows stemcells is not encrypted with TLS.