|
| 1 | +# Meta |
| 2 | +[meta]: #meta |
| 3 | +- Name: Move Buildpack Dependencies Repository to CFF |
| 4 | +- Start Date: 2022-05-18 |
| 5 | +- Author(s): @gerg |
| 6 | +- Status: Draft <!-- Acceptable values: Draft, Approved, On Hold, Superseded --> |
| 7 | +- RFC Pull Request: |
| 8 | + [https://github.com/cloudfoundry/community/pull/279](https://github.com/cloudfoundry/community/pull/279) |
| 9 | + |
| 10 | + |
| 11 | +## Summary |
| 12 | + |
| 13 | +Move ownership of the buildpack dependency repositories from VMware to the Cloud |
| 14 | +Found Foundation (CFF). |
| 15 | + |
| 16 | +## Problem |
| 17 | + |
| 18 | +As part of staging, Cloud Foundry buildpacks download their dependencies from a |
| 19 | +VMware-managed central dependency repository. For example, here is an excerpt |
| 20 | +from staging an app using the ruby buildpack: |
| 21 | +``` |
| 22 | + -----> Ruby Buildpack version 1.8.53 |
| 23 | + -----> Supplying Ruby |
| 24 | + -----> Installing bundler 2.3.11 |
| 25 | + Download [https://buildpacks.cloudfoundry.org/dependencies/bundler/bundler_2.3.11_linux_noarch_any-stack_cab63d95.tgz] |
| 26 | + -----> Installing ruby 2.7.5 |
| 27 | + Download [https://buildpacks.cloudfoundry.org/dependencies/ruby/ruby_2.7.5_linux_x64_cflinuxfs3_2c25fe7d.tgz] |
| 28 | + -----> Update rubygems from 3.1.6 to 3.3.11 |
| 29 | + -----> Installing rubygems 3.3.11 |
| 30 | + Download [https://buildpacks.cloudfoundry.org/dependencies/rubygems/rubygems_3.3.11_linux_noarch_any-stack_a9fa9578.tgz] |
| 31 | + -----> Installing dependencies using bundler 2.3.11 |
| 32 | + Running: bundle install --jobs=4 --retry=4 --local |
| 33 | +``` |
| 34 | + |
| 35 | +The `*.cloudfoundry.org` DNS Zone is managed by the CFF, so VMware is not able to |
| 36 | +renew the TLS certificate for this dependency |
| 37 | +repository. This issue came to a head on March 27 2022, when the |
| 38 | +`buildpacks.cloudfoundry.org` TLS certificate expired, resulting in widespread |
| 39 | +staging failures. Luckily, VMware had access to a `*.cloudfoundry.org` TLS |
| 40 | +certificate, which does not expire until February 23 2023. Going forward, VMware |
| 41 | +will need to coordinate certificate renewals with the CFF until this problem is |
| 42 | +resolved, risking future outages. |
| 43 | + |
| 44 | +In addition to `buildpacks.cloudfoundry.org`, the Java buildpack is also |
| 45 | +dependent on a dependency repository, `java-buildpack.cloudfoundry.org`, with a |
| 46 | +certificate expiring in May 2023. Both of these repositories are currently |
| 47 | +implemented using AWS CloudFront distributions, backed by AWS S3 buckets. These |
| 48 | +AWS resources are controlled by teams within VMware, and are not easily |
| 49 | +accessible to Application Runtime Interfaces working group members, including |
| 50 | +those who work for VMware. |
| 51 | + |
| 52 | +Historically, we have not migrated the buildpack dependency repository because: |
| 53 | +1. It it difficult to transfer large S3 buckets between AWS accounts |
| 54 | +1. The storage and network traffic for the dependency repository is expensive, |
| 55 | + and VMware has agreed to pay for it |
| 56 | + |
| 57 | + |
| 58 | +## Proposal |
| 59 | + |
| 60 | +Move the buildpack dependency repository CloudFront distributions |
| 61 | +(`buildpacks.cloudfoundry.org` and`java-buildpack.cloudfoundry.org`) to a |
| 62 | +CFF-managed AWS account, but keep the existing S3 blobstore in a VMware-managed |
| 63 | +AWS account for the time being. |
| 64 | + |
| 65 | +**Pros:** |
| 66 | +1. Reduces dependency on single vendor (VMware) for Cloud Foundry operation |
| 67 | +1. Moves control of the buildpack dependency repositories into a CFF working group |
| 68 | +1. Doesn't require significant redesign of existing systems |
| 69 | +1. Less expensive for the CFF than migrating both CloudFront distributions and S3 buckets |
| 70 | +1. Doesn't require migrating S3 buckets between AWS accounts |
| 71 | + |
| 72 | +**Cons:** |
| 73 | +1. Does not fully remove dependency on single vendor (VMware) for Cloud Foundry |
| 74 | + operation, since the S3 buckets will still be under VMware control |
| 75 | +1. Does not address underlying centralization issue with buildpacks |
| 76 | +1. May be too expensive for the CFF to maintain under current funding, depending |
| 77 | + on network traffic cost |
| 78 | +1. Using CloudFront and S3 across two AWS accounts may result in some unforeseen |
| 79 | + issues |
| 80 | +1. This migration will require some engineering and coordination effort between |
| 81 | + the CFF and teams within VMware to ensure a low/no downtime transfer. |
| 82 | + |
| 83 | +### Fallback Plans |
| 84 | + |
| 85 | +- In the event that we are not able to execute on this proposal prior to the |
| 86 | + certificates' expirations, the Application Runtime Interfaces |
| 87 | + working group will coordinate with the CFF to renew the certificate manually. |
| 88 | +- Once this proposal is implemented, the TOC will monitor the cost of maintaining |
| 89 | + the CloudFront distributions. In the event that the TOC deems the costs too |
| 90 | + high for the CFF to maintain, we will revert back to VMware-managed CloudFront |
| 91 | + distributions, ideally under the direct control of VMware members of the |
| 92 | + Application Runtime Interfaces working group. |
0 commit comments