Skip to main content

Integration

meshStack supports integration with Cloud Foundry. Cloud Foundry is a PaaS platform which provides convenient application hosting capabilities to software and DevOps engineers.

meshStack supports project creation, configuration, access control, quota management and billing for Cloud Foundry.

Integration Overview

To enable integration with Cloud Foundry, platform engineers configure one or multiple Platforms of PlatformType Cloud Foundry in meshPanel.

Prerequisites

Your Cloud Foundry must support the v3 Cloud Foundry API. We have officially validated meshStack with support for Cloud Foundry v3.108.0.

UAA Federated Users

meshStack will identify and assign users to roles in Cloud Foundry based on their euid (external user id) as described in Identity Federation.

You should set up your Cloud Foundry and UAA so that they store the euid value in the User.userName field of the UAA User object and User.username field of the Cloud Foundry user object.

Integration Configuration

The recommended way to set up Cloud Foundry as a meshPlatform is via the public terraform Cloud Foundry meshPlatform Module.

meshStack Admin User Accounts

meshStack requires two technical admin user accounts for integration with Cloud Foundry. We recommend your assign these users the following Cloud Foundry roles and UAA scopes.

  • the replicator admin account must have permission to create orgs, spaces, groups and assign roles. This user requires the Admin role and additionally needs the cloud_controller.admin, uaa.admin and scim.read scopes in UAA.
  • the metering admin account is used to collect metering data. This requires the Global Auditor.

The tenant replication ensures spaces and orgs are created within the CF platform and appropriate permission rights are set when users access the CF platform. If a user's project permissions are modified, meshStack updates the permissions for this user accordingly within the CF platform.

Spaces & Organizations

By default, meshStack will replicate tenants as Cloud Foundry Spaces and create a Cloud Foundry Organization for every workspace.

Permission Replication

During replication, meshStack will make sure that users have access to the Cloud Foundry spaces they are assigned to in meshStack. It is currently not possible to configure a custom role mapping for Cloud Foundry landing zones. All meshStack project roles will be mapped to the Space Developer role in Cloud Foundry.

Users will additionally receive the Org User role on the Organization created for their workspace.