Kf Dependencies and Architecture

Kf requires Kubernetes and several other OSS projects to run. Some of the dependencies are satisfied with Google managed services. For example, Google Kubernetes Engine (GKE) provides Kubernetes.

Dependencies

Kf Components

Kf installs several of its own Kubernetes custom resources and controllers. The custom resources effectively serve as the Kf API and are used by the kf CLI to interact with the system. The controllers use Kf's CRDs to orchestrate the other components in the system.

Kf CRDs

You can view the CRDs installed and used by Kf with the following command:

kubectl api-resources --api-group=kf.dev

The output of that command is:

NAME                      SHORTNAMES   APIGROUP   NAMESPACED   KIND
apps                                   kf.dev     true         App
builds                                 kf.dev     true         Build
clusterservicebrokers                  kf.dev     false        ClusterServiceBroker
routes                                 kf.dev     true         Route
servicebrokers                         kf.dev     true         ServiceBroker
serviceinstancebindings                kf.dev     true         ServiceInstanceBinding
serviceinstances                       kf.dev     true         ServiceInstance
spaces                                 kf.dev     false        Space

Apps

Apps represent a twelve-factor application deployed to Kubernetes. They encompass source code, configuration, and the current state of the application. Apps are responsible for reconciling:

  • Kf Builds
  • Kf Routes
  • Kubernetes Deployments
  • Kubernetes Services
  • Kubernetes ServiceAccounts
  • Kubernetes Secrets

You can list Apps using Kf or kubectl:

kf apps
kubectl get apps -n space-name

Builds

Builds combine the source code and build configuration for Apps. They provision Tekton TaskRuns with the correct steps to actuate a Buildpack V2, Buildpack V3, or Dockerfile build.

You can list Builds using Kf or kubectl:

kf builds
kubectl get builds -n space-name

ClusterServiceBrokers

ClusterServiceBrokers hold the connection information necessary to extend Kf with a service broker. They are responsible for fetching the catalog of services the broker provides and displaying them in the output of kf marketplace.

You can list ClusterServiceBrokers using kubectl:

kubectl get clusterservicebrokers

Routes

Routes are a high level structure that contain HTTP routing rules. They are responsible for reconciling Istio VirtualServices.

You can list Routes using Kf or kubectl:

kf routes
kubectl get routes -n space-name

ServiceBrokers

ServiceBrokers hold the connection information necessary to extend Kf with a service broker. They are responsible for fetching the catalog of services the broker provides and displaying them in the output of kf marketplace.

You can list ServiceBrokers using kubectl:

kubectl get servicebrokers -n space-name

ServiceInstanceBinding

ServiceInstanceBindings hold the parameters to create a binding on a service broker and the credentials the broker returns for the binding. They are responsible for calling the bind API on the broker to bind the service.

You can list ServiceInstanceBindings using Kf or kubectl:

kf bindings
kubectl get serviceinstancebindings -n space-name

ServiceInstance

ServiceInstances hold the parameters to create a service on a service broker. They are responsible for calling the provision API on the broker to create the service.

You can list ServiceInstances using Kf or kubectl:

kf services
kubectl get serviceinstances -n space-name

Spaces

Spaces hold configuration information similar to Cloud Foundry organizations and spaces. They are responsible for:

  • Creating the Kubernetes Namespace that other Kf resources are provisioned into.
  • Creating Kubernetes NetworkPolicies to enforce network connection policies.
  • Holding configuration and policy for Builds, Apps, and Routes.

You can list Spaces using Kf or kubectl:

kf spaces
kubectl get spaces

Service Accounts

Kf requires the Kubernetes cluster it is running in to have a service account. The service account is used by Tekton to authenticate to the container registry for pulling and pushing images. If you install Kf with the CloudBuild templates it will create an Identity and Access Management Service Account with the roles/storage.admin permission.

Third Party Libraries

Third party library source code and licenses can be found in the /third_party directory of any Kf container image.

You can also run kf third-party-licenses to view the third-party licenses for the version of the Kf CLI you've downloaded.