blog single gear
Ecosystem | Engineering

Cloud Foundry Becomes More Kubernetes Native with cf-for-k8s

We are excited to announce a new project: Cloud Foundry for Kubernetes AKA “cf-for-k8s,” a Kubernetes-native Cloud Foundry distribution. You can use cf-for-k8s to install Cloud Foundry in less than 10 minutes on a Kubernetes cluster. We are excited to release the first version, v0.1.0. We encourage Cloud Foundry operators and application developers to test cf-for-k8s in their sandbox environments!

Special thanks to the Cloud Foundry Release Integration team (the team behind cf-deployment) for their work to get this artifact ready for the community.

cf-for-k8s blends Cloud Foundry and Kubernetes in a completely new way. The project includes many remastered Cloud Foundry components that are now Kubernetes-native. The release bundles several popular Kubernetes projects like kpack, istio and fluentd.

The community rallied support for a version of Cloud Foundry that was “Kube-idiomatic.” That’s cf-for-k8s. To arrive at this point, community contributors have rapidly integrated the next-generation versions of their components to work with cf-for-k8s. (In particular, the teams for Cloud Foundry API, CF Networking, Eirini, Logging, Metrics, and UAA were especially helpful.) We also worked with the Paketo Buildpacks team to integrate Cloud Native Buildpacks support and logging. (Long-time users of Cloud Foundry Buildpacks will appreciate this feature). 

Those who are looking for a Kubernetes-native distribution of Cloud Foundry should take cf-for-k8s for a spin!

A closer look at cf-for-k8s v0.1.0

Here are a few highlights of the release to keep in mind as you evaluate it:

App staging with kpack

With the v0.1.0 release, users can now push an app with source code. In Cloud Foundry for BOSH, the Cloud Controller issues a staging request to Diego, which detects and builds a droplet with the right Cloud Foundry buildpacks. Once the droplet is built, Diego proceeds to schedule the app on one or more cells.  

In cf-for-k8s, CAPI issues the request to kpack, which in turn uses Paketo Buildpacks to detect the app language. From there, the system builds an OCI compatible app image. Once the app image is available, it is pushed to the app registry. Then, a request is sent to Eirini to schedule the app workloads on one (or more) Kubernetes pod deployments. Once the app workloads are available, users can curl the app.

Encrypted communication with Istio

The v0.1.0 release comes with Istio. In cf-for-k8s, Istio enforces encrypted communication among components, app workloads, and the ingress gateway. This is an important change. In the world of cf-deployment, each component was managing and enforcing encrypted communication. Now, all of this responsibility is delegated to Istio. Here’s how it works.

Istio uses sidecars, which are deployed to every pod, to encrypt communication among all Cloud Foundry components, app workloads, and shared resources like the CAPI database. In addition, Istio will rotate certificates automatically without requiring any intervention from the component teams or platform engineers. It’s good news for the community that Istio can handle all of this — engineers can now focus on innovating elsewhere!

Manage cf-for-k8s lifecycle with kapp

In cf-deployment, platform engineers and contributing teams relied on the BOSH CLI deploy command to install, upgrade, or remove Cloud Foundry on VMs. 

Kapp provides a similar experience where users can install, upgrade, or remove cf-for-k8s. Kapp waits until all resources are created, and continuously provides status updates on the resource availability. (By contrast, the kubectl apply command exits before resources are created in the cluster.) Similarly, kapp can delete all cf-for-k8s resources in one swoop.

One other note: kapp provides resource differences when upgrading to new versions of cf-for-k8s. Platform engineers can audit the differences (new resources, updates to existing resources) between their current foundation and the new version (e.g. new version of cf-for-k8s may bump cluster resource needs).

Templating with ytt 

ytt (pronounced as if spelling it out) is a templating tool that understands YAML structure. Product delivery teams can use it to create reusable YAML templates that operators can use for product configuration.

Reusable configuration and built-in full featured programming language both help ease the burden of configuring complex software. The built-in YAML structure helps reduce the mental overhead of YAML construction. You can reuse the same templates in different environments by injecting environment-specific values (via cf-install-values.yml) at deploy time — for example, configuring app registry, your domain certificates, and so on. 

Furthermore, with the custom validations (and fast and deterministic execution) you can take advantage of faster feedback loops when creating, testing, and deploying templates. Ytt’s “overlay” functionality helps users manage the customization of complex software by providing advanced configuration. Using an overlay, you can replace parts or all of cf-for-k8s templates.

How does cf-for-k8s complement KubeCF? 

Blending the developer experience of Cloud Foundry with the extensibility of Kubernetes is a top priority for this community. Two projects have emerged to this end, each with a distinct objective. We’ve just described the goal of cf-for-k8s. KubeCF offers an alternate path to bring Cloud Foundry to Kubernetes.

KubeCF is based on cf-deployment and uses the cf-operator to port bosh-releases to Kubernetes. KubeCF recently reached its 1.0 milestone and it is now an independent project in the Application Runtime PMC. Over time, the KubeCF team plans to substitute the next-generation versions of components into KubeCF as well.

As always, we look forward to refining these different approaches in the future and welcome your feedback.

What’s Next

What happens now? The project team will continue to iterate and improve cf-for-k8s. In fact, our end goal is to ship a 1.0 version of cf-for-k8s in the coming months. We want operators and application developers to run this distribution in production very soon. In fact, you can see our upcoming prioritized work in our CF Release Integration tracker project.

Want to learn more, and help shape the future of this project? Here’s how you can get involved!


The main documentation page for cf-for-k8s contains a variety of resources to help get you started. You can find instructions on deploying Cloud Foundry, guidelines for contributors, and other helpful resources. We eagerly accept PRs if you have corrections, suggestions, etc.


Please file a GitHub issue for bugs, feature requests, or suggestions. Or reach out to us on Cloud Foundry Slack in #cf-for-k8s.


We love contributions from the community. If you’re looking to contribute, please take a look at our contributing docs. If you have questions on how to contribute, please reach out to us in #release-integration or #cf-for-k8s channel in the Cloud Foundry Slack workspace.



Saikiran Yerram Profile Image

Saikiran Yerram, AUTHOR