O Cloud Service Broker do Kf precisa de uma instância do Cloud SQL para MySQL e uma conta de serviço para acessar a instância do Cloud SQL para MySQL e os serviços de backup do Google Cloud a serem provisionados. A conexão do Cloud Service Broker do Kf com a instância do Cloud SQL para MySQL passa pelo proxy de autenticação do Cloud SQL.
O Brokerpak é basicamente um plano do Terraform e as dependências relacionadas em um arquivo
tar. Você pode analisar os planos do Terraform para ver quais são os padrões e
informar ao Cloud Service Broker do Kf para substituí-los ao criar serviços.
Por exemplo, a configuração do Terraform para o Cloud SQL para MySQL inclui uma variável chamada authorized_network. Se não for substituída, a VPC default será usada. Você pode substituir o padrão durante a criação do serviço. Veja alguns exemplos:
A arquitetura abaixo do Cloud Service Broker do Kf mostra como as instâncias são criadas.
O Cloud Service Broker (CSB) do Kf é instalado em seu próprio namespace.
Durante a instalação, uma instância do Cloud SQL para MySQL precisa ser fornecida para manter a
lógica de negócios usada pelo Cloud Service Broker do Kf. As solicitações são enviadas com segurança
do pod do Cloud Service Broker do Kf para a instância do Cloud SQL para MySQL pelo
proxy de autenticação do Cloud SQL para MySQL.
No provisionamento do serviço, um recurso personalizado do serviço do Kf
é criado. O reconciliador do serviço do Kf
provisiona serviços de apoio do Google Cloud usando a API do Open Service Broker.
Quando uma solicitação para provisionar/desprovisionar recursos de backup é recebida,
o Cloud Service Broker do Kf envia solicitações de criação/exclusão de recursos para o
serviço do Google Cloud correspondente, e essas solicitações são autenticadas
com a Identidade da Carga de Trabalho. Ele também mantém a lógica de negócios, como o mapeamento de
serviços do Kf para serviços de apoio e vinculações de serviços, para
a instância do Cloud SQL para MySQL.
Quando o serviço de apoio é criado corretamente, ele é vinculado a um aplicativo
pelo VCAP_SERVICES.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-09-04 UTC."],[],[],null,["# Kf Cloud Service Broker\n\n| **Note:** Kf Cloud Service Broker for Google Cloud is a supported component of Kf.\n\nKf Cloud Service Broker is a Service Broker bundle that includes the open source\n[Cloud Service Broker](https://github.com/cloudfoundry-incubator/cloud-service-broker)\nand [Google Cloud Brokerpak](https://github.com/cloudfoundry-incubator/csb-brokerpak-gcp).\nIt is made available as a public Docker image and ready to deploy as a\nKubernetes service in Kf clusters. Once the\nKf Cloud Service Broker service is deployed in a cluster, developers can provision\nGoogle Cloud backing services through the Kf Cloud Service Broker service, and\nbind the backing services to Kf Apps.\n| **Note:** Kf Cloud Service Broker is not currently customizable, and the default Google Cloud Brokerpak is included. If you would like to use an unsupported custom Brokerpak, you can follow the steps in the [open source Cloud Service Broker Google Cloud installation guide](https://github.com/cloudfoundry/csb-brokerpak-gcp/blob/main/docs/installation.md).\n\nRequirements\n------------\n\n- Kf Cloud Service Broker requires a [Cloud SQL for MySQL](/sql) instance and a service account for accessing the Cloud SQL for MySQL instance and Google Cloud backing services to be provisioned. Connection from the Kf Cloud Service Broker to the Cloud SQL for MySQL instance goes through the [Cloud SQL Auth Proxy](/sql/docs/mysql/sql-proxy).\n- Requests to access Google Cloud services (for example: [Cloud SQL for MySQL](/sql) or [Memorystore](/memorystore)) are authenticated via [Workload Identity](/kubernetes-engine/docs/how-to/workload-identity).\n\nOverride Brokerpak defaults\n---------------------------\n\nBrokerpaks are essentially a Terraform plan and related dependencies in a tar\nfile. You can inspect the Terraform plans to see what the defaults are, and then\nyou can tell Kf Cloud Service Broker to override them when creating new services.\n\nFor example, the [Terraform configuration for Cloud SQL for MySQL](https://github.com/cloudfoundry/csb-brokerpak-gcp/blob/main/terraform/cloudsql/mysql/provision/data.tf) includes a variable called `authorized_network`. If not overridden, the `default` VPC will be used. If you'd like to override the default, you can pass that during service creation. Here are some examples:\n\n1. Override the compute region `config`.\n\n kf create-service csb-google-postgres small spring-music-postgres-db -c '{\"config\":\"\u003cvar translate=\"no\"\u003eYOUR_COMPUTE_REGION\u003c/var\u003e\"}'\n\n2. Override the `authorized_network` and compute region `config`.\n\n kf create-service csb-google-postgres small spring-music-postgres-db -c '{\"config\":\"\u003cvar translate=\"no\"\u003eYOUR_COMPUTE_REGION\u003c/var\u003e\",\"authorized_network\":\"\u003cvar translate=\"no\"\u003eYOUR_CUSTOM_VPC_NAME\u003c/var\u003e\"}'\n\nArchitecture\n------------\n\nThe following Kf Cloud Service Broker architecture shows how instances are created.\n[](/static/migrate/kf/docs/images/kf-csb-architecture.svg)\n\n- The Kf Cloud Service Broker (CSB) is installed in its own namespace.\n- On installation, a Cloud SQL for MySQL instance must be provided to persist business logic used by Kf Cloud Service Broker. Requests are sent securely from the Kf Cloud Service Broker pod to the Cloud SQL for MySQL instance via the Cloud SQL for MySQL Auth Proxy.\n- On service provisioning, a Kf Service custom resource is created. The reconciler of the Kf Service provisions Google Cloud backing services using the Open Service Broker API.\n- When a request to provision/deprovision backing resources is received, Kf Cloud Service Broker sends resource creation/deletion requests to the corresponding Google Cloud service, and these requests are authenticated with Workload Identity. It also persists the business logics (e.g. mapping of Kf services to backing services, service bindings) to the Cloud SQL for MySQL instance.\n- On backing service creation success, the backing service is bound to an App via [VCAP_SERVICES](/migrate/kf/docs/2.11/how-to/app-runtime#vcapservices).\n\nWhat's next?\n------------\n\n- [Deploy Kf Cloud Service Broker](/migrate/kf/docs/2.11/how-to/deploying-cloud-sb).\n- [Learn how to list and provision services](/migrate/kf/docs/2.11/how-to/managed-services)."]]
