Kf Cloud 서비스 브로커는 오픈소스 Cloud 서비스 브로커 및 Google Cloud Brokerpak이 포함된 서비스 브로커 번들입니다.
공개 Docker 이미지로 제공되며 Kf 클러스터에서 Kubernetes 서비스로 배포하도록 준비되어 있습니다. Kf Cloud 서비스 브로커 서비스를 클러스터에 배포하면 개발자가 Kf Cloud 서비스 브로커 서비스를 통해Google Cloud 지원 서비스를 프로비저닝하고 지원 서비스를 Kf 앱에 바인딩할 수 있습니다.
요구사항
MySQL용 Cloud SQL 인스턴스에 액세스하고 Google Cloud 지원 서비스를 프로비저닝하려면 Kf Cloud 서비스 브로커에 MySQL용 Cloud SQL 인스턴스와 서비스 계정이 있어야 합니다. Kf Cloud 서비스 브로커는 Cloud SQL 인증 프록시를 거쳐 MySQL용 Cloud SQL 인스턴스에 연결됩니다.
Brokerpak은 기본적으로 Docker 파일의 Terraform 계획 및 관련 종속 항목입니다. Terraform 계획을 검사하여 기본값이 무엇인지 확인한 후 새 서비스를 만들 때 기본값을 재정의하도록 Kf Cloud 서비스 브로커를 지정할 수 있습니다.
예를 들어 MySQL용 Cloud SQL의 Terraform 구성에는 authorized_network라는 변수가 포함됩니다. 재정의하지 않으면 default VPC가 사용됩니다. 기본값을 재정의하려면 서비스를 만들 때 이를 전달하면 됩니다. 예를 들면 다음과 같습니다.
Kf Cloud 서비스 브로커에서 사용되는 비즈니스 논리를 유지하려면 설치 시 Cloud SQL for MySQL 인스턴스를 제공해야 합니다. 요청은 MySQL용 Cloud SQL 인증 프록시를 통해 Kf Cloud 서비스 브로커 포드에서 MySQL용 Cloud SQL 인스턴스로 안전하게 전송됩니다.
서비스를 프로비저닝할 때 Kf 서비스 커스텀 리소스가 생성됩니다. Kf 서비스 조정자가 Open Service Broker API를 사용하여Google Cloud 지원 서비스를 프로비저닝합니다.
리소스 지원 프로비저닝/프로비저닝 해제 요청이 수신되면 Kf Cloud 서비스 브로커가 해당 Google Cloud 서비스에 리소스 생성/삭제 요청을 전송하며 이러한 요청은 워크로드 아이덴티티를 통해 인증됩니다. 또한 MySQL용 Cloud SQL 인스턴스에 대한 비즈니스 로직(예: Kf 서비스를 지원 서비스에 매핑, 서비스 결합)을 유지합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[],[],null,["# Kf Cloud Service Broker\n\n| **Note:** Kf Cloud Service Broker for Google Cloud is a supported component of Kf.\n\nKf Cloud Service Broker is a Service Broker bundle that includes the open source\n[Cloud Service Broker](https://github.com/cloudfoundry-incubator/cloud-service-broker)\nand [Google Cloud Brokerpak](https://github.com/cloudfoundry-incubator/csb-brokerpak-gcp).\nIt is made available as a public Docker image and ready to deploy as a\nKubernetes service in Kf clusters. Once the\nKf Cloud Service Broker service is deployed in a cluster, developers can provision\nGoogle Cloud backing services through the Kf Cloud Service Broker service, and\nbind the backing services to Kf Apps.\n| **Note:** Kf Cloud Service Broker is not currently customizable, and the default Google Cloud Brokerpak is included. If you would like to use an unsupported custom Brokerpak, you can follow the steps in the [open source Cloud Service Broker Google Cloud installation guide](https://github.com/cloudfoundry/csb-brokerpak-gcp/blob/main/docs/installation.md).\n\nRequirements\n------------\n\n- Kf Cloud Service Broker requires a [Cloud SQL for MySQL](/sql) instance and a service account for accessing the Cloud SQL for MySQL instance and Google Cloud backing services to be provisioned. Connection from the Kf Cloud Service Broker to the Cloud SQL for MySQL instance goes through the [Cloud SQL Auth Proxy](/sql/docs/mysql/sql-proxy).\n- Requests to access Google Cloud services (for example: [Cloud SQL for MySQL](/sql) or [Memorystore](/memorystore)) are authenticated via [Workload Identity](/kubernetes-engine/docs/how-to/workload-identity).\n\nOverride Brokerpak defaults\n---------------------------\n\nBrokerpaks are essentially a Terraform plan and related dependencies in a Docker file. You can inspect the Terraform plans to see what the defaults are, and then you can tell Kf Cloud Service Broker to override them when creating new services.\n\nFor example, the [Terraform configuration for Cloud SQL for MySQL](https://github.com/cloudfoundry/csb-brokerpak-gcp/blob/main/terraform/cloudsql/mysql/provision/data.tf) includes a variable called `authorized_network`. If not overridden, the `default` VPC will be used. If you'd like to override the default, you can pass that during service creation. Here are some examples:\n\n1. Override the compute `region`.\n\n kf create-service csb-google-postgres small spring-music-postgres-db -c '{\"region\":\"\u003cvar translate=\"no\"\u003eYOUR_COMPUTE_REGION\u003c/var\u003e\"}'\n\n2. Override the `authorized_network` and compute `region`.\n\n kf create-service csb-google-postgres small spring-music-postgres-db -c '{\"region\":\"\u003cvar translate=\"no\"\u003eYOUR_COMPUTE_REGION\u003c/var\u003e\",\"authorized_network\":\"\u003cvar translate=\"no\"\u003eYOUR_CUSTOM_VPC_NAME\u003c/var\u003e\"}'\n\nArchitecture\n------------\n\nThe following Kf Cloud Service Broker architecture shows how instances are created.\n[](/static/migrate/kf/docs/images/kf-csb-architecture.svg)\n\n- The Kf Cloud Service Broker (CSB) is installed in its own namespace.\n- On installation, a Cloud SQL for MySQL instance must be provided to persist business logic used by Kf Cloud Service Broker. Requests are sent securely from the Kf Cloud Service Broker pod to the Cloud SQL for MySQL instance via the Cloud SQL for MySQL Auth Proxy.\n- On service provisioning, a Kf Service custom resource is created. The reconciler of the Kf Service provisions Google Cloud backing services using the Open Service Broker API.\n- When a request to provision/deprovision backing resources is received, Kf Cloud Service Broker sends resource creation/deletion requests to the correspoinding Google Cloud service, and these requests are authenticated with Workload Identity. It also persists the business logics (e.g. mapping of Kf services to backing services, service bindings) to the Cloud SQL for MySQL instance.\n- On backing service creation success, the backing service is bound to an App via [VCAP_SERVICES](/migrate/kf/docs/2.6/how-to/app-runtime#vcapservices).\n\nWhat's next?\n------------\n\n- [Deploy Kf Cloud Service Broker](/migrate/kf/docs/2.6/how-to/deploying-cloud-sb)."]]