DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • What Are Microservices Architecture and How Do They Work?
  • Create a Multi-Tenancy Application in Nest.js, Part 4: Authentication and Authorization Setup
  • Unified Observability: Metrics, Logs, and Tracing of App and Database Tiers in a Single Grafana Console
  • Application Modernization and 6 R's

Trending

  • Build a Serverless App Fast With Zipper: Write TypeScript, Offload Everything Else
  • Best Practices for Writing Clean Java Code
  • GenAI-Infused ChatGPT: A Guide To Effective Prompt Engineering
  • The Convergence of Testing and Observability
  1. DZone
  2. Data Engineering
  3. Data
  4. Service Instance Sharing in PCF

Service Instance Sharing in PCF

In this article, we are going to talk about how a service instance can be shared with multiple orgs/spaces in PCF 2.3 and 2.4.

Rajesh Bhojwani user avatar by
Rajesh Bhojwani
·
Updated Mar. 26, 19 · Tutorial
Like (2)
Save
Tweet
Share
6.57K Views

Join the DZone community and get the full member experience.

Join For Free

1. Overview

In today's world, everyone is creating microservices and calling the DB or other services to process the data and complete their business processing.

The twelve-factor app pattern recommends consuming all these services as backing services for any cloud application. PCF also supports backing services through the market place. To consume a market place service, we need to create a service instance which does the provisioning. By default, this instance can be used only in a particular org/space where the instance has been created.

Let's take an example to understand it in detail. Let's suppose we have a REST based service and it puts the message in RabbitMQ. So we will be creating a service instance using the below command:

cf create-service <SERVICE> <PLAN> <SERVICE_INSTANCE>

Let's assume that we are currently in the TeamA org and the Products space. This instance will thus be visible only in the Products space. Now, let's suppose you have development work going on in the Consumers space and an application needs to consume the same RabbitMQ service. Before PCF 2.3, this would not have been possible, as the service instance was not sharable across orgs/spaces. The only solution was to put both the applications into one space. Let's see how we can share the service instances across orgs/spaces.

2. Enable Service Instance Sharing

Before we look into how to enable service instance sharing, let's go over a few basic rules:

  • Service instances can be shared into multiple spaces and across orgs.
  • Developers and administrators can share service instances between spaces in which they have the Space Developer role.
  • Developers who have a service instance shared with them can only bind and unbind apps to that service instance. They cannot update, rename, or delete it.
  • Developers who have a service instance shared with them can view the values of any configuration parameters that were used to provision or update the service instance.

1. To view if the Service Instance sharing flag is enabled, we need to run below command:

> cf feature-flags
features                                      state
user_org_creation                             disabled
private_domain_creation                       enabled
app_bits_upload                               enabled
app_scaling                                   enabled
route_creation                                enabled
service_instance_creation                     enabled
diego_docker                                  disabled
set_roles_by_username                         enabled
unset_roles_by_username                       enabled
task_creation                                 enabled
env_var_visibility                            enabled
space_scoped_private_broker_creation          enabled
space_developer_env_var_visibility            enabled
service_instance_sharing                      enabled
hide_marketplace_from_unauthenticated_users   disabled

It is showing as enabled for me. However, if you see it as disabled for some reason, you can run the below command to enable it.

> cf enable-feature-flag service_instance_sharing

Please note that only Administrator role has the ability to enable feature flags. So contact your administrator if you are not an admin.

2. Next, we need to ensure that the service in which you want to enable sharing has a broker and that the broker has enabled sharing. Service brokers must explicitly enable service instance sharing by setting a flag in their service-level metadata object. This allows service instances, of any service plan, to be shared across orgs and spaces. The "shareable" flag must be set to true in the service-level metadata to enable service instance sharing. If the flag is set to false or is absent, sharing is disabled:

{
   "services":[{
      "id":"521db166-a310-4b12-asdf-d12ga3cf2fdc",
      "name": "p-config-server",
      "metadata": {
         "shareable": true
      }
   }]
}

3. Service Instance Sharing Through CF CLI

With PCF 2.3, we got this service instance sharing option to do through the CF CLI. We need to have a Space Developer role in both spaces to share an instance from one space to another. We need to run the below command to do this:

 > cf share-service SERVICE-INSTANCE -s OTHER-SPACE [-o OTHER-ORG]

To unshare the service instance, we need to run below command: 

 > cf unshare-service SERVICE-INSTANCE -s OTHER-SPACE [-o OTHER-ORG] [-f]

The -f flag is used to enforce the unshare without confirmation.

4. Service Instance Sharing Through the Apps Manager

With PCF 2.4, we can use service instance sharing through the Apps Manager as well. So now its just a matter of clicking a button to share the service instance with other orgs/spaces.

We need to go to the service instance that we want to share.

Click on the SHARE SERVICE INSTANCE button to share the instance with other orgs/spaces. It will show all the orgs/spaces where we have access.

Please note that there is only a share instance option available in Apps Manager. The unshare feature is still not available in the Apps Manager.

5. A Few Tips

1. You may want to have the service broker return credentials with different permissions, depending on the space to which an app is bound. For example, a messaging service may permit writes from the originating space and only reads from any of the spaces with which the service is shared.

To determine whether the space of the app is the same as the originating space of the service instance, the service broker can compare the context.space_guid and bind_resource.space_guid fields in the binding request. The context.space_guid field represents the space where the service instance was created, and bind_resource.space_guid represents the space of the app involved in the binding.

2. Ensure that we don't have any service instances with the same name in the space where we are sharing them.

3. Unsharing the service will delete all the bindings of the apps in the space in which it was shared. So, we should ensure all the applications are taken care of, as they may fail.

6. Summary

To summarize, sharing instances is a very useful feature to certain business use cases and with PCF 2.4 it has become very easy to do. My only suggestion for the security side is to pay attention and ensure your service broker is implemented correctly when giving the only required permission to the space with which the instance is shared. 

microservice Space (architecture) app

Opinions expressed by DZone contributors are their own.

Related

  • What Are Microservices Architecture and How Do They Work?
  • Create a Multi-Tenancy Application in Nest.js, Part 4: Authentication and Authorization Setup
  • Unified Observability: Metrics, Logs, and Tracing of App and Database Tiers in a Single Grafana Console
  • Application Modernization and 6 R's
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: