Cloud Foundry Documentation
- General Information
- Contribute to Cloud Foundry documentation
- Cloud Foundry concepts
- Cloud Foundry Command Line Interface (cf CLI)
-
- Information for Operators
- Deploying Cloud Foundry
- Administering Cloud Foundry
- Managing the runtime
- User accounts and communications
- Routing
- Enabling IPv6 for hosted apps
- Distributed tracing
- Enabling Zipkin tracing
- Enabling W3C tracing
- Supporting WebSockets
- Configuring load balancer health checks for CF routers
- Troubleshooting slow requests
- Troubleshooting router error responses
- Securing incoming traffic
- Configuring trusted system certificates for apps
- Bulletin Board System data store encryption
- Enabling and configuring TCP routing
- Configuring HTTP/2 support
- Isolation segments
- Delayed jobs in Cloud Foundry
- Managing apps and their stacks
- Running and Troubleshooting Cloud Foundry
- Cloud Foundry logging
- Configuring system logging
- Configuring Diego for upgrades
- Audit Events
- UAA audit requirements
- Usage events and billing
- Configuring SSH access for Cloud Foundry
- Configuring Diego Cell disk cleanup scheduling
- Configuring Health Monitor Notifications
- Adding a custom stack
- Monitoring and testing Diego components
- Troubleshooting Cloud Foundry
- UAA performance
- UAA performance metrics
- Scaling Cloud Controller
- Cloud Controller Multi-Process Mode (Puma)
- Scaling Cloud Controller (cf-for-k8s)
- Logging and metrics in Cloud Foundry
- Logging and metrics architecture
- Installing the Loggregator plug-in for cf CLI
- Security event logging
- App logging in Cloud Foundry
- Limiting your app log rate in Cloud Foundry
- Cloud Foundry component metrics
- Container metrics
- Loggregator guide for Cloud Foundry operators
- Logging and metrics in Cloud Foundry
- Configuring the OpenTelemetry Collector
- Deploying a nozzle to your Cloud Foundry Loggregator Firehose
- BOSH Documentation
- BOSH Backup and Restore (BBR)
- Information for developers
- Developing and managing apps
- How to push your app with Cloud Foundry CLI (cf push)
- Pushing your app using Cloud Foundry CLI (cf push)
- Deploying with app manifests
- App manifest attribute reference
- Deploying an app with Docker
- Deploying your large apps
- Starting, restarting, and restaging apps
- Pushing an app with multiple processes
- Running cf push sub-step commands
- Configuring app deployments
- Pushing apps with sidecar processes
- Using blue-green deployment to reduce downtime
- Troubleshooting app deployment and health
- SSH for apps and services
- Routes and domains
- Managing services
- Streaming app logs
- Managing apps with the cf CLI
- Cloud Foundry environment variables
- Available Cloud Controller API client libraries
- Designing and running your app in the cloud
- Cloud Foundry API app revisions
- How to push your app with Cloud Foundry CLI (cf push)
- Cloud Foundry Buildpacks
- Cloud Native Buildpacks
- Classic Buildpacks
- What are classic buildpacks?
- Binary buildpack
- Go buildpack
- Hosted Web Core buildpack
- Java buildpack
- .NET Core buildpack
- NGINX buildpack
- Node.js buildpack
- Using PHP buildpack with runtimes
- Python buildpack
- R buildpack
- Ruby buildpack
- Staticfile buildpacks
- Creating custom buildpacks
- Information for Managed Service Authors
- Services in Cloud Foundry
- Service Broker API
- Managing service brokers in Cloud Foundry
- Managing access to service plans
- Binding credentials in Cloud Foundry
- CredHub
- Dashboard Single Sign-on
- Service instance sharing in Cloud Foundry
- Service broker examples
- App log streaming in Cloud Foundry
- Offering Route Services in Cloud Foundry
- Supporting multiple CF instances
- User Account and Authentication
- API Reference
- UAA API
- CAPI API
Service Instance sharing
Page last updated:
You can allow instances of your services to be shared across spaces and orgs within Cloud Foundry. This allows apps running in different spaces and orgs to use the same service instance.
If you have Space Developer permissions in the space where the service instance was created, you are responsible for sharing, unsharing, updating, and deleting the service instance.
For more information about the developer and administrator tasks related to service instance sharing, see Sharing Service Instances.
Enabling service instance sharing
Service brokers must explicitly activate service instance sharing by setting a flag in their service-level
metadata object.
This allows service instances of any service plan to be shared across orgs and spaces.
The "shareable" flag must be set to true in the service-level metadata to activate service
instance sharing. If the flag is set to false or is absent, sharing is deactivated.
An example catalog:
{
"services":[{
"id":"766fa866-a950-4b12-adff-c11fa4cf8fdc",
"name": "example-service",
"metadata": {
"shareable": true
}
}]
}
Binding permissions based on instance sharing
When a service instance is created in one space and shared into another, you can bind your apps to the service instance from both spaces.
You might want to have the service broker return credentials with different permissions depending on which space an app is bound from. For example, a messaging service can permit writes from the originating space and only reads from any spaces that the service is shared into.
To determine whether the space of the app is the same as the originating space of the service instance,
the service broker can compare the context.space_guid and bind_resource.space_guid fields in the binding request.
The context.space_guid field represents the space where the service instance was created,
and bind_resource.space_guid represents the space of the app involved in the binding.
Security considerations
You must consider the following before enabling service instance sharing:
Service keys can only be generated if you have access to the space where the service instance was created. This verifies that only developers with access to this space have visibility into where and how many times the service instance is used. It is not possible to distinguish between service keys created when targeting the originating space and those created when targeting the space where the instance has been shared to. Also, unsharing an instance from a space does not delete any service keys.
Consider the impact of giving out excessive permissions for service bindings, especially bindings that originate from spaces that the service instance has been shared into. For example, a messaging service can permit writes from the originating space and only reads from any shared spaces. For more information, see Binding Permissions Based on Instance Sharing.
You can generate unique credentials for each binding. This ensures that developers can unshare a service instance at any time. Unsharing an instance deletes any service bindings and revokes access for those credentials. Unsharing an instance prevents unauthorized future access from developers and apps that saved the credentials that they were previously provided using the service binding.
Consider the impact of a service instance dashboard being accessed by users of shared service instances. If authenticating through SSO, see Dashboard Single Sign-On.