You can now use IBM Cloud services in an Open Service Broker-compatible Cloud platform

Open Service Broker (OSB) API is an industry-wide initiative to define a standard way to deliver services to applications running within cloud-native platforms. IBM Cloud Platform Open Service Broker is an IBM Cloud-hosted implementation of the OSB APIs that facilitate listing, provisioning, and binding of services from the IBM Cloud catalog. You can register for an IBM Cloud Platform OSB and get back a proxy URL, which can then be used to register into any OSB-compatible cloud platform. After registration, all supported IBM Cloud Platform services will be available for listing, provisioning and binding within that platform’s environment.

Note: The IBM Cloud Platform OSB is currently in Beta, but the services in which it enables may not be. Please refer to the IBM Cloud catalog page for individual details of each service.

IBM Cloud Platform OSB architecture

The following diagram provides a high-level overview of the IBM Cloud Platform OSB architecture:

Supported environments

Any environment that runs on an OSB-compatible platform can utilize the IBM Cloud Platform OSB.

IBM-Hosted environments

These are environments where there’s an IBM control layer that facilitates the interaction with the environment. These are hosted on IBM Cloud and managed by their respective control layers.

• IBM Cloud public: An isolated environment for hosting customer’s Cloud Foundry apps available across multiple regions. The entire IBM Cloud service catalog is available out-of-the-box.

• Cloud Foundry Enterprise Environment: An isolated environment for hosting customers’ Cloud Foundry apps with full admin control over configuration, capacity, and access. While provisioning a Cloud Foundry Enterprise Environment instance, an instance of IBM Cloud Platform OSB is registered into the environment.

• IBM Cloud Kubernetes Service: An isolated environment that enables customers to deploy secure, highly available apps in a native Kubernetes experience. Out-of-box enablement is in progress. Refer to the “Getting started” section of this post for further details on enablement.

Bring-Your-Own-Environment (BYOE)

These are environments where your apps are running on an OSB-compatible platform and want to provision and bind to IBM Cloud platform services.

• IBM Cloud Private: An application platform for developing and managing on-premises, containerized apps. It supports both Cloud Foundry and Kubernetes platform flavors. Out-of-box enablement is in progress. Refer to the “Getting started” section of this post for further details on enablement.

• Others: These are other environments that the customer can stand up in their local, island’s environment (e.g., Minikube). Refer to the “Getting started” section of this post for further details on enablement.

Getting started

The following information details the basic steps for getting started with IBM Cloud Platform OSB.

Set up IAM access to IBM Cloud Platform OSB

Login to the IBM Cloud console and go to Manage > Access (IAM). In either the Users or Service IDs section, click on the identity that you want to give access. Here, we’re interested in giving an IAM identity access to register for an IBM Cloud Platform OSB, so click on the Access policies tab. Now, you should see an Assign access bottom option.  After selecting that option, select Assign access to resources, and from the list of services, choose IBM Cloud Platform OSB and assign at least an Editor role.

Click Assign. The identity now should be able to register for an IBM Cloud Platform OSB.

Register for an IBM Cloud Platform OSB

Registering for an IBM Cloud Platform OSB returns you a proxy URL and basic credentials which can be used to register a broker into the OSB-compatible platform of your choice.

At the moment, IBM Cloud console and CLI are being enhanced to do this, so for now, registration will be done by using the Resource Controller API layer.

Using your IAM identity bearer token, issue a similar cURL.

Host: https://resource-controller.cloud.ibm.com

Authorization: IAM bearer token

Route: POST /v2/resource_brokers

Body:

curl -X POST \
  https://resource-controller.cloud.ibm.com/v2/resource_brokers \
  -H 'authorization: Bearer <IAM_TOKEN>' \
  -H 'content-type: application/json' \
  -d '{
    "name": "My IBM Cloud Platform OSB",
    "resource_group" : "0be5ad401ae913d8ff665d92680664ed",
    "run_as_system": false
}'

response:
{
    "name": "My IBM Cloud Platform OSB",
    "resource_group_crn" : "Resource Group CRN of the broker owner",
    "account_id": "IBM Cloud account id"
    "crn": "broker CRN",
    "guid": "broker guid",
    "url": "relative url for broker",
    "auth_username": "apikey",
    "auth_password": "generated password",
                 "auth_scheme": "basic",
    "proxy_broker_url": "generated proxy broker url",
    "serviceid_crn": "crn of the serviceid generated"
}

Important: Save the auth_password since on subsequent GETs, it will NOT be printed back.

Next steps

• Register a broker by using the proxy URL and credentials into your Cloud Foundry or Kubernetes (with Service Catalog).

Additional references

• Open Service Broker API
• IBM Cloud
• Service Catalog 
• Cloud Foundry