Implementing Open Service Broker (OSB) database in IBM Cloud Private Cloud Foundry
IBM® Cloud Private Cloud Foundry provides a Helm chart called ibm-osb-database
. You can install ibm-osb-database
to be deployed as a cluster service broker into IBM Cloud Private. The cluster service broker is built
to the Open Service Broker API specification.
The service broker offers IBM Cloud Private database Helm charts as services. You can register the service broker in IBM® Cloud Private Cloud Foundry to provision and deprovision service instances, and bind service instances to applications.
Prerequisites
- Environment with IBM Cloud Private Version 3.1 or later.
- IBM Cloud Private Cloud Foundry must be installed because the
ibm-osb-database
Helm chart is exported during installation. - Install the IBM Cloud Private general CLI commands (cloudctl) and the kubectl CLI. Log in to your cluster. The kubectl CLI is automatically configured when you log in using cloudctl. For information about installing the CLI, see Installing the IBM Cloud Private CLI.
- Install and configure the Docker CLI for use with your cluster. For information about installing the CLI, see Configuring authentication for the Docker CLI.
Loading the chart archive
After you install IBM Cloud Private Cloud Foundry, you can find the chart archive in the <data_directory>/IBMCloudPrivate
directory on the system where you ran the IBM Cloud Private installer. <data_directory>
is the directory that you supplied to the launch.sh
script by using the -c
option.
The chart archive is named ibm-osb-database-1.0.0-archive.tgz
and it contains both the Helm chart, and a required image. If you installed and configured the CLIs (as described in the prerequisites section) on a different system, copy
the archive to that system. Ensure that you're logged in to your IBM Cloud Private cluster, and that your Docker CLI is logged in to the private image registry for your cluster. Next, run the following command:
cloudctl catalog load-archive --archive ibm-osb-database-1.0.0-archive.tgz
By default, the command loads the chart into the local-charts
Helm repository and the image into the private image registry where it's accessible only by charts that are installed in the current target namespace. For information
about CLI catalog commands, see IBM Cloud Private CLI catalog commands. For information about managing images, see Managing images.
Creating secrets
You must create a Kubernetes secret that contains the service broker's authentication user name and password in the namespace where the service broker Helm chart is installed. For example, create a YAML file that is named cf-osb-broker-secret.yaml
with the following content. Replace the service broker user name and service broker password with the base-64 encoded user name and password.
apiVersion: v1
kind: Secret
metadata:
name: cf-osb-broker-secret
type: Opaque
data:
username: service broker user name
password: service broker password
To base-64 encode a string, you can use the following command, for example.
$ echo -n 'stringToEncode' | openssl base64
Then, run the following command to create the Kubernetes secret.
$ kubectl create -f cf-osb-broker-secret.yaml
You must create another Kubernetes secret that contains IBM Cloud Private's login user name and password in the namespace where the service broker Helm chart is installed. This credential is used by the service broker to provision service instances.
For example, create a YAML file that is named cf-osb-icp-secret.yaml
with the following content. Replace the IBM Cloud Private user name and IBM Cloud Private password with the base-64 encoded user name and password. You must be able
to log in to IBM Cloud Private by using this user name and password to view and install Helm charts.
apiVersion: v1
kind: Secret
metadata:
name: cf-osb-icp-secret
type: Opaque
data:
username: IBM Cloud Private user name
password: IBM Cloud Private password
To base-64 encode a string, you can use the following command, for example.
$ echo -n 'stringToEncode' | openssl base64
Then, run the following command to create the Kubernetes secret.
$ kubectl create -f cf-osb-icp-secret.yaml
Installing the Chart
IBM Cloud Private Catalog
Locate and click the ibm-osb-database
chart in the catalog. The overview contains detailed information about all of the chart configuration parameters. Complete the following steps to configure your chart:
- Switch to the
Configuration
tab or clickConfigure
. - Enter a unique name for
Helm release name
. - Select the target namespace.
Accept
the license.- Provide required values for the application parameters.
- Click
Install
to complete your configuration.
Helm CLI
If you prefer to use the Helm CLI, see Installing the Helm CLI (helm) for instructions about installing the Helm CLI. Helm is automatically configured when you log in using cloudctl
.
Run the following command to install the chart.
helm install local-charts/ibm-osb-database-1.0.0.tgz --name <release_name> --namespace <namespace> --tls
Use one of the following options to set values for the fields:
- Use the
--set
option to set these values. For example:--set brokerconfig.userToken="YWRtaW4=",brokerconfig.password="YWRtaW4="
- Create a YAML file that contains the values and use the
--values
option to supply the YAML file.
Provide the required values for the following fields.
brokerconfig.servicebrokersecret="<Kubernetes secret object name that contains the service broker's user name and password. Defaults to 'cf-osb-broker-secret'>"
brokerconfig.icpsecret="<Kubernetes secret object name that contains IBM Cloud Private's user name and password. Defaults to 'cf-osb-icp-secret'.>"
brokerconfig.externalClusterIp=""
brokerconfig.namespace=""
Exposing the service broker for external access
Complete the following steps to expose the service broker for external access:
-
List the internal service name of the service broker.
$ kubectl get services
-
Create a
NodePort
to expose the broker outside of the cluster.kubectl expose deployment <helm_release_name>-ibm-osb-database --name <helm_release_name>-ibm-osb-database-external --type=NodePort --port=443 --target-port=8443
-
Verify the exposed port and obtain the port number.
$ kubectl get services
The output resembles the following code:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dbservicebroker1-ibm-osb-database ClusterIP 10.0.0.248 <none> 443/TCP 3m dbservicebroker1-ibm-osb-database-external NodePort 10.0.0.196 <none> 443:32055/TCP 5s kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 47d
In this case, the external node port number is 32055. You need the port number to register the service broker in IBM Cloud Private Cloud Foundry.