Implementing Open Service Broker (OSB) database in IBM Cloud Private Cloud Foundry

IBM® Cloud Private Cloud Foundry provides a Helm chart called ibm-osb-database. You can install ibm-osb-database to be deployed as a cluster service broker into IBM Cloud Private. The cluster service broker is built to the Open Service Broker API specification.

The service broker offers IBM Cloud Private database Helm charts as services. You can register the service broker in IBM® Cloud Private Cloud Foundry to provision and deprovision service instances, and bind service instances to applications.

Prerequisites

Loading the chart archive

After you install IBM Cloud Private Cloud Foundry, you can find the chart archive in the <data_directory>/IBMCloudPrivate directory on the system where you ran the IBM Cloud Private installer. <data_directory> is the directory that you supplied to the launch.sh script by using the -c option.

The chart archive is named ibm-osb-database-1.0.0-archive.tgz and it contains both the Helm chart, and a required image. If you installed and configured the CLIs (as described in the prerequisites section) on a different system, copy the archive to that system. Ensure that you're logged in to your IBM Cloud Private cluster, and that your Docker CLI is logged in to the private image registry for your cluster. Next, run the following command:

cloudctl catalog load-archive --archive ibm-osb-database-1.0.0-archive.tgz

By default, the command loads the chart into the local-charts Helm repository and the image into the private image registry where it's accessible only by charts that are installed in the current target namespace. For information about CLI catalog commands, see IBM Cloud Private CLI catalog commands. For information about managing images, see Managing images.

Creating secrets

You must create a Kubernetes secret that contains the service broker's authentication user name and password in the namespace where the service broker Helm chart is installed. For example, create a YAML file that is named cf-osb-broker-secret.yaml with the following content. Replace the service broker user name and service broker password with the base-64 encoded user name and password.

apiVersion: v1
kind: Secret
metadata:
  name: cf-osb-broker-secret
type: Opaque
data:
  username: service broker user name
  password: service broker password

To base-64 encode a string, you can use the following command, for example.

$ echo -n 'stringToEncode' | openssl base64

Then, run the following command to create the Kubernetes secret.

$ kubectl create -f cf-osb-broker-secret.yaml

You must create another Kubernetes secret that contains IBM Cloud Private's login user name and password in the namespace where the service broker Helm chart is installed. This credential is used by the service broker to provision service instances. For example, create a YAML file that is named cf-osb-icp-secret.yaml with the following content. Replace the IBM Cloud Private user name and IBM Cloud Private password with the base-64 encoded user name and password. You must be able to log in to IBM Cloud Private by using this user name and password to view and install Helm charts.

apiVersion: v1
kind: Secret
metadata:
  name: cf-osb-icp-secret
type: Opaque
data:
  username: IBM Cloud Private user name
  password: IBM Cloud Private password

To base-64 encode a string, you can use the following command, for example.

$ echo -n 'stringToEncode' | openssl base64

Then, run the following command to create the Kubernetes secret.

$ kubectl create -f cf-osb-icp-secret.yaml

Installing the Chart

IBM Cloud Private Catalog

Locate and click the ibm-osb-database chart in the catalog. The overview contains detailed information about all of the chart configuration parameters. Complete the following steps to configure your chart:

  1. Switch to the Configuration tab or click Configure.
  2. Enter a unique name for Helm release name.
  3. Select the target namespace.
  4. Accept the license.
  5. Provide required values for the application parameters.
  6. Click Install to complete your configuration.

Helm CLI

If you prefer to use the Helm CLI, see Installing the Helm CLI (helm) for instructions about installing the Helm CLI. Helm is automatically configured when you log in using cloudctl.

Run the following command to install the chart.

helm install local-charts/ibm-osb-database-1.0.0.tgz --name <release_name> --namespace <namespace> --tls

Use one of the following options to set values for the fields:

Provide the required values for the following fields.

brokerconfig.servicebrokersecret="<Kubernetes secret object name that contains the service broker's user name and password. Defaults to 'cf-osb-broker-secret'>"
brokerconfig.icpsecret="<Kubernetes secret object name that contains IBM Cloud Private's user name and password. Defaults to 'cf-osb-icp-secret'.>"
brokerconfig.externalClusterIp=""
brokerconfig.namespace=""

Exposing the service broker for external access

Complete the following steps to expose the service broker for external access:

  1. List the internal service name of the service broker.

    $ kubectl get services

  2. Create a NodePort to expose the broker outside of the cluster.

    kubectl expose deployment <helm_release_name>-ibm-osb-database --name <helm_release_name>-ibm-osb-database-external --type=NodePort --port=443 --target-port=8443

  3. Verify the exposed port and obtain the port number.

    $ kubectl get services

    The output resembles the following code:

    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dbservicebroker1-ibm-osb-database ClusterIP 10.0.0.248 <none> 443/TCP 3m
dbservicebroker1-ibm-osb-database-external NodePort 10.0.0.196 <none> 443:32055/TCP
5s
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 47d

    In this case, the external node port number is 32055. You need the port number to register the service broker in IBM Cloud Private Cloud Foundry.