OpenShift Commons Briefing

Kubernetes Service Catalog Deep Dive

Paul MoriePrincipal Software Engineer

July 26, 2017

Andrew Block Principal Consultant

INSERT DESIGNATOR, IF NEEDED2

Agenda

● Common Patterns for Service Consumption

● Introduction to the Open Service API

● Kubernetes Service Catalog Concepts

● Working with the Service Catalog

● Service Catalog in Action

● Service Catalog in OpenShift 3.6

INSERT DESIGNATOR, IF NEEDED3

Users and Applications need access to services and resources

INSERT DESIGNATOR, IF NEEDED4

END USER REQUESTS RESOURCES

Help desk ticket or process initiated

Resources provisioned based on the request

RESOURCES ALLOCATED

Information on how to make use of the service

(connection string, credentials)

DETAILS PROVIDED TO END USER

Typical Workflow

INSERT DESIGNATOR, IF NEEDED5

A Centralized Location for Services● The service catalog provides a central place for consuming services

INSERT DESIGNATOR, IF NEEDED6

Open Service Broker API

Defines an HTTP interface between a platform and entities that provide a set of services (service brokers)

The service broker is the component of the service that implements the Open Service Broker API

INSERT DESIGNATOR, IF NEEDED7

Open Service Broker API

The Open Service Broker API defines the interaction between the catalog and a broker

Service Catalog

Brokers

User

INSERT DESIGNATOR, IF NEEDED8

History of the Open Service Broker API

2011 2013 2015 2016

- V1 open sourced by VMWare

- 5 fixed services MySQL, PostgreSQL, RabbitMQ, MongoDB, Redis

- V2 released

- Clean abstraction between platform and service implementation

- Asynchronous provisioning implemented

- Open Service Broker API specification released

INSERT DESIGNATOR, IF NEEDED9

● Successor to the Cloud Foundry Service Broker API

● Existing ecosystem provided along with the API

● History○ September 2016 - Working group formed○ December 2016 - Publically announced

Browse the specification● https://github.com/openservicebrokerapi/servicebroker

INSERT DESIGNATOR, IF NEEDED10

Contributing Members

Browse the specification● https://github.com/openservicebrokerapi/servicebroker

INSERT DESIGNATOR, IF NEEDED11

Kubernetes Service Catalog

● Integration between Kubernetes and brokers implementingthe OSB API

● Timeline○ September 2016 - Special Interest Group (SIG) formed○ October 2016 - Incubator Repository Created

■ https://github.com/kubernetes-incubator/service-catalog ○ March 2017 - Alpha released

● Primary Contributors○ Red Hat, Google, Microsoft (Formerly Deis), IBM

Kubernetes Service Catalog Concepts

INSERT DESIGNATOR, IF NEEDED13

Disclaimer:

Features still in active development and subject to change

INSERT DESIGNATOR, IF NEEDED14

Kubernetes Open Service Broker API Terminology

● Service broker - Manages a set of capabilities (Services)

● Service - A capability managed by the service broker○ Example: Database as a Service

● Plan - A specific offering of a service○ Example: Free tier, Medium Tier ($5.99/mo)

INSERT DESIGNATOR, IF NEEDED15

Kubernetes Open Service Broker API Terminology

● Service Instance - An instantiation of a particular service’s capability○ Example: My database

● Binding - Relationship between a service instance and an application○ Example: Credentials created in a database for a consuming application

● Application - Code that will access or consume a service○ Example: Web application requiring database storage

INSERT DESIGNATOR, IF NEEDED16

Broker Operations

Brokers implement the following operations

Catalog Management List of services offered

Provision Allocation of new resources

Bind Create resources to allow applications to communicate with the provisioned resource

Unbind Removal of resources created by the binding action

Deprovision Removal of resources created by the provisioning action

INSERT DESIGNATOR, IF NEEDED17

KUBERNETES API

Exposes REST operations and exposes the shared state of the cluster to the backend

data store (etcd)

KUBERNETES CONTROLLER

Watches the shared state of the cluster and attempts to

move the current state towards the desired state

Kubernetes Architecture: Leading the Way

Core components ensure the operation and stability of the platform

INSERT DESIGNATOR, IF NEEDED18

● Separate API server and controller alongside Kubernetes core infrastructure

● Pluggable datastore○ etcd○ Third Party Resources○ Future: Custom Resource Definitions

Service Catalog Core Architecture

Service Catalog adopts and compliments Kubernetes architecture

INSERT DESIGNATOR, IF NEEDED19

Service Catalog Core Architecture

INSERT DESIGNATOR, IF NEEDED

4 resources when working with the Kubernetes service catalog

20

Service Catalog Kubernetes Resources

Broker ServiceClass Instance Binding

INSERT DESIGNATOR, IF NEEDED21

Entity that provides ServiceClasses for use in the Service Catalog

1. Provides an endpoint to query for available services

2. Non-namespaced

Broker

apiVersion: servicecatalog.k8s.io/v1alpha1kind: Brokermetadata: name: test-brokerspec: url: http://test-service-broker (1)

INSERT DESIGNATOR, IF NEEDED22

Represents an offering in the Service Catalog

1. Whether an service can be bound2. Plans define the types of variants a

service offers (quantity, pricing etc)3. Non-namespaced

ServiceClass

apiVersion: servicecatalog.k8s.io/v1alpha1kind: ServiceClassmetadata: name: test-serviceclassbrokerName: test-brokerbindable: true (1)externalID: d35b55b2-b1fd-4123-8045-5b9c619cb629description: "service description"plans: (2) - name: example-plan-1 externalID: 10e03cb7-b2cf-40dd-a954-16a382b92446 description: "plan 1 description" free: true

INSERT DESIGNATOR, IF NEEDED23

Represents intent to provision a ServiceClass

1. Namespace scoped2. ServiceClass reference3. Reference of the plan within the

ServiceClass4. Optional list of parameters

Instance

apiVersion: servicecatalog.k8s.io/v1alpha1kind: Instancemetadata: name: test-instance (1) namespace: test-nsspec: serviceClassName: test-serviceclass (2) planName: example-plan-1 (3) parameters: (4) foo: bar

INSERT DESIGNATOR, IF NEEDED24

Relationship between an application and an Instance and ServiceClass

1. Namespace scoped2. Reference to the instance3. Secret created containing the details

of the service for consumption by application

4. Optional list of parameters

Binding

apiVersion: servicecatalog.k8s.io/v1alpha1kind: Bindingmetadata: name: test-binding namespace: test-ns (1)spec: instanceRef: name: test-instance (2) secretName: my-secret (3) parameters: user: acct_one

Working with the Service Catalog API

INSERT DESIGNATOR, IF NEEDED26

Prerequisites

● Kubernetes 1.6 Cluster○ Added support for additional API servers○ Generic resource support in kubectl

● Core infrastructure deployed○ Service Catalog API Server○ Service Catalog Controller○ Data store

INSERT DESIGNATOR, IF NEEDED27

Adding a Broker to the Platform

● Provides a new set of capabilities that can be consumed by end users

● Broker resource typically created by cluster operators

● Once resource created, broker is queried for list of available services

● ServiceClass resource created on the platform for each item returned

INSERT DESIGNATOR, IF NEEDED28

Adding a Broker to the Platform

INSERT DESIGNATOR, IF NEEDED29

Requesting an Instance

● A request for new resources based on a ServiceClass and Plan by the consumer

● Creation of an Instance against the API

● Can provide a set of parameters to fine tune the request

● Service Catalog Controller recognizes new Instance object created○ Generates a GUID (ExternalID) for use for future request as instance_id○ Invokes provision API against the targeted broker to allocate new resources

PUT /v2/service_instances/:instance_id

INSERT DESIGNATOR, IF NEEDED30

Request an Instance

INSERT DESIGNATOR, IF NEEDED31

What about Long Running Requests?

Provisioning an instance may take time to complete

INSERT DESIGNATOR, IF NEEDED32

Asynchronous Operations

INSERT DESIGNATOR, IF NEEDED33

Binding an Application to A Service

● A relationship between an application and a service

● Service broker supports multiple types of bindings○ Credentials, log aggregation draining, routing○ Kubernetes only supports Credentials binding

INSERT DESIGNATOR, IF NEEDED34

Binding an Application to A Service

● Creation of a Binding against the API○ References the instance to bind against○ Name of the secret that should be created containing credentials

● Service Catalog Controller recognizes new Binding object created○ Invokes bind operation against broker○ Passes in any additional parameters

● Secret created in Kubernetes API based on response returned from broker○ Application can use secret to consume service

PUT /v2/service_instances/:instance_id/service_bindings/:binding_id

INSERT DESIGNATOR, IF NEEDED35

Binding

INSERT DESIGNATOR, IF NEEDED36

Resource Removal

Resources and their associated provisioned components can be removed when they are no longer needed

● Initiated by deletion of API objects

● Can trigger operations to be performed from the broker based on resource removed

○ Unbind○ Deprovision

INSERT DESIGNATOR, IF NEEDED37

Unbinding

Deletion of resources associated with the binding operation

● Secrets are a common example of a resource that would be removed

● Triggered by the deletion of the Binding API object

● Controller invokes unbind operation on broker with instance and binding idDELETE

/v2/service_instances/:instance_id/service_bindings/:binding_id

INSERT DESIGNATOR, IF NEEDED38

Deprovisioning

Removal of the provisioned instance

● Triggered by the deletion of the Instance API object

● Controller invokes deprovision operation on broker with the associated instance id

DELETE /v2/service_instances/:instance_id

INSERT DESIGNATOR, IF NEEDED39

Removing Catalog Items

Brokers and the Services they offer can also be removed to clean up any remaining resources

● Triggered by the deletion of the Broker API object○ ServiceClass associated with the deleted broker are also removed

Service Catalog in Action

INSERT DESIGNATOR, IF NEEDED41

TEMPLATE BROKERApplication provisioning using OpenShift templates

ANSIBLE SERVICE BROKERLeverages Ansible Playbook Bundles (APB) to automate complex services

ENMASSE SERVICE BROKERProvision messaging services

Service Broker Implementations

INSERT DESIGNATOR, IF NEEDED42

OpenShift Service Catalog

INSERT DESIGNATOR, IF NEEDED43

Service Broker Development

Open Service Broker SDK● Skeleton project for creating new service brokers● Written in Golang● Boilerplate code for each of the key Open Service Broker API

methods

https://github.com/openshift/open-service-broker-sdk

INSERT DESIGNATOR, IF NEEDED44

Resources

Open Service Broker APIhttps://www.openservicebrokerapi.org/

Kubernetes Service Catalog Source Codehttps://github.com/kubernetes-incubator/service-catalog

Kubernetes SIG Service Cataloghttps://github.com/kubernetes/community/tree/master/sig-service-catalog

INSERT DESIGNATOR, IF NEEDED45

Components Available in OpenShift 3.6

Service Catalog as Technology Preview Feature● Catalog infrastructure

○ API Server○ Controller manager

● Brokers○ Template Service Broker○ Ansible Service Broker

● Development Tooling○ oc cluster up --service-catalog

Note: Enabling the Service Catalog modifies the level of support provided by Red Hat

THANK YOUplus.google.com/+RedHat

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHatNews