OpenShift Commons Briefing Kubernetes Service Catalog Deep Dive Paul Morie Principal Software Engineer July 26, 2017 Andrew Block Principal Consultant
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
OpenShift Commons Briefing
Kubernetes Service Catalog Deep Dive
Paul MoriePrincipal Software Engineer
July 26, 2017
Andrew Block Principal Consultant
INSERT DESIGNATOR, IF NEEDED2
Agenda
● Common Patterns for Service Consumption
● Introduction to the Open Service API
● Kubernetes Service Catalog Concepts
● Working with the Service Catalog
● Service Catalog in Action
● Service Catalog in OpenShift 3.6
INSERT DESIGNATOR, IF NEEDED3
Users and Applications need access to services and resources
INSERT DESIGNATOR, IF NEEDED4
END USER REQUESTS RESOURCES
Help desk ticket or process initiated
Resources provisioned based on the request
RESOURCES ALLOCATED
Information on how to make use of the service
(connection string, credentials)
DETAILS PROVIDED TO END USER
Typical Workflow
INSERT DESIGNATOR, IF NEEDED5
A Centralized Location for Services● The service catalog provides a central place for consuming services
INSERT DESIGNATOR, IF NEEDED6
Open Service Broker API
Defines an HTTP interface between a platform and entities that provide a set of services (service brokers)
The service broker is the component of the service that implements the Open Service Broker API
INSERT DESIGNATOR, IF NEEDED7
Open Service Broker API
The Open Service Broker API defines the interaction between the catalog and a broker
Service Catalog
Brokers
User
INSERT DESIGNATOR, IF NEEDED8
History of the Open Service Broker API
2011 2013 2015 2016
- V1 open sourced by VMWare
- 5 fixed services MySQL, PostgreSQL, RabbitMQ, MongoDB, Redis
- V2 released
- Clean abstraction between platform and service implementation
- Asynchronous provisioning implemented
- Open Service Broker API specification released
INSERT DESIGNATOR, IF NEEDED9
● Successor to the Cloud Foundry Service Broker API
● Existing ecosystem provided along with the API
● History○ September 2016 - Working group formed○ December 2016 - Publically announced
Browse the specification● https://github.com/openservicebrokerapi/servicebroker
INSERT DESIGNATOR, IF NEEDED10
Contributing Members
Browse the specification● https://github.com/openservicebrokerapi/servicebroker
INSERT DESIGNATOR, IF NEEDED11
Kubernetes Service Catalog
● Integration between Kubernetes and brokers implementingthe OSB API
● Timeline○ September 2016 - Special Interest Group (SIG) formed○ October 2016 - Incubator Repository Created
■ https://github.com/kubernetes-incubator/service-catalog ○ March 2017 - Alpha released
● Primary Contributors○ Red Hat, Google, Microsoft (Formerly Deis), IBM
Kubernetes Service Catalog Concepts
INSERT DESIGNATOR, IF NEEDED13
Disclaimer:
Features still in active development and subject to change
INSERT DESIGNATOR, IF NEEDED14
Kubernetes Open Service Broker API Terminology
● Service broker - Manages a set of capabilities (Services)
● Service - A capability managed by the service broker○ Example: Database as a Service
● Plan - A specific offering of a service○ Example: Free tier, Medium Tier ($5.99/mo)
INSERT DESIGNATOR, IF NEEDED15
Kubernetes Open Service Broker API Terminology
● Service Instance - An instantiation of a particular service’s capability○ Example: My database
● Binding - Relationship between a service instance and an application○ Example: Credentials created in a database for a consuming application
● Application - Code that will access or consume a service○ Example: Web application requiring database storage
INSERT DESIGNATOR, IF NEEDED16
Broker Operations
Brokers implement the following operations
Catalog Management List of services offered
Provision Allocation of new resources
Bind Create resources to allow applications to communicate with the provisioned resource
Unbind Removal of resources created by the binding action
Deprovision Removal of resources created by the provisioning action
INSERT DESIGNATOR, IF NEEDED17
KUBERNETES API
Exposes REST operations and exposes the shared state of the cluster to the backend
data store (etcd)
KUBERNETES CONTROLLER
Watches the shared state of the cluster and attempts to
move the current state towards the desired state
Kubernetes Architecture: Leading the Way
Core components ensure the operation and stability of the platform
INSERT DESIGNATOR, IF NEEDED18
● Separate API server and controller alongside Kubernetes core infrastructure
● Pluggable datastore○ etcd○ Third Party Resources○ Future: Custom Resource Definitions
Service Catalog Core Architecture
Service Catalog adopts and compliments Kubernetes architecture
INSERT DESIGNATOR, IF NEEDED19
Service Catalog Core Architecture
INSERT DESIGNATOR, IF NEEDED
4 resources when working with the Kubernetes service catalog
20
Service Catalog Kubernetes Resources
Broker ServiceClass Instance Binding
INSERT DESIGNATOR, IF NEEDED21
Entity that provides ServiceClasses for use in the Service Catalog
1. Provides an endpoint to query for available services
2. Non-namespaced
Broker
apiVersion: servicecatalog.k8s.io/v1alpha1kind: Brokermetadata: name: test-brokerspec: url: http://test-service-broker (1)
INSERT DESIGNATOR, IF NEEDED22
Represents an offering in the Service Catalog
1. Whether an service can be bound2. Plans define the types of variants a
service offers (quantity, pricing etc)3. Non-namespaced
ServiceClass
apiVersion: servicecatalog.k8s.io/v1alpha1kind: ServiceClassmetadata: name: test-serviceclassbrokerName: test-brokerbindable: true (1)externalID: d35b55b2-b1fd-4123-8045-5b9c619cb629description: "service description"plans: (2) - name: example-plan-1 externalID: 10e03cb7-b2cf-40dd-a954-16a382b92446 description: "plan 1 description" free: true
INSERT DESIGNATOR, IF NEEDED23
Represents intent to provision a ServiceClass
1. Namespace scoped2. ServiceClass reference3. Reference of the plan within the
ServiceClass4. Optional list of parameters
Instance
apiVersion: servicecatalog.k8s.io/v1alpha1kind: Instancemetadata: name: test-instance (1) namespace: test-nsspec: serviceClassName: test-serviceclass (2) planName: example-plan-1 (3) parameters: (4) foo: bar
INSERT DESIGNATOR, IF NEEDED24
Relationship between an application and an Instance and ServiceClass
1. Namespace scoped2. Reference to the instance3. Secret created containing the details
of the service for consumption by application
4. Optional list of parameters
Binding
apiVersion: servicecatalog.k8s.io/v1alpha1kind: Bindingmetadata: name: test-binding namespace: test-ns (1)spec: instanceRef: name: test-instance (2) secretName: my-secret (3) parameters: user: acct_one
Working with the Service Catalog API
INSERT DESIGNATOR, IF NEEDED26
Prerequisites
● Kubernetes 1.6 Cluster○ Added support for additional API servers○ Generic resource support in kubectl
● Core infrastructure deployed○ Service Catalog API Server○ Service Catalog Controller○ Data store
INSERT DESIGNATOR, IF NEEDED27
Adding a Broker to the Platform
● Provides a new set of capabilities that can be consumed by end users
● Broker resource typically created by cluster operators
● Once resource created, broker is queried for list of available services
● ServiceClass resource created on the platform for each item returned
INSERT DESIGNATOR, IF NEEDED28
Adding a Broker to the Platform
INSERT DESIGNATOR, IF NEEDED29
Requesting an Instance
● A request for new resources based on a ServiceClass and Plan by the consumer
● Creation of an Instance against the API
● Can provide a set of parameters to fine tune the request
● Service Catalog Controller recognizes new Instance object created○ Generates a GUID (ExternalID) for use for future request as instance_id○ Invokes provision API against the targeted broker to allocate new resources
PUT /v2/service_instances/:instance_id
INSERT DESIGNATOR, IF NEEDED30
Request an Instance
INSERT DESIGNATOR, IF NEEDED31
What about Long Running Requests?
Provisioning an instance may take time to complete
INSERT DESIGNATOR, IF NEEDED32
Asynchronous Operations
INSERT DESIGNATOR, IF NEEDED33
Binding an Application to A Service
● A relationship between an application and a service
● Service broker supports multiple types of bindings○ Credentials, log aggregation draining, routing○ Kubernetes only supports Credentials binding
INSERT DESIGNATOR, IF NEEDED34
Binding an Application to A Service
● Creation of a Binding against the API○ References the instance to bind against○ Name of the secret that should be created containing credentials
● Service Catalog Controller recognizes new Binding object created○ Invokes bind operation against broker○ Passes in any additional parameters
● Secret created in Kubernetes API based on response returned from broker○ Application can use secret to consume service
PUT /v2/service_instances/:instance_id/service_bindings/:binding_id
INSERT DESIGNATOR, IF NEEDED35
Binding
INSERT DESIGNATOR, IF NEEDED36
Resource Removal
Resources and their associated provisioned components can be removed when they are no longer needed
● Initiated by deletion of API objects
● Can trigger operations to be performed from the broker based on resource removed
○ Unbind○ Deprovision
INSERT DESIGNATOR, IF NEEDED37
Unbinding
Deletion of resources associated with the binding operation
● Secrets are a common example of a resource that would be removed
● Triggered by the deletion of the Binding API object
● Controller invokes unbind operation on broker with instance and binding idDELETE
/v2/service_instances/:instance_id/service_bindings/:binding_id
INSERT DESIGNATOR, IF NEEDED38
Deprovisioning
Removal of the provisioned instance
● Triggered by the deletion of the Instance API object
● Controller invokes deprovision operation on broker with the associated instance id
DELETE /v2/service_instances/:instance_id
INSERT DESIGNATOR, IF NEEDED39
Removing Catalog Items
Brokers and the Services they offer can also be removed to clean up any remaining resources
● Triggered by the deletion of the Broker API object○ ServiceClass associated with the deleted broker are also removed
Service Catalog in Action
INSERT DESIGNATOR, IF NEEDED41
TEMPLATE BROKERApplication provisioning using OpenShift templates
ANSIBLE SERVICE BROKERLeverages Ansible Playbook Bundles (APB) to automate complex services
ENMASSE SERVICE BROKERProvision messaging services
Service Broker Implementations
INSERT DESIGNATOR, IF NEEDED42
OpenShift Service Catalog
INSERT DESIGNATOR, IF NEEDED43
Service Broker Development
Open Service Broker SDK● Skeleton project for creating new service brokers● Written in Golang● Boilerplate code for each of the key Open Service Broker API
methods
https://github.com/openshift/open-service-broker-sdk
INSERT DESIGNATOR, IF NEEDED44
Resources
Open Service Broker APIhttps://www.openservicebrokerapi.org/
Kubernetes Service Catalog Source Codehttps://github.com/kubernetes-incubator/service-catalog
Kubernetes SIG Service Cataloghttps://github.com/kubernetes/community/tree/master/sig-service-catalog
INSERT DESIGNATOR, IF NEEDED45
Components Available in OpenShift 3.6
Service Catalog as Technology Preview Feature● Catalog infrastructure
○ API Server○ Controller manager
● Brokers○ Template Service Broker○ Ansible Service Broker
● Development Tooling○ oc cluster up --service-catalog
Note: Enabling the Service Catalog modifies the level of support provided by Red Hat
THANK YOUplus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHatNews
Related Documents
