Last active
May 27, 2020 06:36
-
-
Save lukaszbudnik/b2734c250e71b0c7f18dd93fb882cc42 to your computer and use it in GitHub Desktop.
Shows how to use Service Catalog with Open Service Broker for Azure to provision Azure Database
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# az cli version | |
az version | |
{ | |
"azure-cli": "2.5.1", | |
"azure-cli-command-modules-nspkg": "2.0.3", | |
"azure-cli-core": "2.5.1", | |
"azure-cli-nspkg": "3.0.4", | |
"azure-cli-telemetry": "1.0.4", | |
"extensions": {} | |
} | |
# kubectl/Kubernetes version | |
kubectl version | |
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:36:53Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"} | |
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.10", GitCommit:"059c666b8d0cce7219d2958e6ecc3198072de9bc", GitTreeState:"clean", BuildDate:"2020-04-03T15:17:29Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"} | |
# helm version | |
helm version | |
version.BuildInfo{Version:"v3.2.0-rc.1", GitCommit:"7bffac813db894e06d17bac91d14ea819b5c2310", GitTreeState:"clean", GoVersion:"go1.13.10"} | |
# service catalog cli version | |
svcat version | |
Client Version: v0.3.0-beta.2 | |
Server Version: v1.15.10 | |
# the database will be provisioned in the following resource group | |
RG_NAME=lukaszbudnik | |
# add helm repos for Service Catalog and Azure (contains Open Service Broker for Azure chart) | |
helm repo add svc-cat https://svc-catalog-charts.storage.googleapis.com | |
helm repo add azure https://kubernetescharts.blob.core.windows.net/azure | |
# install service catalog chart | |
kubectl create ns catalog | |
helm install catalog svc-cat/catalog --namespace catalog --set apiserver.storage.etcd.persistence.enabled=true --set apiserver.healthcheck.enabled=false --set controllerManager.healthcheck.enabled=false --set apiserver.verbosity=2 --set controllerManager.verbosity=2 | |
# create service principal | |
sp=$(az ad sp create-for-rbac) | |
# copy parameters which we need to pass to OSBA to provision Azure resources/services on our behalf | |
AZURE_SUBSCRIPTION_ID=$(az account show | jq -r '.id') | |
AZURE_TENANT_ID=$(echo $sp | jq -r '.tenant') | |
AZURE_CLIENT_ID=$(echo $sp | jq -r '.appId') | |
AZURE_CLIENT_SECRET=$(echo $sp | jq -r '.password') | |
# install Open Service Broker for Azure chart | |
kubectl create ns osba | |
helm install osba azure/open-service-broker-azure --namespace osba --set azure.subscriptionId=$AZURE_SUBSCRIPTION_ID --set azure.tenantId=$AZURE_TENANT_ID --set azure.clientId=$AZURE_CLIENT_ID --set azure.clientSecret=$AZURE_CLIENT_SECRET | |
# wait until ClusterServiceBroker is available (be patient - takes a few minutes) | |
kubectl get ClusterServiceBrokers | |
# make sure service catalog read all the data from Azure correctly | |
svcat get brokers | |
svcat get classes | |
svcat get plans | |
# create the DB instance - I selected PostgreSQL 10 | |
cat <<EOF > db-instance.yaml | |
apiVersion: servicecatalog.k8s.io/v1beta1 | |
kind: ServiceInstance | |
metadata: | |
name: db-instance | |
namespace: osba | |
spec: | |
clusterServiceClassExternalName: azure-postgresql-10 | |
clusterServicePlanExternalName: basic | |
parameters: | |
location: eastus | |
resourceGroup: $RG_NAME | |
firewallRules: | |
- startIPAddress: "0.0.0.0" | |
endIPAddress: "255.255.255.255" | |
name: "AllowAll" | |
EOF | |
kubectl create -f db-instance.yaml | |
# provisioning a new database will take a few minutes check the status with the following command | |
kubectl get serviceinstances -n osba | |
# finally, you can create servicebinding which will sync all DB-related properties (host, port, database, username, password, encryption settings, even connection string/urls) to Kubernetes secret - which is super sweet! | |
cat <<EOF > db-binding.yaml | |
apiVersion: servicecatalog.k8s.io/v1beta1 | |
kind: ServiceBinding | |
metadata: | |
name: db-binding | |
namespace: osba | |
spec: | |
instanceRef: | |
name: db-instance | |
secretName: db-credentials | |
EOF | |
kubectl create -f db-binding.yaml | |
# check the servicebinding | |
kubectl get servicebindings -n osba | |
# and the secret | |
kubectl get secret db-credentials -n osba |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment