Created
May 27, 2020 06:40
-
-
Save lukaszbudnik/c03549cfa9728d9e4957e6bc54ef3c6e to your computer and use it in GitHub Desktop.
Shows how to use Service Catalog with Open Service Broker for Azure to provision Azure Storage Account.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# az cli version | |
az version | |
{ | |
"azure-cli": "2.5.1", | |
"azure-cli-command-modules-nspkg": "2.0.3", | |
"azure-cli-core": "2.5.1", | |
"azure-cli-nspkg": "3.0.4", | |
"azure-cli-telemetry": "1.0.4", | |
"extensions": {} | |
} | |
# kubectl/Kubernetes version | |
kubectl version | |
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:36:53Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"} | |
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.10", GitCommit:"059c666b8d0cce7219d2958e6ecc3198072de9bc", GitTreeState:"clean", BuildDate:"2020-04-03T15:17:29Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"} | |
# helm version | |
helm version | |
version.BuildInfo{Version:"v3.2.0-rc.1", GitCommit:"7bffac813db894e06d17bac91d14ea819b5c2310", GitTreeState:"clean", GoVersion:"go1.13.10"} | |
# service catalog cli version | |
svcat version | |
Client Version: v0.3.0-beta.2 | |
Server Version: v1.15.10 | |
# the storage account will be provisioned in the following resource group | |
RG_NAME=lukaszbudnik | |
# add helm repos for Service Catalog and Azure (contains Open Service Broker for Azure chart) | |
helm repo add svc-cat https://svc-catalog-charts.storage.googleapis.com | |
helm repo add azure https://kubernetescharts.blob.core.windows.net/azure | |
# install service catalog chart | |
kubectl create ns catalog | |
helm install catalog svc-cat/catalog --namespace catalog --set apiserver.storage.etcd.persistence.enabled=true --set apiserver.healthcheck.enabled=false --set controllerManager.healthcheck.enabled=false --set apiserver.verbosity=2 --set controllerManager.verbosity=2 | |
# create service principal | |
sp=$(az ad sp create-for-rbac) | |
# copy parameters which we need to pass to OSBA to provision Azure resources/services on our behalf | |
AZURE_SUBSCRIPTION_ID=$(az account show | jq -r '.id') | |
AZURE_TENANT_ID=$(echo $sp | jq -r '.tenant') | |
AZURE_CLIENT_ID=$(echo $sp | jq -r '.appId') | |
AZURE_CLIENT_SECRET=$(echo $sp | jq -r '.password') | |
# install Open Service Bus for Azure chart | |
kubectl create ns osba | |
helm install osba azure/open-service-broker-azure --namespace osba --set azure.subscriptionId=$AZURE_SUBSCRIPTION_ID --set azure.tenantId=$AZURE_TENANT_ID --set azure.clientId=$AZURE_CLIENT_ID --set azure.clientSecret=$AZURE_CLIENT_SECRET | |
# wait until ClusterServiceBroker is available (be patient - takes a few minutes) | |
kubectl get ClusterServiceBrokers | |
# make sure service catalog read all the data from Azure correctly | |
svcat get brokers | |
svcat get classes | |
svcat get plans | |
cat <<EOF > sa-instance.yaml | |
apiVersion: servicecatalog.k8s.io/v1beta1 | |
kind: ServiceInstance | |
metadata: | |
name: sa-instance | |
namespace: osba | |
spec: | |
clusterServiceClassExternalName: azure-storage-general-purpose-v2-storage-account | |
clusterServicePlanExternalName: account | |
parameters: | |
location: eastus | |
resourceGroup: $RG_NAME | |
EOF | |
kubectl create -f sa-instance.yaml | |
# provisioning a new storage account will take a few minutes check the status with the following command | |
kubectl get serviceinstances -n osba | |
# finally, you can create servicebinding which will sync all storage account-related properties (account name, account key, endpoints) to Kubernetes secret - which is super sweet! | |
cat <<EOF > sa-binding.yaml | |
apiVersion: servicecatalog.k8s.io/v1beta1 | |
kind: ServiceBinding | |
metadata: | |
name: sa-binding | |
namespace: osba | |
spec: | |
instanceRef: | |
name: sa-instance | |
secretName: sa-credentials | |
EOF | |
kubectl create -f sa-binding.yaml | |
# check the servicebinding | |
kubectl get servicebindings -n osba | |
# and the secret | |
kubectl get secret sa-credentials -n osba |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment