Using IBM Cloud services in IBM Cloud Private Cloud Foundry

With IBM® Cloud Private Cloud Foundry access to IBM Cloud services, your IBM Cloud Private Cloud Foundry administrator can decide which services to make accessible to the IBM Cloud Private Cloud Foundry marketplace for various organizations and spaces.

Before you begin

You need the following resources to implement IBM Cloud services in IBM Cloud Private Cloud Foundry.

1. IBM Cloud Private Cloud Foundry must be installed. For installation instructions, see Installing IBM Cloud Private Cloud Foundry.
2. You must have an active IBM Cloud service account to set up the integration. If you do not have an account, you can create one at IBM Cloud.
3. Your IBM Cloud Private Cloud Foundry environment must have access to IBM Cloud API end-point, https://api.ng.bluemix.net. You must adjust firewalls for each IBM Cloud service use case. Currently, only the api.ng.bluemix.net API end point is supported in the North American region. Once other endpoints become available, you can change the region by setting the public_api_target attribute in the uiconfig to the appropriate API URL for the region.

Complete the following steps to integrate IBM Cloud services into IBM Cloud Private Cloud Foundry.

Create an API Key

In order to create the service broker, the administrator must provide an API key. You need the API key only when you set up the service broker. You can discard the key once setup is complete.
You can create the API key from any location where you have installed the IBM Cloud CLI.
In the following steps, the IBM Cloud CLI is installed on an inception container.

1. From the installation directory, connect to the inception container:

   ./connect -n IBMCloudPrivate
   

2. Log in to the IBM Cloud:

   ibmcloud login -a https://api.ng.bluemix.net
   

   Use the following option if you have a federated account:

   ibmcloud login -sso https://api.ng.bluemix.net
   

3. Create an API key. You will need the key in a later step.

   ibmcloud iam api-key-create NAME [-d DESCRIPTION]
   

4. Log out of IBM Cloud.

   ibmcloud logout
   

5. Type exit to exit the inception container.

Create the service broker

The configuration manager includes a command to create the IBM Cloud service broker.
From your installation directory, run the following command to create the service broker:

./cm public-service-broker create --apikey <Your_API_KEY> [--resource-group <Resource_group>]

If you omit the resource-group parameter, the default resource group is used.
From the inception container, use the following command to list all available resource groups.

ibmcloud resource groups

The default resource group is listed during the ibmcloud login. You can also use the following command to list the default group:

ibmcloud resource groups --default

After you have completed the cm command, IBM Cloud Private Cloud Foundry will be linked to the IBM Cloud.

Verify connection to IBM Cloud domain

1. From the installation directory, use the following command to connect to the inception container:

   ./connect -n IBMCloudPrivate
   

2. Use the {site.data.keyword.icpcf-notm}} administrator user credentials to log in to the IBM Cloud Private Cloud Foundry.u

   cf login
   

3. Use the following command to view the IBMCloud.<extension> service broker. <extension> is the IBM Cloud domain. For example, IBMCloudPublic.ng.bluemix.net.

   cf service-brokers
   

4. Log out of {site.data.keyword.icpcf-notm}}.

   cf logout
   

5. Type exit to exit the inception container.

Delete API Key

Complete the following steps to delete the API key.

1. From the installation directory, connect to the inception container.

   ./connect -n IBMCloudPrivate
   

2. Log in to the IBM Cloud.

   ibmcloud login -a https://api.ng.bluemix.net
   

   Use the following option if you have a federated account:

   ibmcloud login -sso https://api.ng.bluemix.net
   

3. Delete an API key. <NAME> is the name you used when creating the API key.

   ibmcloud iam api-key-delete <NAME>
   

4. Log out of IBM Cloud.

   ibmcloud logout
   

5. Type exit to exit the inception container.

Manage IBM Cloud service accessibility

For administrators:

• To list the service plans and current access that are available as a result of registration, use the following command:

  cf service-access
  

  For more information about service access, see Display access to service plans.

• To enable service plans and manage the organization level access, use the following command:

  cf enable-service-access
  

  For more information about enabling service access, see Enable access to service plans.

• To remove service plan permissions, use the following command:

  cf disable-service-access
  

  For more information about disabling service access, see Disable access to service plans.

For users:

• To view the list of enabled services, use the following command:

  cf marketplace
  

Interacting with services

Service instances can be created for services available in the marketplace. For more information about interacting with services, see Managing Service Instances with the cf CLI