Implementing Open Service Broker (OSB) database in IBM® Cloud Private Cloud Foundry

IBM® Cloud Private Cloud Foundry provides a Helm chart called ibm-osb-database. You can install ibm-osb-database to be deployed as a cluster service broker into IBM Cloud Private. The cluster service broker is built to the Open Service Broker API specification.

The service broker offers IBM Cloud Private database Helm charts as services. You can register the service broker in IBM® Cloud Private Cloud Foundry to provision and deprovision service instances, and bind service instances to applications.

Prerequisites

• Environment with IBM Cloud Private Version 3.1 or later.
• IBM Cloud Private Cloud Foundry must be installed because the ibm-osb-database Helm chart is exported during installation.
• Install the IBM Cloud Private general CLI commands (cloudctl) and the kubectl CLI. Log in to your cluster. The kubectl CLI is automatically configured when you log in using cloudctl. For information about installing the CLI, see Installing the IBM Cloud Private CLI.
• Install and configure the Docker CLI for use with your cluster. For information about installing the CLI, see Configuring authentication for the Docker CLI.

Loading the chart archive

After installing IBM Cloud Private Cloud Foundry, you can find the chart archive in the <data_directory>/IBMCloudPrivate directory on the system where you ran the IBM Cloud Private installer. <data_directory> is the directory that you supplied to the launch.sh script using the -c option.

The chart archive is named ibm-osb-database-1.0.0-archive.tgz and it contains both the Helm chart, and a required image. If you installed and configured the CLIs (as described in the prerequisites section) on a different system, copy the archive to that system. Ensure that you're logged in to your IBM Cloud Private cluster, and that your Docker CLI is logged in to the private image registry for your cluster. Next, run the following command:

cloudctl catalog load-archive --archive ibm-osb-database-1.0.0-archive.tgz

By default, the command loads the chart into the local-charts Helm repository and the image into the private image registry where it's accessible only by charts installed in the current target namespace. For information about CLI catalog commands, see IBM Cloud Private CLI catalog commands. For information about managing images, see Managing images.

Installing the Chart

IBM Cloud Private Catalog

Locate and click the ibm-osb-database chart in the catalog. The overview contains detailed information about all of the chart configuration parameters. Complete the following steps to configure your chart:

1. Switch to the Configuration tab or click Configure.
2. Enter a unique name for Helm release name.
3. Select the target namespace.
4. Accept the license.
5. Provide required values for the application parameters.
6. Click Install to complete your configuration.

Helm CLI

If you prefer to use the Helm CLI, see Installing the Helm CLI (helm) for instructions about installing the Helm CLI. Helm is automatically configured when you log in using cloudctl.

Run the following command to install the chart.

helm install local-charts/ibm-osb-database-1.0.0.tgz --name <release_name> --namespace <namespace> --tls

Use one of the following options to set values for the fields:

• Use the --set option to set these values. For example: --set brokerconfig.userToken="YWRtaW4=",brokerconfig.password="YWRtaW4="
• Create a YAML file containing the values and use the --values option to supply the YAML file.

Provide required values for the following fields.

brokerconfig.userToken="<base-64 encoded user name that you use to log in to IBM Cloud Private>"
brokerconfig.password="<base-64 encoded password that you use to log in to IBM Cloud Private>"
brokerconfig.externalClusterIp="<IP that you use to access the IBM Cloud Private management console>"
brokerconfig.accountId="<Kubernetes cluster account ID or name, for example, id-mycluster-account>"
brokerconfig.clusterName="<Kubernetes cluster name, for example, mycluster>"
brokerconfig.namespace="<Kubernetes namespace>"

Exposing the service broker for external access

Complete the following steps to expose the service broker for external access:

1. List the internal service name of the service broker.

   $ kubectl get services
   

2. Create a NodePort to expose the broker outside of the cluster.

   kubectl expose deployment <helm_release_name>-ibm-osb-database --name <helm_release_name>-ibm-osb-database-external --type=NodePort --port=443 --target-port=8443
   

3. Verify the exposed port and obtain the port number.

   $ kubectl get services
   

   The output resembles the following:

   NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
   dbservicebroker1-ibm-osb-database ClusterIP 10.0.0.248 <none> 443/TCP 3m
   dbservicebroker1-ibm-osb-database-external NodePort 10.0.0.196 <none> 443:32055/TCP
   5s
   kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 47d
   

   In this case, the external node port number is 32055. You need the port number to register the service broker in IBM Cloud Private Cloud Foundry.