ContainerDays 2019, Hamburg: Talk by Tobias Placht (@knacht, Senior Software Engineer at QAware) & Nicolai Rybnikar (DG-i)
Abstract: This talk provides an overview on usage of the Open Service Broker API in practice. We show the fundamental concepts how to develop, publish and consume services using a service broker. We report from our experience and present lessons learned based on a real-world project.
5. Bryan Friedman
@bryanfriedman
Building a platform is not a good use of developer time.
Kubernetes is not the platform - it’s a platform on which you
build your platform. Getting the right level of abstraction means
you can focus on building custom software better. So says
@jessitron at #VelocityConf
38 6:54 PM - Jun 12, 2019
See Bryan Friedman's other Tweets
3 . 2
6. Robert
@robhoffmax
Replying to @bryanfriedman @jessitron
Totally agree but this has been said for two years now? Where is
that platform?
5:16 AM - Jun 13, 2019
See Robert's other Tweets
3 . 3
11. You can’t go Cloud Native without
proper CI and CD
4 . 1
12. ENTERPRISE CUSTOMERS ARE SUBJECT TOENTERPRISE CUSTOMERS ARE SUBJECT TO
STRICT REGULATIONS…STRICT REGULATIONS…
Deployed Artifacts must be avilable for 10 years
Authentication and Authorization
Audit Log
Four Eyes Principle
Many many more
4 . 2
13. … LEADING TO A COMPLEX AND HIGHLY… LEADING TO A COMPLEX AND HIGHLY
OPINIONATED TOOLCHAINOPINIONATED TOOLCHAIN
4 . 3
14. IN THE BEGINNING THERE WAS ONLY PLAININ THE BEGINNING THERE WAS ONLY PLAIN
HELM AMD SOME BASH MAGICHELM AMD SOME BASH MAGIC
5 . 1
16. AT LEAST FOR SOME TIMEAT LEAST FOR SOME TIME
Static configuration
Nearly impossible to maintain
Long round trip times
Strong dependency to helm
5 . 3
17. IT ALL COLLAPSED WHEN SOMEONE ASKEDIT ALL COLLAPSED WHEN SOMEONE ASKED
IF ITS POSSIBLE TO CHANGE ARTIFACTORYIF ITS POSSIBLE TO CHANGE ARTIFACTORY
5 . 4
18. BACK TO THE DRAWING BOARDBACK TO THE DRAWING BOARD
6 . 1
19. WE HAD THE FOLLOWING REQUIREMENTSWE HAD THE FOLLOWING REQUIREMENTS
Allow flexible deployment mechanisms
Support complex scenarios
Generic approach for different Services
Based on existing Open Source Standards
6 . 2
21. THE PROMISETHE PROMISE
API Specification for building Service Brokers
Service Brokers provide lifecycle methods for
deploying and connecting services
Independent of the technology or infrastructure
7 . 2
23. Kubernetes Special Interest Group -
Extension API to list, bind and provisio external
Services
Filling the Gap between a Kubernetes Cluster
and multiple Service Brokers
https://svc-
cat.io/
7 . 4
30. ServiceBinding
A unique set of creds to access a specific Instance,
e.g. username/password for Jonathan’s 100 MB
MySQL Database
7 . 11
31. PROVISIONPROVISION
When the Service Broker receives a provision request from the Pla
it MUST take whatever action is necessary to create a new resourc
7 . 12
34. DEPROVISIONDEPROVISION
When a Service Broker receives a deprovision request from a Platf
it MUST delete any resources it created during the provision.
7 . 15
37. EXAMPLE: WHAT THE USER DOESEXAMPLE: WHAT THE USER DOES
svcat bind artifactory -p maven
7 . 18
38. WHAT HAPPENS IN THE BACKGROUNDWHAT HAPPENS IN THE BACKGROUND
1. Create a new repository using the REST API
2. Create a technical user with limited access
3. Add permission target
4. Set permissions for technical user
5. Create K8s secret which can be used by the
application
7 . 19
42. LESSONS LEARNEDLESSONS LEARNED
Building a Platform is hard ;)
Plain Helm is often not enough
Not everything need to run in your Cluster
Not the most active SIG
The community is focusing on Operators
9 . 2