Oracle Cloud Infrastructure Documentation

Adding OCI Service Broker for Kubernetes to Clusters

Service brokers offer a catalog of backing services to workloads running on cloud native platforms. The Open Service Broker API is a commonly-used standard for interactions between service brokers and platforms. The Open Service Broker API specification describes a simple set of API endpoints that platforms use to provision, gain access to, and manage service offerings. For more information about the Open Service Broker API, see resources available online including those at openservicebrokerapi.org.

OCI Service Broker for Kubernetes is an implementation of the Open Service Broker API. OCI Service Broker for Kubernetes is specifically for interacting with Oracle Cloud Infrastructure services from Kubernetes clusters. It includes three service broker adapters to bind to the following Oracle Cloud Infrastructure services:

  • Object Storage
  • Autonomous Transaction Processing
  • Autonomous Data Warehouse

You can add OCI Service Broker for Kubernetes to clusters you've created with Oracle Cloud Infrastructure Container Engine for Kubernetes to interact with the Oracle Cloud Infrastructure services listed above. Having added OCI Service Broker for Kubernetes to a cluster, you don't have to manually provision and de-provision the Oracle Cloud Infrastructure services each time you deploy or un-deploy an application on the cluster. Instead, you interact with the Oracle Cloud Infrastructure services by using kubectl to call the Open Service Broker APIs implemented by OCI Service Broker for Kubernetes .

OCI Service Broker for Kubernetes is available as a Helm chart, a Docker container, and as source code from Github.

For more information about OCI Service Broker for Kubernetes, see the OCI Service Broker for Kubernetes documentation in the Github repository.

Adding OCI Service Broker for Kubernetes to a Cluster

To add OCI Service Broker for Kubernetes to a cluster, follow the detailed instructions in the Github repository.

For convenience, here's a high-level summary of the steps involved:

  1. Install OCI Service Broker for Kubernetes. During this step, you will typically:
    • Install the Service Catalog.
    • Install the svcat tool.
    • Deploy OCI Service Broker for Kubernetes.
    • Grant RBAC permissions and roles.
    • Register OCI Service Broker for Kubernetes.

    For more information about installation, see the OCI Service Broker for Kubernetes documentation in the Github repository.

  2. Secure OCI Service Broker for Kubernetes. During this step, you will typically:
    • Restrict access to Service Catalog resources using RBAC permissions and roles.
    • Configure TLS for OCI Service Broker for Kubernetes.
    • Set up an Oracle Cloud Infrastructure user for use by OCI Service Broker for Kubernetes.
    • Set up appropriate policies to control access to resources (according to the Oracle Cloud Infrastructure services to be used).
    • Limit access to the OCI Service Broker for Kubernetes endpoint using NetworkPolicy.
    • Stand up an etcd cluster for Service Catalog and OCI Service Broker for Kubernetes.
    • Protect sensitive values by creating secrets.

    The security configuration to choose will depend on your particular requirements. For more information, see the OCI Service Broker for Kubernetes documentation in the Github repository.

  3. Provision and bind to the required Oracle Cloud Infrastructure services. During this step, you will typically:
    • Provide service provision request parameters.
    • Provide service binding request parameters.
    • Provide service binding response credentials.

    The details to provide will depend on the Oracle Cloud Infrastructure service to bind to. For more information, see the OCI Service Broker for Kubernetes documentation in the Github repository.