Latest Release: v4.0.1, 2024-11-26
The pgo-osb project is an implementation of the Open Service Broker API. This implementation uses the Crunchy PostgreSQL Operator as a means to provision services, in this case the service is a PostgreSQL database cluster.
pgo-osb allows users to also bind to a service instance which when invoked will return PostgreSQL credentials to a user they can use to connect to the PostgreSQL database instance.
Also, users can deprovision a PostgreSQL database cluster using the OSB API.
The pgo-osb broker was developed using the OSB Starter Pack and associated libraries.
See the following:
-
[Open Service Broker API](https://github.com/openservicebrokerapi/servicebroker)
-
[
osb-broker-lib
](https://github.com/pmorie/osb-broker-lib). -
[
go-open-service-broker-client
](https://github.com/pmorie/go-open-service-broker-client) -
[service-catalog](https://github.com/kubernetes-incubator/service-catalog)
Starting with pgo-osb version 4.0.0, the release schedule and version number for pgo-osb will be aligned with the release schedule and version number for the the Crunchy PostgreSQL Operator. Therefore, to ensure compatibility between pgo-osb and the PostreSQL Operator, please ensure the version number for pgo-osb matches the version number of the PostreSQL Operator deployed in your environment. For instance, if you are using pgo-osb v4.0.1, please ensure the Crunchy PostreSQL Operator v4.0.1 is also deployed in your environment.
golang 1.9 or above is required to build this project.
Running the pgo-osb service broker assumes you have successfully deployed the PostgreSQL Operator. See https://access.crunchydata.com/documentation/postgres-operator/latest for documentation on deploying the PostgreSQL Operator.
Please note that if pgo-osb is deployed to a different namespace than the PostgreSQL Operator, DNS must be utilized when specifying
the URL for the PostgreSQL Operator API server. This is done using environment variable PGO_APISERVER_URL
in the pgo-osb
deployment.yaml
file (located in directory $OSB_ROOT/deploy
). For instance, if the PostgreSQL Operator is deployed to namespace
pgo
, the PGO_APISERVER_URL
environment variable would be set in this file as follows:
- --PGO_APISERVER_URL
- "https://postgres-operator.pgo.svc.cluster.local:8443"
However, if pgo-osb is deployed to the same namespace as the PostgreSQL Operator, then the PostgreSQL Operator service name can simply be utilized:
- --PGO_APISERVER_URL
- "https://postgres-operator:8443"
Additionally, pgo-osb must also be configured with the certificates needed to properly authenticate into and trust the PostgreSQL Operator
API server. When installing the PostgreSQL Operator API server these certificates are automatically generated, and must be copied
into directory $OSB_ROOT/deploy
prior to deploying pgo-osb. This allows the certificates to be stored in a secret that can be utilized
by pgo-osb when accessing the PostgreSQL Operator API server. For instance, if the PostgreSQL Operator was installed using the
bash
installation method, the certificates can be copied as follows:
cp $PGOROOT/conf/postgres-operator/server.crt $PGOROOT/conf/postgres-operator/server.key $OSB_ROOT/deploy
Or if the PostgreSQL Operator was installed using Ansible, then the certificates can be copied from your home directory as follows:
cp "${HOME}"/.pgo/"${PGO_OPERATOR_NAMESPACE}"/output/server.crt $OSB_ROOT/deploy
cp "${HOME}"/.pgo/"${PGO_OPERATOR_NAMESPACE}"/output/server.pem $OSB_ROOT/deploy/server.key
This example also assumes you have created a Kube namespace called demo. Adjust OSB_NAMESPACE to suit your specific namespace value. And lastly, the example assumes you are using the PostgreSQL Operator default RBAC account called username with a password of password. If this is not the case then you will need to adjust the example service instance service-instance.yaml.
To build the pgo-osb broker, place these additional environment variables into your .bashrc as they are used in the various scripts and deployment templates:
export GOPATH=$HOME/odev export GOBIN=$GOPATH/bin export PATH=$GOBIN:$PATH export OSB_NAMESPACE=demo export OSB_CMD=kubectl export OSB_ROOT=$GOPATH/src/github.com/crunchydata/pgo-osb export OSB_BASEOS=centos7 export OSB_VERSION=4.0.1 export OSB_IMAGE_TAG=$OSB_BASEOS-$OSB_VERSION export OSB_IMAGE_PREFIX=crunchydata
Install the dep dependency tool:
mkdir $GOPATH/bin $GOPATH/src/github.com/crunchydata $GOPATH/pkg -p curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
Get the code:
cd $GOPATH/src/github.com/crunchydata git clone https://github.com/crunchydata/pgo-osb.git cd pgo-osb
Install the service catalog into your Kubernetes cluster by following this link:
Instructions on that link are provided to also install the very useful svcat utility for inspecting and working with the service catalog.
Deploy the pgo-osb broker:
make setup make image make deploy
Verify your deployment has been successful with:
kubectl get pod --selector=app=pgo-osb NAME READY STATUS RESTARTS AGE pgo-osb-69c76578b9-v7s9k 1/1 Running 0 16m
To test the pgo-osb broker…
Create an instance:
cd $OSB_ROOT make provision kubectl get serviceinstance make provision2 kubectl get serviceinstance
Please note the ServiceInstance
objects created when running the make provision
and make provision2
commands
above will create PostgreSQL cluster’s in the default namespace set for the PostgreSQL Operator according to the
PGO_NAMESPACE
environment variable set in your environment. If you would like the clusters to be provisioned in
another namespace, please set the proper namespace using the PGO_NAMESPACE
parameter in files
$OSB_ROOT/manifests/service-instance.yaml
and $OSB_ROOT/manifests/service-instance2.yaml
.
You should see a pod with that service instance name:
kubectl get pod --selector=name=testinstance kubectl get pod --selector=name=testinstance2
Create a binding:
make bind kubectl get servicebinding make bind2 kubectl get servicebinding
You can view the binding and the generated Postgres credentials using this command:
# show the binding without secrets
$ svcat describe binding testinstance-binding -n $OSB_NAMESPACE
Name: testinstance-binding
Namespace: demo
Status: Ready - Injected bind result @ 2018-08-24 13:44:29 +0000 UTC
Secret: testinstance-binding
Instance: testinstance
Parameters:
No parameters defined
Secret Data:
secrets 111 bytes
services 151 bytes
# show the binding with secrets
$ svcat describe binding testinstance-binding --show-secrets -n $OSB_NAMESPACE
Name: testinstance-binding
Namespace: demo
Status: Ready - Injected bind result @ 2018-08-24 13:44:29 +0000 UTC
Secret: testinstance-binding
Instance: testinstance
Parameters:
No parameters defined
Secret Data:
secrets [{"data":{"postgres":"mu7BDsFi3X","primaryuser":"FHhQwZAeot","testuser":"My2g9BxjFD"},"name":"somesecretname"}]
services [{"name":"testinstance","spec":{"clusterIP":"10.104.162.117","externalIPs":[""],"ports":[{"name":"postgres","port":5432,"targetPort":0}]},"status":""}]
You can also use the svcat Service Catalog CLI to inspect the service catalog.
$ svcat get brokers NAME URL STATUS +---------+-------------------------------------------+--------+ pgo-osb http://pgo-osb.demo.svc.cluster.local:443 Ready
$ svcat get classes NAME DESCRIPTION +-----------------+--------------+ pgo-osb-service The pgo osb!
$ svcat describe class pgo-osb-service Name: pgo-osb-service Description: The pgo osb! UUID: 4be12541-2945-4101-8a33-79ac0ad58750 Status: Active Tags: Broker: pgo-osb Plans: NAME DESCRIPTION +---------+--------------------------------+ default The default plan for the pgo osb service
$ svcat get instances -n $OSB_NAMESPACE NAME NAMESPACE CLASS PLAN STATUS +------------+-----------+-----------------+---------+--------+ testinstance demo pgo-osb-service default Ready testy4 demo pgo-osb-service default Ready
You can remove the bindings and instances using these commands:
$ svcat unbind testinstance -n $OSB_NAMESPACE deleted testinstance-binding $ svcat unbind testinstance2 -n $OSB_NAMESPACE deleted testinstance2-binding $ svcat deprovision testinstance -n $OSB_NAMESPACE deleted testinstance $ svcat deprovision testinstance2 -n $OSB_NAMESPACE deleted testinstance2