55d96a2ab7
* Updating chart to use public image Fixes #66 * Update docker tag for osba version 0.4.0-alpha and minStability level Fixes #68 * Bump minor version and added explicit version tag to README * Bump minor version, appVersion added to Chart and added explicit version tag to README * Change impage pull policy and small change to version in docs and appVersion field |
||
---|---|---|
.. | ||
templates | ||
.helmignore | ||
Chart.yaml | ||
README.md | ||
requirements.lock | ||
requirements.yaml | ||
values.yaml |
README.md
Open Service Broker for Azure
Open Service Broker for Azure is the open source, Open Service Broker compatible API server that provisions managed services in the Microsoft Azure public cloud.
This chart bootstraps Open Service Broker for Azure in your Kubernetes cluster.
Prerequisites
- Kubernetes 1.7+ with RBAC enabled
- The Kubernetes Service Catalog software has been installed
- An Azure subscription
- The Azure CLI: You can install it locally or use it in the Azure Cloud Shell
- A service principal with the
Contributor
role on your Azure subscription
Obtain Your Subscription ID
$ export AZURE_SUBSCRIPTION_ID=$(az account show --query id | sed s/\"//g)
Creating a Service Principal
$ az ad sp create-for-rbac
The new service principal will be assigned, by default, to the Contributor
role. The output of the command above will be similar to the following:
{
"appId": "redacted",
"displayName": "azure-cli-xxxxxx",
"name": "http://azure-cli-xxxxxx",
"password": "redacted",
"tenant": "redacted"
}
For convenience in subsequent steps, we will export several of the fields above as environment variables:
$ export AZURE_TENANT_ID=<tenant>
$ export AZURE_CLIENT_ID=<appId>
$ export AZURE_CLIENT_SECRET=<password>
Installing the Chart
Installation of this chart is simple. First, ensure that you've added the
azure
repository. Then, install from the
azure
repo:
$ helm install azure/open-service-broker-azure --name osba --namespace osba \
--set azure.subscriptionId=$AZURE_SUBSCRIPTION_ID \
--set azure.tenantId=$AZURE_TENANT_ID \
--set azure.clientId=$AZURE_CLIENT_ID \
--set azure.clientSecret=$AZURE_CLIENT_SECRET
If you'd like to customize the installation, please see the configuration section to see options that can be configured during installation.
To verify the service broker has been deployed and show installed service classes and plans:
$ kubectl get clusterservicebroker -o yaml
$ kubectl get clusterserviceclasses -o=custom-columns=NAME:.metadata.name,EXTERNAL\ NAME:.spec.externalName
$ kubectl get clusterserviceplans -o=custom-columns=NAME:.metadata.name,EXTERNAL\ NAME:.spec.externalName,SERVICE\ CLASS:.spec.clusterServiceClassRef.name --sort-by=.spec.clusterServiceClassRef.name
Uninstalling the Chart
To uninstall/delete the osba
deployment:
$ helm delete osba --purge
The command removes all the Kubernetes components associated with the chart and deletes the release.
Configuration
The following tables lists the configurable parameters of the Azure Service Broker chart and their default values.
Parameter | Description | Default |
---|---|---|
image.repository |
Docker image location, without the tag. | "microsoft/azure-service-broker" |
image.tag |
Tag / version of the Docker image. | "v0.4.0-alpha" |
image.pullPolicy |
"IfNotPresent" , "Always" , or "Never" ; When launching a pod, this option indicates when to pull the OSBA Docker image. |
"IfNotPresent" |
registerBroker |
Whether to register this broker with the Kubernetes Service Catalog. If true, the Kubernetes Service Catalog must already be installed on the cluster. Marking this option false is useful for scenarios wherein one wishes to host the broker in a separate cluster than the Service Catalog (or other client) that will access it. | true |
service.type |
Type of service; valid values are "ClusterIP" , "LoadBalancer" , and "NodePort" . "ClusterIP" is sufficient in the average case where OSBA only receives traffic from within the cluster-- e.g. from Kubernetes Service Catalog. |
"ClusterIP" |
service.nodePort.port |
If and only if service.type is set to "NodePort" , service.nodePort.port indicates the port this service should bind to on each Kubernetes node. |
30080 |
azure.environment |
Indicates which Azure public cloud to use. Valid values are "AzureCloud" and "AzureChinaCloud" . |
"AzureCloud" |
azure.subscriptionId |
Identifies the Azure subscription into which OSBA will provision services. | none |
azure.tenantId |
Identifies the Azure Active Directory to which the service principal used by OSBA to access the Azure subscription belongs. | none |
azure.clientId |
Identifies the service principal used by OSBA to access the Azure subscription. | none |
azure.clientSecret |
Key/password for the service principal used by OSBA to access the Azure subscription. | none |
basicAuth.username |
Specifies the basic auth username that clients (e.g. the Kubernetes Service Catalog) must use when connecting to OSBA. | "username" ; Do not use this default value in production! |
basicAuth.password |
Specifies the basic auth password that clients (e.g. the Kubernetes Service Catalog) must use when connecting to OSBA. | "password" ; Do not use this default value in production! |
encryptionKey |
Specifies the key used by OSBA for applying AES-256 encryption to sensitive (or potentially sensitive) data. | "This is a key that is 256 bits!!" ; Do not use this default value in production! |
modules.minStability |
Specifies the minimum level of stability an OSBA module must meet for the services and plans it provides to be included in OSBA's catalog of offerings. Valid values are "ALPHA" , "BETA" , and "STABLE" . |
"ALPHA" ; Only use "STABLE" modules in production! |
redis.embedded |
OSBA uses Redis for data persistence and as a message queue. This option indicates whether an on-cluster Redis deployment should be included when installing this chart. If set to false , connection details for a remote Redis cache must be provided. |
true ; Do not use the embedded Redis cache in production! |
redis.host |
If and only if redis.embedded is false , this option specifies the location of the remote Redis cache. |
none |
redis.port |
If and only if redis.embedded is false , this option specifies the port to connect to on the remote Redis host. |
6380 |
redis.redisPassword |
Specifies the Redis password. If redis.embedded is true , this option sets the password on the Redis cache itself and provides it to OSBA. If redis.embedded is false , this option only provides the password to OSBA. In that case, the value of this option must be the correct password for the remote Redis cache. |
"password" ; Do not use this default value in production! |
redis.enableTls |
If and only if redis.embedded is false , this option specifies whether to use a secure connection to the remote Redis host. |
true |
Specify a value for each option using the --set <key>=<value>
switch on the
helm install
command. That switch can be invoked multiple times to set
multiple options.
Alternatively, copy the charts default values to a file, edit the file to your
liking, and reference that file in your helm install
command:
$ helm inspect values azure/open-service-broker-azure > values.yaml
$ vim my-values.yaml
$ helm install azure/open-service-broker-azure --name osba --namespace osba --values my-values.yaml