README ¶
Template service broker
The template service broker implements an Open Service Broker API compatible broker which provisions and deprovisions OpenShift templates.
There are three main components to the work:
-
Template service broker implementation (/pkg/template/servicebroker). This plugs into the generic Open Service Broker API framework mentioned below. Currently, when enabled, the template service broker is provided by the OpenShift master at https://<master>:8443/brokers/template.openshift.io/v2/. The template service broker stores its state in non-namespaced BrokerTemplateInstance objects in etcd.
-
Generic Open Service Broker API and server framework (/pkg/openservicebroker/{api,server}). This provides the general server framework into which individual broker implementations such as the template service broker can be plugged.
-
TemplateInstance API object and controller (/pkg/template/controller). This provides a standard k8s/OpenShift-style mechanism to instantiate templates, which is consumed by the template service broker and may in the future have additional consumers. The TemplateInstance controller stores its state in namespaced TemplateInstance objects in etcd.
TemplateInstance API object and controller
A TemplateInstance API object Spec contains a full copy of a Template, a reference to a Secret, and the identity of a user.
When a TemplateInstance API object is created in a particular namespace, the TemplateInstance controller will instantiate the template according to the parameters contained in the referred Secret, using the user's privileges.
All objects created by the TemplateInstance controller are labelled with reference to the TemplateInstance object, and the TemplateInstance object is also added to created objects' OwnerReferences. This has the effect that when a TemplateInstance object is deleted, the garbage collector should automatically remove all objects associated to the TemplateInstance object which were created by the controller.
Currently, TemplateInstance objects are effectively immutable once created.
Template service broker
The Template service broker implements the Open Service Broker API endpoints:
-
Catalog: returns a list of available templates as OSB API Service objects (the templates are read from one or more namespaces configured in the master config).
-
Provision: provision a given template (referred by its UID) into a namespace. Under the covers, this creates a non-namespaced BrokerTemplateInstance object for the template service broker to store state associated with the the instantiation, as well as the Secret and TemplateInstance objects which are picked up by the TemplateInstance controller. Provision is an asynchronous operation: it may return before provisioning is completed, and the provision status can (must) be recovered via the Last Operation endpoint (see below).
-
Bind: for a given template, return "credentials" exposed in any created ConfigMap, Secret, Service or Route object (see ExposeAnnotationPrefix and Base64ExposeAnnotationPrefix documentation). The Bind call records the fact that it took place in the appropriate BrokerTemplateInstance object.
-
Unbind: this simply removes the metadata previously placed in the BrokerTemplateInstance object by a Bind call.
-
Deprovision: removes the objects created by the Provision call. The garbage collector removes all additional objects created by the TemplateInstance controller, hopefully transitively, as documented above.
-
Last Operation: returns the status of the previously run asynchronous operation. In the template service broker, Provision is the only asynchronous operation.
The template service broker is enabled by adding the following (example) configuration to the OpenShift master config and restarting the master:
templateServiceBrokerConfig:
templateNamespaces:
- openshift
When enabled, the template service broker is currently provided by the OpenShift master at https://<master>:8443/brokers/template.openshift.io/v2/.
Simple shell scripts which use curl
to query the API can be found in
the test-scripts/ subdirectory. See the README.md file contained
therein for more details.
Documentation ¶
Index ¶
- func ValidateBindRequest(breq *api.BindRequest) field.ErrorList
- func ValidateProvisionRequest(preq *api.ProvisionRequest) field.ErrorList
- type Broker
- func (b *Broker) Bind(u user.Info, instanceID, bindingID string, breq *api.BindRequest) *api.Response
- func (b *Broker) Catalog() *api.Response
- func (b *Broker) Deprovision(u user.Info, instanceID string) *api.Response
- func (b *Broker) LastOperation(u user.Info, instanceID string, operation api.Operation) *api.Response
- func (b *Broker) Provision(u user.Info, instanceID string, preq *api.ProvisionRequest) *api.Response
- func (b *Broker) Unbind(u user.Info, instanceID, bindingID string) *api.Response
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidateBindRequest ¶
func ValidateBindRequest(breq *api.BindRequest) field.ErrorList
ValidateBindRequest ensures that a BindRequest is valid, beyond the validation carried out by the service broker framework itself.
func ValidateProvisionRequest ¶
func ValidateProvisionRequest(preq *api.ProvisionRequest) field.ErrorList
ValidateProvisionRequest ensures that a ProvisionRequest is valid, beyond the validation carried out by the service broker framework itself.
Types ¶
type Broker ¶
type Broker struct {
// contains filtered or unexported fields
}
Broker represents the template service broker. It implements openservicebroker/api.Broker.
func NewBroker ¶
func NewBroker(saKubeClientConfig *restclient.Config, informer templateinformer.TemplateInformer, namespaces []string) (*Broker, error)
func (*Broker) Bind ¶
func (b *Broker) Bind(u user.Info, instanceID, bindingID string, breq *api.BindRequest) *api.Response
Bind returns the secrets and services from a provisioned template.
func (*Broker) Catalog ¶
Catalog returns our service catalog (one service per OpenShift template in configured namespace(s)).
func (*Broker) Deprovision ¶
Deprovision is the reverse of Provision. We clean up the TemplateInstance, Secret and BrokerTemplateInstance objects (in that order); the garbage collector is responsible for the removal of the objects provisioned by the Template(Instance) itself.
func (*Broker) LastOperation ¶
func (b *Broker) LastOperation(u user.Info, instanceID string, operation api.Operation) *api.Response
LastOperation returns the status of an asynchronous operation. Currently the OSB API only supports async Provision and Deprovision; we don't currently support async Deprovision as the garbage collector doesn't indicate when it's done cleaning up after a given object is removed.