dell emc ecs: storage broker installation guide
TRANSCRIPT
H18532
Deployment and Configuration Guide
Dell EMC ECS: Storage Broker Installation Guide .
Abstract This document describes how to configure and use the Dell EMC ECS™ Storage
Broker for Kubernetes in a DevOps deployment. Testing is based on ECS 3.5,
Kubernetes 1.18 and 1.19, and OpenShift 4.4.
October 2020
Revisions
2 Dell EMC ECS: Storage Broker Installation Guide | H18532
Revisions
Date Description
October 2020 Initial release
Acknowledgments
Authors: Christopher Jenkins and Christoffer Braendstrup
Support: Jarvis Zhu
The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this
publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.
Use, copying, and distribution of any software described in this publication requires an applicable software license.
Copyright © 2020 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell
Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [10/19/2020] [Deployment and Configuration Guide] [H18532]
Table of contents
3 Dell EMC ECS: Storage Broker Installation Guide | H18532
Table of contents
Revisions............................................................................................................................................................................. 2
Acknowledgments ............................................................................................................................................................... 2
Table of contents ................................................................................................................................................................ 3
Executive summary ............................................................................................................................................................. 4
1 Installing Kubernetes service catalog ........................................................................................................................... 5
1.1 Install Kubernetes service catalog with helm ..................................................................................................... 5
1.2 Install sv-cat CLI tool .......................................................................................................................................... 7
1.2.1 Linux ................................................................................................................................................................... 7
1.2.2 MacOS ................................................................................................................................................................ 7
1.2.3 Windows ............................................................................................................................................................. 7
2 Retrieving the ECS management SSL certificate ........................................................................................................ 8
3 Installing the ECS storage broker................................................................................................................................. 9
3.1 Clone the Dell EMC ECS service broker repository ........................................................................................... 9
3.2 Installation setup ............................................................................................................................................... 10
3.3 Install the ECS storage broker .......................................................................................................................... 12
4 Using sv-cat with ECS ................................................................................................................................................ 13
5 Provisioning a bucket with sv-cat ............................................................................................................................... 15
5.1 Creating an instance ......................................................................................................................................... 15
5.2 Binding an instance .......................................................................................................................................... 16
6 Provisioning a bucket with Kubernetes YAML ........................................................................................................... 17
6.1 Creating an instance ......................................................................................................................................... 17
6.2 Binding an instance .......................................................................................................................................... 18
A Technical support and resources ............................................................................................................................... 20
Executive summary
4 Dell EMC ECS: Storage Broker Installation Guide | H18532
Executive summary
In the world of Cloud Native applications and infrastructure, it is essential to ensure that the apps and
infrastructure are designed, built and deployed in the best way possible.
Containers were designed to be stateless, meaning they are completely self-contained, holds only static data
relevant to the specific function of the container itself, and allow for dynamic scaling and deployment without
considerations of locality or underlying infrastructure. However, in a stateless environment, data persistence
becomes a key challenge.
While it is possible to use CSI drivers to attach traditional storage to containers, the result is that the
containers are no longer truly stateless. Utilizing the OpenServiceBroker (OSB) standard with the ECS
Storage Broker, it becomes possible to provision object storage in native PaaS & Kubernetes environments,
which for Kubernetes enables using standard Kubernetes methodologies and concepts, such as Kubernetes
Secrets to store credentials.
The OSB Service Catalog and ECS Broker enables modern application developers to persist data externally
on the Dell EMC ECS object storage system, without considerations for where or how they deploy their apps,
as they are no longer tied to a CSI provisioned block/file mount. Additionally, it allows for near unlimited scale
in terms of capacity due to the inherent linear scale-out model of Dell EMC ECS.
This document will function as a guide to installing both Service Catalog and the ECS Broker, while also show
casing different provisioning methods as shown in figure 1.
ECS Storage Broker Architecture Diagram
Installing Kubernetes service catalog
5 Dell EMC ECS: Storage Broker Installation Guide | H18532
1 Installing Kubernetes service catalog This document assumes you already have a working Kubernetes and ECS Cluster which you can access
from a client machine. To complete the steps in this document you will need to have a client machine with
either Windows, Linux or MacOS installed which meets the below criteria.
• Internet access on your client and Kubernetes cluster.
• Kubectl installed and configured on your client machine.
• Helm (3.x) installed.
• OpenSSL installed.
• RBAC enabled on the Kubernetes Cluster.
• Management & data endpoints and credentials for ECS.
• Have an account with admin access to your Kubernetes Cluster.
Note: You can find the official Service Catalog install guide in Technical Support and Resources Section
1.1 Install Kubernetes service catalog with helm
On a default installation of Kubernetes, irrespective of your distribution, it is highly likely that the Kubernetes
Service Catalog will not be pre-installed. Before we can install and configure the Dell Technologies ECS
Service Broker we need to have a working Service Catalog environment. To accomplish this, we will need to
use Helm to install svc-cat (Service Catalog) pods into your Kubernetes cluster.
Add the SVC-CAT repository to your Helm instance on your client machine.
root@local:~# helm repo add svc-cat https://svc-catalog-
charts.storage.googleapis.com
svc-cat has been added to your repositories
root@local:~# helm repo list
NAME URL
svc-cat https://svc-catalog-charts.storage.googleapis.com
root@local:~# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "svc-cat" chart repository
Update Complete. ⎈ Happy Helming!⎈
Search the SVC-CAT repository to see all of the different versions of svc-cat to install. At this point you
should have the SVC-CAT Helm repository installed into your local Helm.
root@local:~# helm search repo svc-cat
NAME CHART VERSION APP VERSION DESCRIPTION
svc-cat/catalog 0.3.0 service-catalog webhook
server and controller-m...
svc-cat/catalog-v0.2 0.2.3 service-catalog API
server and controller-manag...
svc-cat/healthcheck 0.3.0 HealthCheck monitors the
health of Service Catalog
svc-cat/test-broker 0.3.0 test service-broker
deployment
Installing Kubernetes service catalog
6 Dell EMC ECS: Storage Broker Installation Guide | H18532
Create a namespace in your Kubernetes cluster to install the Service Catalog and ECS broker into. This is
not essential but keeps your Kubernetes cluster tidy and easier to manage.
Note: Using the namespace called “catalog” is not essential, you are free to name your service catalog
namespace any name.
root@local:~# kubectl create namespace catalog
namespace/catalog created
Now it is time to install the Service Catalog with Helm into the new Kubernetes namespace.
root@local:~# helm install catalog svc-cat/catalog --namespace catalog
NAME: catalog
LAST DEPLOYED: Fri Jul 10 06:42:56 2020
NAMESPACE: catalog
STATUS: deployed
REVISION: 1
TEST SUITE: None
Once the installation has completed you can check your Kubernetes Cluster to see if all the required Service
Catalog pods have been installed. Issue the below command on your Kubernetes cluster replacing the
namespace if you did not use catalog.
root@local:~# kubectl get all -n catalog
NAME READY STATUS
RESTARTS AGE
pod/catalog-catalog-controller-manager-75fffdcf57-ztstz 1/1 Running 0
26s
pod/catalog-catalog-webhook-7d8497cdf6-hm8qs 1/1 Running 0
26s
NAME TYPE CLUSTER-IP
EXTERNAL-IP PORT(S) AGE
service/catalog-catalog-controller-manager ClusterIP 10.106.203.12 <none>
443/TCP 26s
service/catalog-catalog-webhook NodePort 10.99.166.118 <none>
443:31443/TCP 26s
26s
You want to see two pods controller-manager and webhook and their relevant inter-cluster services. The
ECS Storage Broker uses these internal services to interface with the ECS Storage Broker.
Note: In OpenShift v4.4 and earlier, the Service Catalog must be enabled manually.
Find the guide to enabling Service Catalog on OpenShift in the Technical Support and Resources Section
Installing Kubernetes service catalog
7 Dell EMC ECS: Storage Broker Installation Guide | H18532
1.2 Install sv-cat CLI tool
The sv-cat CLI tool is a user-friendly interface to the Service Catalog pods installed in the previous chapter.
SV-CAT allows users to view connected object storage systems available plans which have been created by
storage administrators. The sv-cat tool is deployable on the major operating systems.
From the list below pick your OS of your client machine and install the sv-cat CLI tool.
1.2.1 Linux
curl -sLO https://download.svcat.sh/cli/latest/linux/amd64/svcat
chmod +x ./svcat
mv ./svcat /usr/local/bin/
svcat version –client
1.2.2 MacOS With Brew Package Manager
brew update
brew install kubernetes-service-catalog-client
From source
curl -sLO https://download.svcat.sh/cli/latest/darwin/amd64/svcat
chmod +x ./svcat
mv ./svcat /usr/local/bin/
1.2.3 Windows The PowerShell snippet below adds a directory to your PATH for the current session only. You will need to
find a permanent location for it and add it to your PATH.
iwr 'https://download.svcat.sh/cli/latest/windows/amd64/svcat.exe' -
UseBasicParsing -OutFile
svcat.exe
mkdir -f ~\bin
Move-Item -Path svcat.exe -Destination ~\bin
$env:PATH += ";${pwd}\bin"
Note: Official guide on sv-cat is in Technical Support and Resources Section
Retrieving the ECS management SSL certificate
8 Dell EMC ECS: Storage Broker Installation Guide | H18532
2 Retrieving the ECS management SSL certificate The ECS Storage Broker utilizes an HTTPS connection to the ECS Management API. For a successful
installation of the ECS Storage Broker you will need to retrieve the ECS management SSL certificate from
your ECS cluster.
To perform this task, you will need to know the IP address of a node or VIP of your load balanced
management network for your ECS Cluster.
To retrieve the certificate, refer to the below command. The openssl command was issued on a Linux
command line so syntax may vary if run from a different operating system.
echo -n | openssl s_client -connect <MGNT_IP>:4443 | sed -ne '/-BEGIN
CERTIFICATE-/,/-END CERTIFICATE-/p'
Below is an example output from the above command.
-----BEGIN CERTIFICATE-----
MIIDCDCCAfCgAwIBAgIIXX4NHKuKh/MwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UE
AxMJbG9jYWxob3N0MB4XDTE3MDkxODA5MzEzMVoXDTI3MDkxNjA5MzEzMVowFDES
MBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0x1t7Cnl/WwdsWYyp07xBTgrMixiq7F77cXMnh6+t1rCfJpazlg+Oy/rkA5f
Cgx7q+QGGW28raGFOfCPnuXLJnJCM6+Vn9u7ITcCCGJ+I47R06eRtIyaroLSg9y2
Sj6Ghxr2VsFJSLNEhSIkcnWSF6Zeu+P1pRpgBtbM4R9KYXWZw7WlnflnCQbZ+/5F
VUzXS9Q2AiMvEIs7n+sCWzrJ53MltUtMPJpruC+QQBRsugfR7JPPAo5ROXcBiWlA
82oOVXG8tRA/bvUdQ2e1jjUaUHjwumD7KUyjlN1ZO8OTjvL51Bmo18u2YO8gegM8
qMN+PJTZiKzFO+aC+3mNeYqpwQIDAQABo14wXDAfBgNVHSMEGDAWgBR4Ml8peNTB
rN4anZBo8KtEpbFSbDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0O
BBYEFHgyXyl41MGs3hqdkGjwq0SlsVJsMA0GCSqGSIb3DQEBCwUAA4IBAQBldvQI
faa/iwjeMisVIB8fFA/kdCjfck/SoOdRB1mj/MraRUemMLFyTQj6W5LH5hGT5mOS
fwcsExNNvvvEuhmePiLm/Jo4JtN23AyehRrOTQiLnUIjeuiVMHrOh5fupkVEI5wi
bRbk9MFXkIz+XYrtDHXM+D0iyRB+DttLqAsz60+I5fPZ+57kwzD2IZlEABflc9Mi
nqDIzn+TWDshEtme4+DvMF9p3ErY8rexzaTwj4ZLLuM3ppw0XDLUbY+Yc6x+9cME
AjErToNLYf7+8Ws5CkzCQWr1miCqLcP5hhxX
-----END CERTIFICATE-----
Note: The above is a lab example of a certificate and should not be used to install the ECS Storage Broker.
To proceed to the next chapter save your ECS Management SSL certificate, including the -----BEGIN
CERTIFICATE----- and -----END CERTIFICATE----- lines, from the output of the openssl command.
Installing the ECS storage broker
9 Dell EMC ECS: Storage Broker Installation Guide | H18532
3 Installing the ECS storage broker The ECS Storage Broker is a tool created by Dell Technologies to operate with the Dell EMC ECS product.
The storage broker has been designed to support the Open Storage Broker specifications and is distributed
under an opensource licensing and support model.
Note: This guide assumes that kubectl and helm are both properly installed and configured on the client
machine.
3.1 Clone the Dell EMC ECS service broker repository
On your client system, navigate to a location where you want to download the Service Broker repository to.
Before proceeding, validate that you are in the desired directory.
Using git clone to take a copy of the ECS Service Broker repository into your client machine.
root@local:~# git clone https://github.com/thecodeteam/ecs-cf-service-broker.git
Cloning into 'ecs-cf-service-broker'...
remote: Enumerating objects: 139, done.
remote: Counting objects: 100% (139/139), done.
remote: Compressing objects: 100% (87/87), done.
remote: Total 7771 (delta 72), reused 100 (delta 36), pack-reused 7632
Receiving objects: 100% (7771/7771), 1.17 MiB | 592.00 KiB/s, done.
Resolving deltas: 100% (3425/3425), done.
Change directories into “charts” which is in the newly cloned local repository. The below shows a listing of all
the YAML files used for the installation.
root@local:~# cd ecs-cf-service-broker/charts
root@local:~/ecs-cf-service-broker# ls
-rw-r--r-- 1 root root 1.8K Jul 10 07:34 values.yaml
drwxr-xr-x 2 root root 4.0K Jul 10 07:34 templates
-rw-r--r-- 1 root root 131 Jul 10 07:34 Chart.yaml
root@local:~/ecs-cf-service-broker# ls charts/templates/
-rw-r--r-- 1 root root 257 Jul 10 07:34 service.yaml
-rw-r--r-- 1 root root 709 Jul 10 07:34 secrets.yaml
-rw-r--r-- 1 root root 1.6K Jul 10 07:34 deployment.yaml
-rw-r--r-- 1 root root 4.3K Jul 10 07:34 configmap.yaml
-rw-r--r-- 1 root root 434 Jul 10 07:34 broker.yaml
-rw-r--r-- 1 root root 3.7K Jul 10 07:34 application.yaml
Note: Dell EMC ECS Service Broker repository address https://github.com/thecodeteam/ecs-cf-service-broker
Installing the ECS storage broker
10 Dell EMC ECS: Storage Broker Installation Guide | H18532
3.2 Installation setup
For a base deployment, the only file that will require manipulation in the charts directory is the values.yaml
file.
We will now step through the customisable sections of the values.yaml file. There are five key items that must
be configured in the values.yaml file for a broker deployment to succeed.
Note: Before installing the ECS Storage Broker you must create or select the namespace and replication
group on the ECS Cluster, these details are required to populate the values.yaml file.
All items in red need to be customised for your specific ECS and Kubernetes Cluster.
1. ECS Namespace, Replication Group and Bucket naming prefix.
namespace: "131701420476682255" # ECS namespace FOR ALL SC created buckets
prefix: "kubetesting-" # You can customise the bucket prefix to whatever you want
replicationGroup: "ecstestdrivegeo" # Copy the human readable name of the ECS
replication group to associate with your SC created buckets
2. The SSL Certificate for the ECS Management interface which you have copied from the previous
chapter.
# Management SSL Custom CA Trust Certificate
certificate: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
3. Credentials to your ECS Cluster, including endpoint info, namespace name, namespace administrator
credentials
# ECS Object API
api:
name: ecs-broker m
namespace: 131701420476682255 # Copy the same namespace as above
endpoint: "https://FQDN_ECS_DATA_ENDPOINT"
# ECS Management Endpoint
ecsConnection:
name: ecs-broker-connection j
endpoint: "https://FQDN_ECS_Mgnt_ENDPOINT"
username: **************** # ECS Management User
password: **************** # ECS Management Password
Installing the ECS storage broker
11 Dell EMC ECS: Storage Broker Installation Guide | H18532
4. Define the default reclaimPolicy (Fail, Detach, Delete).
a. Fail:
b. Detach:
c. Delete:
# The default ReclaimPolicy to use if one has not been explicitly specified
(valid values are Fail, Detach, Delete)
defaultReclaimPolicy: Detach #You can alter the default delete policy when
an instance has been unbound. The options are Detach, Delete or Fail.
5. Set serviceCatalog: true to register the ECS Storage Broker in Kubernetes Service Catalog.
Installing the ECS storage broker
12 Dell EMC ECS: Storage Broker Installation Guide | H18532
3.3 Install the ECS storage broker
Once the values.yaml file has been populated with your ECS Cluster details, it is time to use Helm to install
the ECS Storage Broker service into your Kubernetes Cluster.
We will be using Helm to install from the local repository we cloned in a previous step.
root@local:~/ecs-cf-service-broker# helm install ecs-service-broker charts/ -f
charts/values.yaml -n catalog
NAME: ecs-service-broker
LAST DEPLOYED: Fri Jul 10 10:35:27 2020
NAMESPACE: catalog
STATUS: deployed
REVISION: 1
TEST SUITE: None
After deployment completes, wait a few minutes to allow the broker to start in your Kubernetes Cluster.
Validate that it is up and running using kubectl command below. When the ecs-service-broker pod is in the
Running status you have completed the ECS Storage Broker install.
root@local:~/ecs-cf-service-broker# kubectl get all -n catalog
NAME READY STATUS
RESTARTS AGE
pod/catalog-catalog-controller-manager-75fffdcf57-ztstz 1/1 Running 0
3h53m
pod/catalog-catalog-webhook-7d8497cdf6-hm8qs 1/1 Running 0
3h53m
pod/ecs-service-broker-76f565ff84-xq4xr 1/1 Running 0
39s
NAME TYPE CLUSTER-IP
EXTERNAL-IP PORT(S) AGE
service/catalog-catalog-controller-manager ClusterIP 10.106.203.12 <none>
443/TCP 3h53m
service/catalog-catalog-webhook NodePort 10.99.166.118 <none>
443:31443/TCP 3h53m
service/ecs-service-broker ClusterIP 10.101.147.93 <none>
9090/TCP 39s
Using sv-cat with ECS
13 Dell EMC ECS: Storage Broker Installation Guide | H18532
4 Using sv-cat with ECS Once the ECS Storage Broker has been installed, we will now show how to provision an ECS bucket using
the sv-cat CLI tool.
First, verify if the ECS Storage Broker is connected to sv-cat. Use the below command, if you see something
similar to below your ECS Storage Broker is working.
root@local:~/ecs-cf-service-broker# svcat get brokers
NAME NAMESPACE URL
STATUS
+---------------------------+-----------+---------------------------------------
-+------+
ecs-service-broker-client http://ecs-service-broker.catalog:9090
Ready
Using the svcat describe parameter, it's possible to get more information about both the ECS Storage Broker
including classes and plans.
root@local:~# svcat describe class ecs-bucket
Name: ecs-bucket
Scope: cluster
Description: Elastic Cloud S3 Object Storage Bucket
Kubernetes Name: f3cbab6a-5172-4ff1-a5c7-72990f0ce2aa
Status: Active
Tags: s3, bucket
Broker: ecs-service-broker-client
Plans:
NAME DESCRIPTION
+-----------+----------------------+
unlimited Pay per GB for Month
5gb Free Trial
By default, the ECS Storage Broker ships with two plans, an unlimited or 5Gb limited bucket plan. To see
plans which your Storage Broker is advertising use svcat marketplace.
root@local:~/ecs-cf-service-broker# svcat marketplace
CLASS PLANS DESCRIPTION
+------------+-----------+----------------------------------------+
ecs-bucket unlimited Elastic Cloud S3 Object Storage Bucket
5gb
Note: It is possible to modify the default Storage Plans during installation time. Information on this will be
included in an appendix of this document in a later revision.
Using sv-cat with ECS
14 Dell EMC ECS: Storage Broker Installation Guide | H18532
If you describe the plans, you'll see the description and whether any instances of that plan has been
provisioned inside your ECS Cluster. The examples below show the output of both plans that were listed in
the class description.
root@local:~# svcat describe plan 5gb --scope cluster
Name: 5gb
Description: Free Trial
Kubernetes Name: 8e777d49-0a78-4cf4-810a-b5f5173b019d
Status: Active
Free: true
Class: ecs-bucket
Instances:
No instances defined
root@local:~# svcat describe plan unlimited --scope cluster
Name: unlimited
Description: Pay per GB for Month
Kubernetes Name: 89d20694-9ab0-4a98-bc6a-868d6d4ecf31
Status: Active
Free: false
Class: ecs-bucket
Instances:
No instances defined
Provisioning a bucket with sv-cat
15 Dell EMC ECS: Storage Broker Installation Guide | H18532
5 Provisioning a bucket with sv-cat In this section we will explore using the ECS Storage Broker with the sv-cat CLI tool on your client machine
for provisioning.
When using the OSB to provision, the provisioning process will automatically provide both credentials and
resources details to Kubernetes and store them in the relevant Kubernetes namespace as a Kubernetes
“Secret”. This allows the applications/pods to natively access the credentials and resources present in the
namespace.
5.1 Creating an instance
Sv-cat works in coordination with your ECS and Kubernetes Cluster. When provisioning against an
advertised plan you will need to provide, on the command line, the Kubernetes namespace to connect the
bucket to and which ECS Broker plan to provision from.
In the below command you will need to define an instance name set by the person provisioning, class which
is the ECS Storage Broker name and plan which will line up with one of the advertised plans from the ECS
Storage Broker.
root@local:~/ecs-cf-service-broker# svcat provision demo-instance --class ecs-
bucket --plan unlimited
Name: demo-instance
Namespace: default
Status:
Class: f3cbab6a-5172-4ff1-a5c7-72990f0ce2aa
Plan: 89d20694-9ab0-4a98-bc6a-868d6d4ecf31
Parameters:
No parameters defined
Note: In the example above, the bucket is provisioned into the default namespace. To provision to a
namespace add a --namespace namespace parameter
To view the provisioned instance (bucket) created issue the below command.
root@local:~/ecs-cf-service-broker# svcat get instances
NAME NAMESPACE CLASS PLAN STATUS
+---------------+-----------+--------------------------------------+--------------------------------------+--------+
demo-instance default f3cbab6a-5172-4ff1-a5c7-72990f0ce2aa 89d20694-9ab0-4a98-bc6a-868d6d4ecf31 Ready
What this command is telling us is we have created on your ECS Cluster a bucket with no quota limits. At the
moment the bucket has not been connected to the Kubernetes namespace where it will be used.
To connect the newly created bucket to your Kubernetes Cluster you will need to create a binding to a
Kubernetes namespace.
Provisioning a bucket with sv-cat
16 Dell EMC ECS: Storage Broker Installation Guide | H18532
5.2 Binding an instance
For your application to be able access the ECS bucket created, you will need to tell sv-cat to bind (create
object user/access key) the bucket to your application namespace in Kubernetes.
Issue the below command to bind your instance.
root@local:~/ecs-cf-service-broker# svcat bind demo-instance
Name: demo-instance
Namespace: default
Status:
Secret: demo-instance
Instance: demo-instance
Parameters:
No parameters defined
Note: As with the previous instance provisioning, it is important to remember whether a namespace was
defined during provisioning, as this setting must match on the binding.
To validate the binding was successful issue the below command.
root@local:~# svcat get bindings
NAME NAMESPACE INSTANCE STATUS
+---------------+-----------+---------------+--------+
demo-instance default demo-instance Ready
To explore further what the binding has done with Kubernetes you the describe command. This will show the
secret information which has been placed into your application namespace in Kubernetes.
root@local:~# svcat describe binding demo-instance
Name: demo-instance
Namespace: default
Status: Ready - Injected bind result @ 2020-07-10 14:43:02 +0000 UTC
Secret: demo-instance
Instance: demo-instance
Parameters:
No parameters defined
Secret Data:
accessKey 48 bytes
bucket 48 bytes
endpoint 25 bytes
path-style-access 4 bytes
s3Url 168 bytes
secretKey 40 bytes
Provisioning a bucket with Kubernetes YAML
17 Dell EMC ECS: Storage Broker Installation Guide | H18532
6 Provisioning a bucket with Kubernetes YAML If you prefer to incorporate the ECS bucket provisioning process into your CI/CD pipeline, it is possible to
utilize the native kubectl CLI and YAML files.
6.1 Creating an instance
A service instance is a representation of an ECS bucket, automatically provisioned against a published
service plan. You will need to create at least one instance (bucket) to connect to your application.
To create an instance, you will need to apply a YAML configuration similar to below.
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceInstance
metadata:
name: yaml-instance-v2
namespace: default
spec:
clusterServiceClassExternalName: ecs-bucket
clusterServicePlanExternalName: 5gb
parameters:
reclaim-policy: Delete
In the ServiceInstance YAML, you will declare an instance name (name) and a Kubernetes namespace
(namespace) where your applications will run. The Kubernetes namespace needs to exist in the cluster
before running this YAML.
In the spec section of the YAML, you will declare the ECS cluster you want to provision a bucket in
(clusterServiceClassExternalName) and select your plan (clusterServicePlanName).
After running the Service Instance YAML, you will have a bucket created on the ECS Cluster, but there will be
no access to the bucket. To gain access, you will need to bind your created instance to your namespace.
Follow section two to complete an instance bind.
Provisioning a bucket with Kubernetes YAML
18 Dell EMC ECS: Storage Broker Installation Guide | H18532
6.2 Binding an instance
Binding an Instance to a Kubernetes cluster will tell the service broker to create an object user with full control
rights to the instance (bucket) and then create a secret configuration and place the secret into the namespace
you configured in the Instance creation step.
Below is the YAML structure you will use to initiate binding.
kind: ServiceBinding
metadata:
name: yaml-instance-v2-binding
namespace: default
spec:
instanceRef:
name: yaml-instance-v2
secretName: shhh-my-secret
In the metadata name line, you will add a name to identify your binding, in the namespace line add in the
Kubernetes namespace which you want to use the secret in or where your application resides. The
namespace has to exist at the time of running this YAML.
In spec, instanceeRef the name line needs to match the instance you created in the previous YAML, this is so
the binding know which bucket to create the object user for. In the secretName this allows you to apply a
custom name to your Kubernetes secret file.
Below is a sample Kubernetes secret file. To use this secret file inside a pod you have two options:
Import the secret data as individual environment variables into your pod.
Mount the secret file as a volume definition in your pod YAML file.
root@local:~# kubectl describe secret shhh-my-secret
Name: shhh-my-secret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
accessKey: 48 bytes
bucket: 48 bytes
endpoint: 25 bytes
path-style-access: 4 bytes
s3Url: 166 bytes
secretKey: 40 bytes
Provisioning a bucket with Kubernetes YAML
19 Dell EMC ECS: Storage Broker Installation Guide | H18532
If you want to decode the base64 encryption which a Kubernetes Secret file has been wrapped in use the
below command with the corresponding JSON Path’s.
Below are the JSON Path for all of the areas of the secret file.
i. {.data.accessKey}
ii. {.data.secretKey}
iii. {.data.bucket}
iv. {.data.endpoint}
v. {.data.s3Url}
vi. {.data.path-style-access}
To decode the base64 encoded secrets use the below example and subsittute the JSON path fields.
root@local:~# kubectl get secrets <SECRET_NAME> -o jsonpath='{.data.accessKey}'
-n <NAMESPACE> | base64 -d
Technical support and resources
20 Dell EMC ECS: Storage Broker Installation Guide | H18532
A Technical support and resources
Dell.com/support is focused on meeting customer needs with proven services and support.
Storage and data protection technical white papers and videos provide expertise that helps to ensure
customer success with Dell EMC storage and data protection products.
A.1 Related resources
• Service Catalog is an official Installation Guide
• SV-CAT is an official Installation Guide
• OpenShift 4.x Guide is an official Installation Guide for Service Catalog
• GitHub Repository is the location for ECS Service Broker