dell emc ecs: storage broker installation guide

H18532

Deployment and Configuration Guide

Dell EMC ECS: Storage Broker Installation Guide .

Abstract This document describes how to configure and use the Dell EMC ECS™ Storage

Broker for Kubernetes in a DevOps deployment. Testing is based on ECS 3.5,

Kubernetes 1.18 and 1.19, and OpenShift 4.4.

October 2020

Revisions

2 Dell EMC ECS: Storage Broker Installation Guide | H18532

Revisions

Date Description

October 2020 Initial release

Acknowledgments

Authors: Christopher Jenkins and Christoffer Braendstrup

Support: Jarvis Zhu

The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this

publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.

Use, copying, and distribution of any software described in this publication requires an applicable software license.

Copyright © 2020 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell

Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [10/19/2020] [Deployment and Configuration Guide] [H18532]

Table of contents


Table of contents

Revisions............................................................................................................................................................................. 2

Acknowledgments ............................................................................................................................................................... 2

Table of contents ................................................................................................................................................................ 3

Executive summary ............................................................................................................................................................. 4

1 Installing Kubernetes service catalog ........................................................................................................................... 5

1.1 Install Kubernetes service catalog with helm ..................................................................................................... 5

1.2 Install sv-cat CLI tool .......................................................................................................................................... 7

1.2.1 Linux ................................................................................................................................................................... 7

1.2.2 MacOS ................................................................................................................................................................ 7

1.2.3 Windows ............................................................................................................................................................. 7

2 Retrieving the ECS management SSL certificate ........................................................................................................ 8

3 Installing the ECS storage broker................................................................................................................................. 9

3.1 Clone the Dell EMC ECS service broker repository ........................................................................................... 9

3.2 Installation setup ............................................................................................................................................... 10

3.3 Install the ECS storage broker .......................................................................................................................... 12

4 Using sv-cat with ECS ................................................................................................................................................ 13

5 Provisioning a bucket with sv-cat ............................................................................................................................... 15

5.1 Creating an instance ......................................................................................................................................... 15

5.2 Binding an instance .......................................................................................................................................... 16

6 Provisioning a bucket with Kubernetes YAML ........................................................................................................... 17

6.1 Creating an instance ......................................................................................................................................... 17

6.2 Binding an instance .......................................................................................................................................... 18

A Technical support and resources ............................................................................................................................... 20

Executive summary


Executive summary

In the world of Cloud Native applications and infrastructure, it is essential to ensure that the apps and

infrastructure are designed, built and deployed in the best way possible.

Containers were designed to be stateless, meaning they are completely self-contained, holds only static data

relevant to the specific function of the container itself, and allow for dynamic scaling and deployment without

considerations of locality or underlying infrastructure. However, in a stateless environment, data persistence

becomes a key challenge.

While it is possible to use CSI drivers to attach traditional storage to containers, the result is that the

containers are no longer truly stateless. Utilizing the OpenServiceBroker (OSB) standard with the ECS

Storage Broker, it becomes possible to provision object storage in native PaaS & Kubernetes environments,

which for Kubernetes enables using standard Kubernetes methodologies and concepts, such as Kubernetes

Secrets to store credentials.

The OSB Service Catalog and ECS Broker enables modern application developers to persist data externally

on the Dell EMC ECS object storage system, without considerations for where or how they deploy their apps,

as they are no longer tied to a CSI provisioned block/file mount. Additionally, it allows for near unlimited scale

in terms of capacity due to the inherent linear scale-out model of Dell EMC ECS.

This document will function as a guide to installing both Service Catalog and the ECS Broker, while also show

casing different provisioning methods as shown in figure 1.

ECS Storage Broker Architecture Diagram

Installing Kubernetes service catalog


1 Installing Kubernetes service catalog This document assumes you already have a working Kubernetes and ECS Cluster which you can access

from a client machine. To complete the steps in this document you will need to have a client machine with

either Windows, Linux or MacOS installed which meets the below criteria.

• Internet access on your client and Kubernetes cluster.

• Kubectl installed and configured on your client machine.

• Helm (3.x) installed.

• OpenSSL installed.

• RBAC enabled on the Kubernetes Cluster.

• Management & data endpoints and credentials for ECS.

• Have an account with admin access to your Kubernetes Cluster.

Note: You can find the official Service Catalog install guide in Technical Support and Resources Section

1.1 Install Kubernetes service catalog with helm

On a default installation of Kubernetes, irrespective of your distribution, it is highly likely that the Kubernetes

Service Catalog will not be pre-installed. Before we can install and configure the Dell Technologies ECS

Service Broker we need to have a working Service Catalog environment. To accomplish this, we will need to

use Helm to install svc-cat (Service Catalog) pods into your Kubernetes cluster.

Add the SVC-CAT repository to your Helm instance on your client machine.

root@local:~# helm repo add svc-cat https://svc-catalog-

charts.storage.googleapis.com

svc-cat has been added to your repositories

root@local:~# helm repo list

NAME URL

svc-cat https://svc-catalog-charts.storage.googleapis.com

root@local:~# helm repo update

Hang tight while we grab the latest from your chart repositories...

...Successfully got an update from the "svc-cat" chart repository

Update Complete. ⎈ Happy Helming!⎈

Search the SVC-CAT repository to see all of the different versions of svc-cat to install. At this point you

should have the SVC-CAT Helm repository installed into your local Helm.

root@local:~# helm search repo svc-cat

NAME CHART VERSION APP VERSION DESCRIPTION

svc-cat/catalog 0.3.0 service-catalog webhook

server and controller-m...

svc-cat/catalog-v0.2 0.2.3 service-catalog API

server and controller-manag...

svc-cat/healthcheck 0.3.0 HealthCheck monitors the

health of Service Catalog

svc-cat/test-broker 0.3.0 test service-broker

deployment



Create a namespace in your Kubernetes cluster to install the Service Catalog and ECS broker into. This is

not essential but keeps your Kubernetes cluster tidy and easier to manage.

Note: Using the namespace called “catalog” is not essential, you are free to name your service catalog

namespace any name.

root@local:~# kubectl create namespace catalog

namespace/catalog created

Now it is time to install the Service Catalog with Helm into the new Kubernetes namespace.

root@local:~# helm install catalog svc-cat/catalog --namespace catalog

NAME: catalog

LAST DEPLOYED: Fri Jul 10 06:42:56 2020

NAMESPACE: catalog

STATUS: deployed

REVISION: 1

TEST SUITE: None

Once the installation has completed you can check your Kubernetes Cluster to see if all the required Service

Catalog pods have been installed. Issue the below command on your Kubernetes cluster replacing the

namespace if you did not use catalog.

root@local:~# kubectl get all -n catalog

NAME READY STATUS

RESTARTS AGE

pod/catalog-catalog-controller-manager-75fffdcf57-ztstz 1/1 Running 0

26s

pod/catalog-catalog-webhook-7d8497cdf6-hm8qs 1/1 Running 0

26s

NAME TYPE CLUSTER-IP

EXTERNAL-IP PORT(S) AGE

service/catalog-catalog-controller-manager ClusterIP 10.106.203.12 <none>

443/TCP 26s

service/catalog-catalog-webhook NodePort 10.99.166.118 <none>

443:31443/TCP 26s

26s

You want to see two pods controller-manager and webhook and their relevant inter-cluster services. The

ECS Storage Broker uses these internal services to interface with the ECS Storage Broker.

Note: In OpenShift v4.4 and earlier, the Service Catalog must be enabled manually.

Find the guide to enabling Service Catalog on OpenShift in the Technical Support and Resources Section



1.2 Install sv-cat CLI tool

The sv-cat CLI tool is a user-friendly interface to the Service Catalog pods installed in the previous chapter.

SV-CAT allows users to view connected object storage systems available plans which have been created by

storage administrators. The sv-cat tool is deployable on the major operating systems.

From the list below pick your OS of your client machine and install the sv-cat CLI tool.

1.2.1 Linux

curl -sLO https://download.svcat.sh/cli/latest/linux/amd64/svcat

chmod +x ./svcat

mv ./svcat /usr/local/bin/

svcat version –client

1.2.2 MacOS With Brew Package Manager

brew update

brew install kubernetes-service-catalog-client

From source

curl -sLO https://download.svcat.sh/cli/latest/darwin/amd64/svcat

chmod +x ./svcat

mv ./svcat /usr/local/bin/

1.2.3 Windows The PowerShell snippet below adds a directory to your PATH for the current session only. You will need to

find a permanent location for it and add it to your PATH.

iwr 'https://download.svcat.sh/cli/latest/windows/amd64/svcat.exe' -

UseBasicParsing -OutFile

svcat.exe

mkdir -f ~\bin

Move-Item -Path svcat.exe -Destination ~\bin

$env:PATH += ";${pwd}\bin"

Note: Official guide on sv-cat is in Technical Support and Resources Section

https://download.svcat.sh/cli/latest/linux/amd64/svcat

https://download.svcat.sh/cli/latest/darwin/amd64/svcat

Retrieving the ECS management SSL certificate


2 Retrieving the ECS management SSL certificate The ECS Storage Broker utilizes an HTTPS connection to the ECS Management API. For a successful

installation of the ECS Storage Broker you will need to retrieve the ECS management SSL certificate from

your ECS cluster.

To perform this task, you will need to know the IP address of a node or VIP of your load balanced

management network for your ECS Cluster.

To retrieve the certificate, refer to the below command. The openssl command was issued on a Linux

command line so syntax may vary if run from a different operating system.

echo -n | openssl s_client -connect <MGNT_IP>:4443 | sed -ne '/-BEGIN

CERTIFICATE-/,/-END CERTIFICATE-/p'

Below is an example output from the above command.

-----BEGIN CERTIFICATE-----

MIIDCDCCAfCgAwIBAgIIXX4NHKuKh/MwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UE

AxMJbG9jYWxob3N0MB4XDTE3MDkxODA5MzEzMVoXDTI3MDkxNjA5MzEzMVowFDES

MBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC

AQEA0x1t7Cnl/WwdsWYyp07xBTgrMixiq7F77cXMnh6+t1rCfJpazlg+Oy/rkA5f

Cgx7q+QGGW28raGFOfCPnuXLJnJCM6+Vn9u7ITcCCGJ+I47R06eRtIyaroLSg9y2

Sj6Ghxr2VsFJSLNEhSIkcnWSF6Zeu+P1pRpgBtbM4R9KYXWZw7WlnflnCQbZ+/5F

VUzXS9Q2AiMvEIs7n+sCWzrJ53MltUtMPJpruC+QQBRsugfR7JPPAo5ROXcBiWlA

82oOVXG8tRA/bvUdQ2e1jjUaUHjwumD7KUyjlN1ZO8OTjvL51Bmo18u2YO8gegM8

qMN+PJTZiKzFO+aC+3mNeYqpwQIDAQABo14wXDAfBgNVHSMEGDAWgBR4Ml8peNTB

rN4anZBo8KtEpbFSbDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0O

BBYEFHgyXyl41MGs3hqdkGjwq0SlsVJsMA0GCSqGSIb3DQEBCwUAA4IBAQBldvQI

faa/iwjeMisVIB8fFA/kdCjfck/SoOdRB1mj/MraRUemMLFyTQj6W5LH5hGT5mOS

fwcsExNNvvvEuhmePiLm/Jo4JtN23AyehRrOTQiLnUIjeuiVMHrOh5fupkVEI5wi

bRbk9MFXkIz+XYrtDHXM+D0iyRB+DttLqAsz60+I5fPZ+57kwzD2IZlEABflc9Mi

nqDIzn+TWDshEtme4+DvMF9p3ErY8rexzaTwj4ZLLuM3ppw0XDLUbY+Yc6x+9cME

AjErToNLYf7+8Ws5CkzCQWr1miCqLcP5hhxX

-----END CERTIFICATE-----

Note: The above is a lab example of a certificate and should not be used to install the ECS Storage Broker.

To proceed to the next chapter save your ECS Management SSL certificate, including the -----BEGIN

CERTIFICATE----- and -----END CERTIFICATE----- lines, from the output of the openssl command.

Installing the ECS storage broker


3 Installing the ECS storage broker The ECS Storage Broker is a tool created by Dell Technologies to operate with the Dell EMC ECS product.

The storage broker has been designed to support the Open Storage Broker specifications and is distributed

under an opensource licensing and support model.

Note: This guide assumes that kubectl and helm are both properly installed and configured on the client

machine.

3.1 Clone the Dell EMC ECS service broker repository

On your client system, navigate to a location where you want to download the Service Broker repository to.

Before proceeding, validate that you are in the desired directory.

Using git clone to take a copy of the ECS Service Broker repository into your client machine.

root@local:~# git clone https://github.com/thecodeteam/ecs-cf-service-broker.git

Cloning into 'ecs-cf-service-broker'...

remote: Enumerating objects: 139, done.

remote: Counting objects: 100% (139/139), done.

remote: Compressing objects: 100% (87/87), done.

remote: Total 7771 (delta 72), reused 100 (delta 36), pack-reused 7632

Receiving objects: 100% (7771/7771), 1.17 MiB | 592.00 KiB/s, done.

Resolving deltas: 100% (3425/3425), done.

Change directories into “charts” which is in the newly cloned local repository. The below shows a listing of all

the YAML files used for the installation.

root@local:~# cd ecs-cf-service-broker/charts

root@local:~/ecs-cf-service-broker# ls

-rw-r--r-- 1 root root 1.8K Jul 10 07:34 values.yaml

drwxr-xr-x 2 root root 4.0K Jul 10 07:34 templates

-rw-r--r-- 1 root root 131 Jul 10 07:34 Chart.yaml

root@local:~/ecs-cf-service-broker# ls charts/templates/

-rw-r--r-- 1 root root 257 Jul 10 07:34 service.yaml

-rw-r--r-- 1 root root 709 Jul 10 07:34 secrets.yaml

-rw-r--r-- 1 root root 1.6K Jul 10 07:34 deployment.yaml

-rw-r--r-- 1 root root 4.3K Jul 10 07:34 configmap.yaml

-rw-r--r-- 1 root root 434 Jul 10 07:34 broker.yaml

-rw-r--r-- 1 root root 3.7K Jul 10 07:34 application.yaml

Note: Dell EMC ECS Service Broker repository address https://github.com/thecodeteam/ecs-cf-service-broker

https://github.com/thecodeteam/ecs-cf-service-broker.git



3.2 Installation setup

For a base deployment, the only file that will require manipulation in the charts directory is the values.yaml

file.

We will now step through the customisable sections of the values.yaml file. There are five key items that must

be configured in the values.yaml file for a broker deployment to succeed.

Note: Before installing the ECS Storage Broker you must create or select the namespace and replication

group on the ECS Cluster, these details are required to populate the values.yaml file.

All items in red need to be customised for your specific ECS and Kubernetes Cluster.

1. ECS Namespace, Replication Group and Bucket naming prefix.

namespace: "131701420476682255" # ECS namespace FOR ALL SC created buckets

prefix: "kubetesting-" # You can customise the bucket prefix to whatever you want

replicationGroup: "ecstestdrivegeo" # Copy the human readable name of the ECS

replication group to associate with your SC created buckets

2. The SSL Certificate for the ECS Management interface which you have copied from the previous

chapter.

# Management SSL Custom CA Trust Certificate

certificate: |

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

3. Credentials to your ECS Cluster, including endpoint info, namespace name, namespace administrator

credentials

# ECS Object API

api:

name: ecs-broker m

namespace: 131701420476682255 # Copy the same namespace as above

endpoint: "https://FQDN_ECS_DATA_ENDPOINT"

# ECS Management Endpoint

ecsConnection:

name: ecs-broker-connection j

endpoint: "https://FQDN_ECS_Mgnt_ENDPOINT"

username: **************** # ECS Management User

password: **************** # ECS Management Password



4. Define the default reclaimPolicy (Fail, Detach, Delete).

a. Fail:

b. Detach:

c. Delete:

# The default ReclaimPolicy to use if one has not been explicitly specified

(valid values are Fail, Detach, Delete)

defaultReclaimPolicy: Detach #You can alter the default delete policy when

an instance has been unbound. The options are Detach, Delete or Fail.

5. Set serviceCatalog: true to register the ECS Storage Broker in Kubernetes Service Catalog.



3.3 Install the ECS storage broker

Once the values.yaml file has been populated with your ECS Cluster details, it is time to use Helm to install

the ECS Storage Broker service into your Kubernetes Cluster.

We will be using Helm to install from the local repository we cloned in a previous step.

root@local:~/ecs-cf-service-broker# helm install ecs-service-broker charts/ -f

charts/values.yaml -n catalog

NAME: ecs-service-broker

LAST DEPLOYED: Fri Jul 10 10:35:27 2020

NAMESPACE: catalog

STATUS: deployed

REVISION: 1

TEST SUITE: None

After deployment completes, wait a few minutes to allow the broker to start in your Kubernetes Cluster.

Validate that it is up and running using kubectl command below. When the ecs-service-broker pod is in the

Running status you have completed the ECS Storage Broker install.

root@local:~/ecs-cf-service-broker# kubectl get all -n catalog

NAME READY STATUS

RESTARTS AGE

pod/catalog-catalog-controller-manager-75fffdcf57-ztstz 1/1 Running 0

3h53m

pod/catalog-catalog-webhook-7d8497cdf6-hm8qs 1/1 Running 0

3h53m

pod/ecs-service-broker-76f565ff84-xq4xr 1/1 Running 0

39s

NAME TYPE CLUSTER-IP

EXTERNAL-IP PORT(S) AGE

service/catalog-catalog-controller-manager ClusterIP 10.106.203.12 <none>

443/TCP 3h53m

service/catalog-catalog-webhook NodePort 10.99.166.118 <none>

443:31443/TCP 3h53m

service/ecs-service-broker ClusterIP 10.101.147.93 <none>

9090/TCP 39s

Using sv-cat with ECS


4 Using sv-cat with ECS Once the ECS Storage Broker has been installed, we will now show how to provision an ECS bucket using

the sv-cat CLI tool.

First, verify if the ECS Storage Broker is connected to sv-cat. Use the below command, if you see something

similar to below your ECS Storage Broker is working.

root@local:~/ecs-cf-service-broker# svcat get brokers

NAME NAMESPACE URL

STATUS

+---------------------------+-----------+---------------------------------------

-+------+

ecs-service-broker-client http://ecs-service-broker.catalog:9090

Ready

Using the svcat describe parameter, it's possible to get more information about both the ECS Storage Broker

including classes and plans.

root@local:~# svcat describe class ecs-bucket

Name: ecs-bucket

Scope: cluster

Description: Elastic Cloud S3 Object Storage Bucket

Kubernetes Name: f3cbab6a-5172-4ff1-a5c7-72990f0ce2aa

Status: Active

Tags: s3, bucket

Broker: ecs-service-broker-client

Plans:

NAME DESCRIPTION

+-----------+----------------------+

unlimited Pay per GB for Month

5gb Free Trial

By default, the ECS Storage Broker ships with two plans, an unlimited or 5Gb limited bucket plan. To see

plans which your Storage Broker is advertising use svcat marketplace.

root@local:~/ecs-cf-service-broker# svcat marketplace

CLASS PLANS DESCRIPTION

+------------+-----------+----------------------------------------+

ecs-bucket unlimited Elastic Cloud S3 Object Storage Bucket

5gb

Note: It is possible to modify the default Storage Plans during installation time. Information on this will be

included in an appendix of this document in a later revision.

Using sv-cat with ECS


If you describe the plans, you'll see the description and whether any instances of that plan has been

provisioned inside your ECS Cluster. The examples below show the output of both plans that were listed in

the class description.

root@local:~# svcat describe plan 5gb --scope cluster

Name: 5gb

Description: Free Trial

Kubernetes Name: 8e777d49-0a78-4cf4-810a-b5f5173b019d

Status: Active

Free: true

Class: ecs-bucket

Instances:

No instances defined

root@local:~# svcat describe plan unlimited --scope cluster

Name: unlimited

Description: Pay per GB for Month

Kubernetes Name: 89d20694-9ab0-4a98-bc6a-868d6d4ecf31

Status: Active

Free: false

Class: ecs-bucket

Instances:

No instances defined

Provisioning a bucket with sv-cat


5 Provisioning a bucket with sv-cat In this section we will explore using the ECS Storage Broker with the sv-cat CLI tool on your client machine

for provisioning.

When using the OSB to provision, the provisioning process will automatically provide both credentials and

resources details to Kubernetes and store them in the relevant Kubernetes namespace as a Kubernetes

“Secret”. This allows the applications/pods to natively access the credentials and resources present in the

namespace.

5.1 Creating an instance

Sv-cat works in coordination with your ECS and Kubernetes Cluster. When provisioning against an

advertised plan you will need to provide, on the command line, the Kubernetes namespace to connect the

bucket to and which ECS Broker plan to provision from.

In the below command you will need to define an instance name set by the person provisioning, class which

is the ECS Storage Broker name and plan which will line up with one of the advertised plans from the ECS

Storage Broker.

root@local:~/ecs-cf-service-broker# svcat provision demo-instance --class ecs-

bucket --plan unlimited

Name: demo-instance

Namespace: default

Status:

Class: f3cbab6a-5172-4ff1-a5c7-72990f0ce2aa

Plan: 89d20694-9ab0-4a98-bc6a-868d6d4ecf31

Parameters:

No parameters defined

Note: In the example above, the bucket is provisioned into the default namespace. To provision to a

namespace add a --namespace namespace parameter

To view the provisioned instance (bucket) created issue the below command.

root@local:~/ecs-cf-service-broker# svcat get instances

NAME NAMESPACE CLASS PLAN STATUS

+---------------+-----------+--------------------------------------+--------------------------------------+--------+

demo-instance default f3cbab6a-5172-4ff1-a5c7-72990f0ce2aa 89d20694-9ab0-4a98-bc6a-868d6d4ecf31 Ready

What this command is telling us is we have created on your ECS Cluster a bucket with no quota limits. At the

moment the bucket has not been connected to the Kubernetes namespace where it will be used.

To connect the newly created bucket to your Kubernetes Cluster you will need to create a binding to a

Kubernetes namespace.

Provisioning a bucket with sv-cat


5.2 Binding an instance

For your application to be able access the ECS bucket created, you will need to tell sv-cat to bind (create

object user/access key) the bucket to your application namespace in Kubernetes.

Issue the below command to bind your instance.

root@local:~/ecs-cf-service-broker# svcat bind demo-instance

Name: demo-instance

Namespace: default

Status:

Secret: demo-instance

Instance: demo-instance

Parameters:


Note: As with the previous instance provisioning, it is important to remember whether a namespace was

defined during provisioning, as this setting must match on the binding.

To validate the binding was successful issue the below command.

root@local:~# svcat get bindings

NAME NAMESPACE INSTANCE STATUS

+---------------+-----------+---------------+--------+

demo-instance default demo-instance Ready

To explore further what the binding has done with Kubernetes you the describe command. This will show the

secret information which has been placed into your application namespace in Kubernetes.

root@local:~# svcat describe binding demo-instance

Name: demo-instance

Namespace: default

Status: Ready - Injected bind result @ 2020-07-10 14:43:02 +0000 UTC

Secret: demo-instance

Instance: demo-instance

Parameters:


Secret Data:

accessKey 48 bytes

bucket 48 bytes

endpoint 25 bytes

path-style-access 4 bytes

s3Url 168 bytes

secretKey 40 bytes

Provisioning a bucket with Kubernetes YAML


6 Provisioning a bucket with Kubernetes YAML If you prefer to incorporate the ECS bucket provisioning process into your CI/CD pipeline, it is possible to

utilize the native kubectl CLI and YAML files.

6.1 Creating an instance

A service instance is a representation of an ECS bucket, automatically provisioned against a published

service plan. You will need to create at least one instance (bucket) to connect to your application.

To create an instance, you will need to apply a YAML configuration similar to below.

apiVersion: servicecatalog.k8s.io/v1beta1

kind: ServiceInstance

metadata:

name: yaml-instance-v2

namespace: default

spec:

clusterServiceClassExternalName: ecs-bucket

clusterServicePlanExternalName: 5gb

parameters:

reclaim-policy: Delete

In the ServiceInstance YAML, you will declare an instance name (name) and a Kubernetes namespace

(namespace) where your applications will run. The Kubernetes namespace needs to exist in the cluster

before running this YAML.

In the spec section of the YAML, you will declare the ECS cluster you want to provision a bucket in

(clusterServiceClassExternalName) and select your plan (clusterServicePlanName).

After running the Service Instance YAML, you will have a bucket created on the ECS Cluster, but there will be

no access to the bucket. To gain access, you will need to bind your created instance to your namespace.

Follow section two to complete an instance bind.



6.2 Binding an instance

Binding an Instance to a Kubernetes cluster will tell the service broker to create an object user with full control

rights to the instance (bucket) and then create a secret configuration and place the secret into the namespace

you configured in the Instance creation step.

Below is the YAML structure you will use to initiate binding.

kind: ServiceBinding

metadata:

name: yaml-instance-v2-binding

namespace: default

spec:

instanceRef:

name: yaml-instance-v2

secretName: shhh-my-secret

In the metadata name line, you will add a name to identify your binding, in the namespace line add in the

Kubernetes namespace which you want to use the secret in or where your application resides. The

namespace has to exist at the time of running this YAML.

In spec, instanceeRef the name line needs to match the instance you created in the previous YAML, this is so

the binding know which bucket to create the object user for. In the secretName this allows you to apply a

custom name to your Kubernetes secret file.

Below is a sample Kubernetes secret file. To use this secret file inside a pod you have two options:

Import the secret data as individual environment variables into your pod.

Mount the secret file as a volume definition in your pod YAML file.

root@local:~# kubectl describe secret shhh-my-secret

Name: shhh-my-secret

Namespace: default

Labels: <none>

Annotations: <none>

Type: Opaque

Data

====

accessKey: 48 bytes

bucket: 48 bytes

endpoint: 25 bytes

path-style-access: 4 bytes

s3Url: 166 bytes

secretKey: 40 bytes



If you want to decode the base64 encryption which a Kubernetes Secret file has been wrapped in use the

below command with the corresponding JSON Path’s.

Below are the JSON Path for all of the areas of the secret file.

i. {.data.accessKey}

ii. {.data.secretKey}

iii. {.data.bucket}

iv. {.data.endpoint}

v. {.data.s3Url}

vi. {.data.path-style-access}

To decode the base64 encoded secrets use the below example and subsittute the JSON path fields.

root@local:~# kubectl get secrets <SECRET_NAME> -o jsonpath='{.data.accessKey}'

-n <NAMESPACE> | base64 -d

Technical support and resources


A Technical support and resources

Dell.com/support is focused on meeting customer needs with proven services and support.

Storage and data protection technical white papers and videos provide expertise that helps to ensure

customer success with Dell EMC storage and data protection products.

A.1 Related resources

• Service Catalog is an official Installation Guide

• SV-CAT is an official Installation Guide

• OpenShift 4.x Guide is an official Installation Guide for Service Catalog

• GitHub Repository is the location for ECS Service Broker

http://www.dell.com/support

https://www.dell.com/storageresources

https://github.com/kubernetes-sigs/service-catalog/blob/master/docs/install.md

https://svc-cat.io/docs/install/#installing-the-service-catalog-cli

https://docs.openshift.com/container-platform/4.1/applications/service_brokers/installing-service-catalog.html

https://github.com/thecodeteam/ecs-cf-service-broker.git

dell emc ecs: storage broker installation guide

Documents