Skip to content

Cloudify Service Binding For Kubernetes

Jump to bottom
DeWayne Filppi edited this page Jun 28, 2018 · 19 revisions

This is the third post in a series about exploring the integration of Cloudify with Kubernetes via the Service Catalog feature. The first post explored the foundational concepts and set the stage for a project to develop a service broker for Cloudify. The second post described the architecture of the project, and provided a basic capability to list and provision services from and to a Cloudify server. The last major missing feature in the project was service binding. Service binding is the process of providing connection information for services that require it, which most do. Starting and connecting to a database service is a common example. This post describes the details of service binding and the implementation of it in the service broker project.

Service Binding Concepts

Well that seems simple enough. Create a resource file in Kubernetes and it gets sent to the service broker. The service broker get's the credentials for the underlying service and returns them. After that, the binding requester on Kubernetes can use the credentials to connect. Note that the binding doesn't actually create a connection, it just returns whatever information is necessary (e.g. credentials, a connection URL, etc...) back to Kubernetes. That binding request can be quite simple:

apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
  name: maria-binding
  namespace: test-ns
spec:
  instanceRef:
    name: mariadb-instance
  secretName: mariadb-credentials

The section of interest here is the spec section. There the service instance target for the binding is specified by instanceRef/name. Also here is the secretName field. secretName is an arbitrary secret where the service catalog controller will stuff the result coming back from the service broker. Once the credentials are in the secret, it can be passed by familiar methods to containers that have a need for them.

Now this process is indeed a simple handshake to the service broker, and a simplistic demonstration would probably just hard code a response to avoid to pain of what the rest of this post is about. In the interests of a more useful exploring, I've gone a bit further, and developed a configurable method of binding that is at least a step towards a real world application. To do this real binding, I was going to need some help. And for that help I turned to Hashicorp's [Vault](

Clone this wiki locally