The provider-osb is a Crossplane provider that enables interaction with brokers compliant with the Open Service Broker API (OSB API) specification to manage external services. It declaratively manages, within Kubernetes, the lifecycle of ServiceInstances (provisioning, updating, deprovisioning) and ServiceBindings (binding, rotation and unbinding) through this provider's managed resources (instead of "through the Custom Resource Definitions (CRDs) provided by the provider").
- Declarative management of services through brokers compliant with the OSB specification
- Provisioning, updating, binding, deprovisioning and add unbinding
- Support for both synchronous and asynchronous operations
- Automatic injection of credentials into Kubernetes Secrets, matching those provided during the binding process
ProviderConfig: A configuration resource that defines the connection and authentication parameters for the OSB broker. It is referenced by all other provider resources.
apiVersion: osb.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: my-osb-provider-config
spec:
broker_url: http://0.0.0.0:5000
osb_version: "2.13"
credentials:
source: Secret
secretRef:
namespace: my-osb-provider
name: osb-creds
key: creds
disable_async: falseServiceInstance: A resource representing a provisioned instance of an external service, such as a database, cache, or other cloud service.
apiVersion: instance.osb.m.crossplane.io/v1alpha1
kind: ServiceInstance
metadata:
name: my-db-instance
namespace: my-osb-provider
spec:
providerConfigRef:
name: my-osb-provider
kind: ProviderConfig
forProvider:
appGuid: my-app-guid
instanceId: 123e4567-e89b-12d3-a456-426614174000
serviceId: mysql-service-id
planId: 123e4567-e89b-12d3-a456-426614174000
organizationGuid: 123e4567-e89b-12d3-a456-426614174000
spaceGuid: 123e4567-e89b-12d3-a456-426614174000
parameters: |
{
"version": "2.13",
"configuration": {
"worker_processes": "string",
"worker_connections": 0
}
}
context:
platform: kubernetes
clusterId: my-cluster-id
namespace: my-osb-provider
instanceName: my-db-instanceServiceBinding: A resource that establishes a connection between an Application and a ServiceInstance. It provides the application with the necessary information (such as credentials or secrets) to access the external service.
apiVersion: binding.osb.m.crossplane.io/v1alpha1
kind: ServiceBinding
metadata:
name: my-db-binding
namespace: my-osb-provider
spec:
providerConfigRef:
name: my-osb-provider
kind: ProviderConfig
forProvider:
parameters: |
{
"backend_ip": "10.0.0.5",
"server_name": "example.com",
"ssl_certificate": "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----",
"ssl_certificate_key": "-----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----"
}
context:
clusterId: my-cluster-id
instanceName: my-db-instance
namespace: my-app-namespace
platform: kubernetes
appGuid: my-app-guid
instanceId: 123e4567-e89b-12d3-a456-426614174000
serviceId: mysql-service-idBefore installing provider-osb, ensure you have:
- A Kubernetes cluster (v1.20+ recommended)
- Crossplane installed
- Access to an OSB-compliant broker
kubectlconfigured to access your clustermakeinstalled on your system- Access to the necessary Git repositories
git clone git@github.com:orange-cloudfoundry/provider-osb.git
cd provider-osb# Initialize the "build" submodule used for CI/CD
make submodules
# Build the provider
make buildFor local development with kind:
# Start a local Kubernetes cluster
make dev
# To clean up and restart
make dev-clean && make devAfter installation, you need to configure the provider so it can communicate with your OSB broker. Configuration is done via specific Kubernetes resources.
Create a secret containing the credentials for broker authentication:
kubectl create secret generic osb-creds \
--from-literal=creds="your-broker-credentials" \
-n my-osb-providerOr in YAML:
apiVersion: v1
kind: Secret
metadata:
name: osb-creds
namespace: my-osb-provider
type: Opaque
stringData:
creds: "your-broker-credentials"The ProviderConfig defines the connection parameters to the OSB broker and must reference the secret created above for authentication:
apiVersion: osb.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: my-osb-provider-config
spec:
broker_url: http://your-broker-url:5000
osb_version: "2.13"
credentials:
source: Secret
secretRef:
namespace: my-osb-provider # Same namespace as the secret
name: osb-creds # Name of the secret created above
key: creds # Key containing the credentials
disable_async: falseThe provider-osb integrates into the Crossplane ecosystem to enable management of external services via the Open Service Broker API (OSB API). It acts as a bridge between Kubernetes resources and OSB-compliant brokers.
The following diagram illustrates the overall architecture and interactions between components:
This diagram shows the detailed sequence of interactions between Crossplane, the provider-osb, and the OSB broker:
The following diagram shows the complete lifecycle of a ServiceInstance, from creation to deletion:
The following diagrams detail each possible operation on a ServiceInstance:
Process of creating a new service instance via the OSB API:
Process of modifying the parameters of an existing instance:
Process of fully deleting a service instance:
The following diagrams illustrate the management of bindings for service access:
Process of creating a binding to connect an application to a service:
Process of renewing access credentials for the service:
Process of deleting an existing binding:
Refer to Crossplane's CONTRIBUTING.md file for more information on how the Crossplane community prefers to work. The Provider Development guide may also be of use.