Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Partner Webcast – Provisioning Oracle ATP database using OCI Service Broker for Kubernetes (OKE)

535 views

Published on

The usual understanding of the term "cloud native application" means very often a light-weight, stateless app build with 12-factor principles in mind, which runs on the Kubernetes cluster in the cloud.

Oracle Cloud Infrastructure offers the full OSB implementation in the OKE service and currently allows creating service instances and bindings for its Autonomous Transaction Processing, Autonomous Data Warehouse, storage, and streaming services (more to come).

Read More @ https://blogs.oracle.com/imc/partner-webcast-provisioning-oracle-atp-database-using-oci-service-broker-for-kubernetes-oke

Presenter : Lukasz Romaszewski

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Partner Webcast – Provisioning Oracle ATP database using OCI Service Broker for Kubernetes (OKE)

  1. 1. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Provisioning Oracle ATP database using OCI Service Broker for Kubernetes (OKE) Łukasz Romaszewski Cloud IMC Consultant Oracle Partner Hub Innovation & Modernization Center Poland @OracleIMC Partner Webcast
  2. 2. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 4
  3. 3. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Open Service Broker API specification
  4. 4. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 6 Persistence in Kubernetes applications Oracle Cloud Infrastructure Block Storage File Storage Object StorageAutonomous Database Oracle Container Engine for Kubernetes (OKE) Service Broker for Kubernetes Container-based Apps with Persistence (Stateful Apps) Autonomous Database Benefits  Fully managed, self tuned database  Complete infrastructure automation  Consolidation and standardization: multi modal polyglot  Security: automated patching/updating  Interoperable with any development, data integration, analysis and reporting tool  Multitenant, pluggable architecture Block, File Storage Benefits  Durable Oracle Cloud Infrastructure storage, external to Kubernetes  Enable scalable and resilient architecture  Dynamic provisioning Persistent Volumes How do you get „statefullness” in the k8s cluster? Two ways available: Service Broker for Kubernetes or Persistent Volumes
  5. 5. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Service Broker for Kubernetes 7 • Standard DevOps tool for Kubernetes • Manages the following services: – Autonomous Database (ATP, ADW) – Object Storage – Streaming • Benefits: ✓ Simplifies deploying complex Kubernetes applications ✓ Automates Devops ✓ Open standard, prevents vendor lock-in Container Engine for Kubernetes Autonomous Transaction Processing Database Autonomous Data Warehouse Streaming Object Storage Service Broker App
  6. 6. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API - introduction https://www.openservicebrokerapi.org/
  7. 7. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API - introduction DB Queue Other services Service catalog Service provisioning and configuration Links applications and services Service deprovisioning
  8. 8. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API for Kubernetes https://svc-cat.io
  9. 9. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API for Kubernetes https://svc-cat.io/docs DB instance Secret ServiceInstance ServiceBinding Deployment Parameters from link Instance secretgenerates uses
  10. 10. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API for Kubernetes • Example of initial secret https://svc-cat.io/docs apiVersion: v1 kind: Secret metadata: name: db-auth-secret labels: app: oke-atp-demo type: Opaque data: db-username: c29tZVNlY3JldAo= db-password: ZGJQYXNzd29yZAo= admin-db-username: ZGJBZG1pblBhc3N3b3JkCg== admin-db-password: ZGJBZG1pblVzZXJuYW1lCg== json-admin-db-password: eyJwYXNzd29yZCI6ICJQYXNzdzByZDEyMzQ1NiJ9 wallet-password: V2FsbGV0UGFzc3cwcmQxMzQ1Ng== json-wallet-password: eyJ3YWxsZXRQYXNzd29yZCI6ICJXYWxsZXRQYXNzdzByZDEzNDU2In0=
  11. 11. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API for Kubernetes • Notice the special JSON format for admin and wallet passwords! • Main admin user password: json-admin-db-password: eyJwYX... echo –n `{"password":"Passw0rd123456"} ` | base64 • Wallet password: json-wallet-password: eyJ3YWxs... echo –n `{"walletPassword":"WalletPassw0rd13456"}` | base64 https://svc-cat.io/docs
  12. 12. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API for Kubernetes • Example of service instance parametrized by initial secret https://svc-cat.io/docs apiVersion: servicecatalog.k8s.io/v1beta1 kind: ServiceInstance metadata: name: db-svc-instance spec: clusterServiceClassExternalName: atp-service clusterServicePlanExternalName: standard parameters: name: atpDb compartmentId:ocid1.compartment.oc1..aa... dbName: atpDb cpuCount: 1 storageSizeTBs: 1 licenseType: BYOL parametersFrom: - secretKeyRef: name: db-auth-secret key: json-admin-db-password
  13. 13. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API for Kubernetes • Example of service binding https://svc-cat.io/docs apiVersion: servicecatalog.k8s.io/v1beta1 kind: ServiceBinding metadata: name: db-svc-binding spec: instanceRef: name: db-svc-instance parametersFrom: - secretKeyRef: name: db-auth-secret key: json-wallet-password
  14. 14. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API for Kubernetes • Example of generated binding secret https://svc-cat.io/docs apiVersion: v1 data: cwallet.sso: b2ZoT05n...Djne== ewallet.p12: TUlJWjFB...QUE9PQ== keystore.jks: L3UzKzd...E9PQ== ojdbc.properties: YjNKaF...a3A= sqlnet.ora: VjBGT...VXVno= tnsnames.ora: WVhS...kNnMEs= truststore.jks: L3Uz...TF5TT0= user_name: QCR...U4= kind: Secret metadata: name: oke-atp-demo-svc-binding namespace: atp-osb-demo ownerReferences: - apiVersion: servicecatalog.k8s.io/v1beta1 blockOwnerDeletion: true controller: true kind: ServiceBinding name: oke-atp-demo-svc-binding uid: 5695bdfe-d13e-11e9-8cbf-0a580af40008 resourceVersion: "4757714" selfLink: /api/v1/namespaces/atp-osb-demo/secrets/oke-atp-demo-svc-binding uid: fcd6e873-d13e-11e9-9e0e-0a580aed437d type: Opaque
  15. 15. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Open Service Broker API for Kubernetes • How to use binding secret in a k8s deployment https://svc-cat.io/docs apiVersion: apps/v1 kind: Deployment metadata: name: atp-demo spec: replicas: 1 template: metadata: labels: app: atp-demo spec: containers: - name: db-app image: alpine:3.7 command: ["tail", "-f", "/dev/null"] env: - name: DB_ADMIN_USER valueFrom: secretKeyRef: name: atp-demo-binding key: user_name volumeMounts: - name: creds mountPath: /db-demo/creds volumes: - name: creds secret: secretName: atp-demo-binding
  16. 16. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Installing OCI Service Broker in the OKE
  17. 17. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Installing OCI Service Broker in the OKE TL;DR; • Install service catalog chart – helm repo add svc-cat https://svc-catalog-charts.storage.googleapis.com – helm install svc-cat/catalog --timeout 300 --name catalog • Create secret with OCI credentials – with tenancy & user OCIDs, region, private ssh key etc. • Install OCI service broker chart – helm install https://github.com/oracle/../oci-service-broker-1.2.1.tgz --name oci- service-broker --set ociCredentials.secretName=ocicredentials https://github.com/oracle/oci-service-broker/blob/master/charts/oci-service-broker/docs/installation.md
  18. 18. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Installing OCI Service Broker in the OKE Cont. • Grant cluster-admin role to the OCI user – kubectl create clusterrolebinding cluster-admin-brokers --clusterrole=cluster-admin -- user=ocid1.user.oc1... • Create service broker instance cat <<EOF | kubectl apply -f - apiVersion: servicecatalog.k8s.io/v1beta1 kind: ClusterServiceBroker metadata: name: oci-service-broker spec: url: http://oci-service-broker.default:8080 EOF https://github.com/oracle/oci-service-broker/blob/master/charts/oci-service-broker/docs/installation.md
  19. 19. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Installing OCI Service Broker in the OKE Cont. • Install svcat tool curl -sLO https://download.svcat.sh/cli/latest/linux/amd64/svcat chmod +x ./svcat mv ./svcat /usr/local/bin/ svcat version --client • Verify broker – svcat get brokers https://github.com/oracle/oci-service-broker/blob/master/charts/oci-service-broker/docs/installation.md
  20. 20. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Demo Provisioning ATP instance for typical microservice hosted on OKE
  21. 21. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Autonomous Database + Kubernetes • Single deployment model for complete application stack – based on Kubernetes resources (Infrastructure as Code) – natural fit for application helm chart • Secure, reliable and fully transactional persistence for your k8s apps – seamless JDBC/ODBC connection based on Oracle Wallet – self-tuning database with zero maintenance • Application portability – Open Service Broker API compliant 23 What’s in it for me?
  22. 22. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Autonomous Database + Kubernetes • Check the docs – https://www.openservicebrokerapi.org/ – https://github.com/oracle/oci-service-broker • Read the blog posts – https://blogs.oracle.com/cloud-infrastructure/introducing-service-broker-for- kubernetes • Apply for free Oracle Cloud trial account – https://www.oracle.com/cloud/free – ATP included in the Always Free Tier! 24 I want to learn more
  23. 23. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Q&A Lukasz Romaszewski MW & Cloud Consultant OracleIMC blog: http://blogs.oracle.com/imc OracleIMC email: partner.imc@beehiveonline.oracle.com
  24. 24. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 27

×