Discovering and using GCP services

Overview

You can use the Kubernetes Service Catalog to list services available via Google Cloud Platform (GCP) Service Broker, provision service instances, and bind the provisioned service instances to an application running in your Kubernetes Engine cluster.

To use this feature, you must first install Service Catalog and register Service Broker.

For more information on Service Catalog, refer to the Kubernetes Service Catalog documentation.

Discovering Google Cloud Platform services and plans

Service Broker offers several of GCP's services, including Pub/Sub, Cloud SQL (MySQL), Cloud Storage, Cloud Spanner, and others. Each of the services can offer one or more service plans. Each service plan represents a different configuration or service tier of the service.

List services

svcat

To list the GCP services currently available, run the following command:

svcat get classes

It outputs a list similar to the following:

            NAME                       DESCRIPTION                             UUID
+---------------------------+--------------------------------+--------------------------------------+
  cloud-spanner               The first horizontally           4197a602-3eb9-4d40-8e21-0311a7a8eecb
                              scalable, strongly consistent,
                              relational database service
  cloud-iam-service-account   Specialized service which        5dcd0ba6-8df6-4a2a-b5fd-981d0aa76803
                              provisions Google Cloud
                              Platform IAM service accounts.
  cloud-pubsub                Ingest event streams from        6f4e8d17-4fde-45bd-9dcf-28bcb7eeea5c
                              anywhere, at any scale, for
                              simple, reliable, real-time
                              stream analytics
  ...                         ...                              ...

kubectl

To list the GCP services currently available, run the kubectl get clusterserviceclasses command:

kubectl -o 'custom-columns=SERVICE-NAME:.metadata.name,SERVICE-EXTERNAL-NAME:.spec.externalName' get clusterserviceclasses

It outputs a list similar to the following:

SERVICE-NAME                           SERVICE-EXTERNAL-NAME
4197a602-3eb9-4d40-8e21-0311a7a8eecb   cloud-spanner
5dcd0ba6-8df6-4a2a-b5fd-981d0aa76803   cloud-iam-service-account
6f4e8d17-4fde-45bd-9dcf-28bcb7eeea5c   cloud-pubsub
...                                    ...

console ui

To view the list of Google Cloud services currently available, either:

List service plans

svcat

You can also list the service plans available:

svcat get plans

It outputs a list with the following format:

  NAME             CLASS                      DESCRIPTION                             UUID
+------+---------------------------+--------------------------------+--------------------------------------+
  beta   cloud-spanner               Cloud Spanner plan for Beta      21198c77-9452-4bf2-8935-babacc8294cb
                                     release of the Google Cloud Platform Service Broker
  beta   cloud-iam-service-account   A GCP IAM      d6f98382-a101-401f-80df-33afe9c4b5c7
                                     service account
  beta   cloud-pubsub                Pub/Sub plan for Beta release    444fe472-aabc-4c8a-a707-1975e2e908c8
                                     of the Google Cloud Platform Service Broker
  ...    ...                         ...                              ...

kubectl

You can also list the service plans available:

kubectl -o 'custom-columns=PLAN-NAME:.metadata.name,PLAN-EXTERNAL-NAME:.spec.externalName,CLASS:.spec.clusterServiceClassRef.name' get clusterserviceplans

It displays a list with the following format:

PLAN-NAME                              PLAN-EXTERNAL-NAME   CLASS
21198c77-9452-4bf2-8935-babacc8294cb   beta                 4197a602-3eb9-4d40-8e21-0311a7a8eecb
444fe472-aabc-4c8a-a707-1975e2e908c8   beta                 6f4e8d17-4fde-45bd-9dcf-28bcb7eeea5c
7bb7e217-2088-4455-8298-f711b09b1806   beta                 8e0bbfa6-2cac-40b6-8adf-e5ee8dcbe4e8
...                                    ...                  ...

console ui

You can view the list of service plans available for a particular service by going to the service instances page in your Google Cloud console and clicking on the name of the service in the list. A page with an overview of the service is displayed along with a list of available plans and their descriptions.

View a service plan

svcat

To view details about a plan for a particular service, including details on provisioning and binding parameters, you can use the command:

svcat describe plan [CLASS-NAME]/[PLAN-NAME]

For example, svcat describe plan cloud-pubsub/beta:

  Name:          beta
  Description:   Pub/Sub plan for the Beta release of the Google Cloud Platform Service Broker
UUID: 444fe472-aabc-4c8a-a707-1975e2e908c8 Status: Active Free: false Class: cloud-pubsub

Instances: No instances defined

Instance Create Parameter Schema: ...

kubectl

To view a plan for a particular service, including details on provisioning and binding parameters, use the following command with a PLAN-NAME (GUID) from the list of available service plans:

kubectl get clusterserviceplans [PLAN-NAME] -o yaml

For example, kubectl get clusterserviceplans 444fe472-aabc-4c8a-a707-1975e2e908c8 -o yaml outputs the plan details in a YAML format:

apiVersion: servicecatalog.k8s.io/v1beta1
kind: ClusterServicePlan
metadata:
  creationTimestamp: 2018-04-11T18:09:30Z
  name: 444fe472-aabc-4c8a-a707-1975e2e908c8
  resourceVersion: "280"
  selfLink: /apis/servicecatalog.k8s.io/v1beta1/clusterserviceplans/444fe472-aabc-4c8a-a707-1975e2e908c8
  uid: 7b2f013c-3db3-11e8-b262-0a580a140108
spec:
  bindable: true
  clusterServiceBrokerName: gcp-beta
  clusterServiceClassRef:
    name: 6f4e8d17-4fde-45bd-9dcf-28bcb7eeea5c
  description: |
    Pub/Sub plan for the Beta release of the Google Cloud Platform Service Broker
  externalID: 444fe472-aabc-4c8a-a707-1975e2e908c8
  externalMetadata:
    bullets:
    - Provisioning an instance will create a new pubsub topic
    - Binding will grant the provided service account with access on the pubsub topic
    displayName: Cloud Pub/Sub
  externalName: beta
  free: false
  instanceCreateParameterSchema:
  ...

console ui

You can view the list service plans available for a particular service by going to the service instances page in your Google Cloud console and clicking on the name of the service in the list. A page with an overview of the service is displayed along with a list of available plans.

View the JSON schema of the service plan

You might want to look at the JSON schema of the service plan when writing YAML configurations for provisioning and binding.

svcat

To view the JSON schema for the service plan, you can use the command:

svcat describe plan [CLASS-NAME]/[PLAN-NAME]

For example, svcat describe plan cloud-pubsub/beta:


  Name:          beta
  Description:   Pub/Sub plan for the Beta release of the Google Cloud Platform Service Broker
UUID: 444fe472-aabc-4c8a-a707-1975e2e908c8 Status: Active Free: false Class: cloud-pubsub

Instances: No instances defined

Instance Create Parameter Schema: $schema: http://json-schema.org/draft-04/schema# definitions: {} description: Input parameters to create an instance - a Pubsub topic. form: - key: topicId validationMessage: 'Must be 3-255 characters, start with an alphanumeric character, and contain only the following characters: letters, numbers, dashes, periods, underscores, tildes, percents or plus signs. Cannot start with goog.' properties: topicId: description: A user-specified Pubsub topic ID. maxLength: 255 minLength: 3 pattern: ^[A-Za-z][-_.~+%A-Za-z0-9]+$ title: Topic name type: string required: - topicId type: object ...

Instance Create Parameter Schema refers to the JSON schema for provisioning. In this example, you need to specify topicId, which is a required field.

Similarly, you can see the JSON schema for binding in Binding Create Parameter Schema.

kubectl

To view the JSON schema for the service plan, use the following command with a PLAN-NAME (GUID):

kubectl get clusterserviceplans [PLAN-NAME] -o yaml

For example, kubectl get clusterserviceplans 444fe472-aabc-4c8a-a707-1975e2e908c8 -o yaml:

apiVersion: servicecatalog.k8s.io/v1beta1
kind: ClusterServicePlan
metadata:
  creationTimestamp: 2018-04-11T18:09:30Z
  name: 444fe472-aabc-4c8a-a707-1975e2e908c8
  resourceVersion: "280"
  selfLink: /apis/servicecatalog.k8s.io/v1beta1/clusterserviceplans/444fe472-aabc-4c8a-a707-1975e2e908c8
  uid: 7b2f013c-3db3-11e8-b262-0a580a140108
spec:
  ...
  instanceCreateParameterSchema:
    $schema: http://json-schema.org/draft-04/schema#
    definitions: {}
    description: Input parameters to create an instance - a Pubsub topic.
    form:
    - key: topicId
      validationMessage: 'Must be 3-255 characters, start with an alphanumeric character,
        and contain only the following characters: letters, numbers, dashes, periods,
        underscores, tildes, percents or plus signs. Cannot start with goog.'
    properties:
      topicId:
        description: A user-specified Pubsub topic ID.
        maxLength: 255
        minLength: 3
        pattern: ^[A-Za-z][-_.~+%A-Za-z0-9]+$
        title: Topic name
        type: string
    required:
    - topicId
    type: object
...

instanceCreateParameterSchema refers to the JSON schema for provisioning. In this example, you need to specify topicId, which is a required field.

Similarly, you can see the JSON schema for binding in serviceBindingCreateParameterSchema.

console ui

We do not show the JSON schema in your Google Cloud console as of now. Please use kubectl or svcat.

Using a Google Cloud Platform service

To use a GCP service within a Kubernetes Engine cluster, you must first provision an instance of the service, then bind it with the instance. Creating the binding will grant the service account used by your application the appropriate permissions to access the service instance. It will also make the information necessary to access the instance available to the application in the form of a Kubernetes secret.

Provision an instance

The Service Catalog provisions new Google Cloud service resources by communicating with Service Broker via the Open Service Broker API.

svcat

Use the following svcat command to provision a new instance of a service:

svcat provision [NAME] --class [CLASS-NAME] --plan [PLAN-NAME] (--namespace [NAMESPACE] --param [KEY1]=[VALUE1] --param [KEY2]=[VALUE2] ...)

You can check the instance's status with the following command:

svcat get instance [NAME] (--namespace [NAMESPACE])

kubectl

Create a ServiceInstance YAML file called service_instance_spec.yaml, which is used to provision a new instance of a service.

The following is an example of the ServiceInstance YAML spec:

apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceInstance
metadata:
  name: [SERVICE_INSTANCE_NAME]  # example: gcp-pubsub-instance
  namespace: [NAMESPACE]         # example: pubsub-app-namespace
spec:
  # References one of the previously returned services
  clusterServiceClassExternalName: [GCP_SERVICE_NAME]  # example: cloud-pubsub
  clusterServicePlanExternalName: [SERVICE_PLAN_NAME]  # example: beta
  parameters:
    [KEY1]: [VALUE1]
    ...

Use the kubectl command to create the service instance using the YAML file:

kubectl create -f service_instance_spec.yaml

Verify that the provisioning has succeeded by running the following command:

kubectl get -f service_instance_spec.yaml -o 'custom-columns=INSTANCE-NAME:.metadata.name,SERVICE:.spec.clusterServiceClassExternalName,PLAN:.spec.clusterServicePlanExternalName,STATUS:.status.conditions[0].reason'

console ui

  • In the list of services available in the service classes page, click on the Configure instance button next to the service you would like to create an instance of.
  • Fill out the Create service instance form. You must specify:

    • Name of the service instance.
    • Cluster in which you want to use the service.
    • Service plan, which is the tier of offering for the service.
    • Namespace in which the service instance should be available for binding.
    • (Optional) Additional service-specific parameters.
  • Click the Save button at the bottom of the form to complete creation of the service instance. You are then returned to the service instances page where the new instance is displayed in a list, along with any other active service instances.

Once the service instance is ready, you can bind to it.

Bind to an instance

To obtain a service account, you can either:

By creating a binding, Service Broker grants a specified service account permissions/roles and returns the information necessary to connect to and access the instance. The application acting as the service account will thus be granted access to the service instance.

svcat

Use the following svcat command to bind to an existing service instance:

svcat bind [INSTANCE-NAME] (--namespace [NAMESPACE] --param [KEY1]=[VALUE1] --param [KEY2]=[VALUE2] ...)

This will create a binding of the same name as the service instance. You can check the binding's status with the following command:

svcat get binding [NAME] (--namespace [NAMESPACE])

kubectl

Create a ServiceBinding YAML resource file called service_binding_spec.yaml with the following spec:

apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
  name: [SERVICE_BINDING_NAME]     # example: gcp-pubsub-binding
  namespace: [NAMESPACE]           # example: pubsub-app-namespace
spec:
  instanceRef:
    name: [SERVICE_INSTANCE_NAME]  # example: gcp-pubsub-instance
  parameters:
    [KEY1]: [VALUE1]
    ...

Use the kubectl command to create the service binding using the YAML file:

kubectl create -f service_binding_spec.yaml

Verify that the binding has succeeded by running the following command:

kubectl get -f service_binding_spec.yaml -o 'custom-columns=BINDING-NAME:.metadata.name,SERVICE-INSTANCE:.spec.instanceRef.name,STATUS:.status.conditions[0].reason,OUTPUT-SECRET:.spec.secretName'

console ui

  • Go to the service instances page and click on the name of the service instance you want to bind to. A page with the service instance details is displayed. Click on the Create binding button towards the bottom of the page.

  • Fill out the Create service binding to... form. You must specify:

    • Name of the service binding.
    • Name of the Kubernetes Secret to store the binding information. Here, use the same name as the binding.
    • (Optional) Additional service-specific parameters.
  • Click the Save button at the bottom of the form to complete creation of the service binding. You are then returned to the service instance detail page where the binding is display in a list, along with any other active service bindings.

As a result of binding, a secret of the same name will be created in the service instance's namespace. The secret contains the connection information returned from the broker, and can be used by the application to connect to the service instance.

Clean up

Delete the service instance and binding

To avoid incurring charges to your GCP account for the resources used in the steps above, delete the service instance and binding.

svcat

  1. Use the following svcat command to unbind to the service instance:

    svcat unbind [INSTANCE-NAME] (--namespace [NAMESPACE])
    

    This will delete all of the bindings of the service instance.

  2. Deprovision the service instance:

    svcat deprovision [NAME] (--namespace [NAMESPACE])
    
  3. Check if the service instance has been deleted successfully:

    svcat get instances [NAME] (--namespace [NAMESPACE])
    

    You should see an unable to get instance error if the service instance doesn't exist any more.

kubectl

  1. Use the kubectl command to delete the service binding using service_binding_spec.yaml:

    kubectl delete -f service_binding_spec.yaml
    
  2. Deprovision the service instance using service_instance_spec.yaml:

    kubectl delete -f service_instance_spec.yaml
    
  3. Verify that the service instance has been deleted successfully:

    kubectl get -f service_instance_spec.yaml
    

    You should see a NotFound error if the service instance doesn't exist any more.

console ui

  1. Go to the service instances page and click on the name of the service instance you want to unbind. A page with the service instance details is displayed. Click on the trash button next to the binding you want to delete at the bottom of the page.

  2. Click DELETE button in the confirmation dialog. The service binding's status will change to Unbinding.

  3. Click DELETE button at the top of the service instance detail page and click DELETE button in the confirmation dialog. You are then returned to the service instance list page.

  4. Refresh the service instance list page and check if the service instance is deleted successfully.

Once the service instance is not existent, the cleanup for service instance and binding is completed.

(Optional) Uninstall Service Catalog and Service Broker

If you decide not to proceed with any other samples for Service Catalog, you may want to uninstall the Service Catalog and Service Broker.

  1. Deregister Service Broker using sc installer tool:

    sc remove-gcp-broker
    

    If successful, it will output the following message:

    The Service Broker removed successfully.

  2. Uninstall the Service Catalog from your Kubernetes cluster:

    sc uninstall
    

    If successful, it will output the following message:

    deleting service catalog configs...
    uninstalled service catalog successfully
    

(Optional) Delete the Kubernetes Cluster

To avoid incurring charges, please follow the Kubernetes tutorial to delete the cluster when you no longer need it.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Kubernetes Engine