- Install the AWS Service Broker in the Kf Kubernetes Cluster (recommended)
- Install the AWS Service Broker in AWS and exposing the API via a VPC bridge
In addition to a Kubernetes cluster with Kf and Service Catalog installed (see
these instructions), the following tools must be installed on the
workstation where you will be using the
helm: Follow these instructions to install the
Method 1: Install in GKE
The AWS Service Broker is deployed using the Helm chart from the AWS Service Broker's getting started guide for Kubernetes.
The AWS Service Broker requires a DynamoDB table and an IAM user to access the table. The easiest method is to deploy the provided CloudFormation template. For manual installation, see the prerequisite docs.
First, add the Helm repository to your machine:
$ helm repo add aws-sb https://awsservicebroker.s3.amazonaws.com/charts
Then deploy the Helm chart, setting the correct AWS
$ helm install aws-sb/aws-servicebroker \ --name aws-servicebroker \ --namespace aws-sb \ --set aws.secretkey=REPLACEME \ --set aws.accesskeyid=REPLACEME
If you don't want the broker installed cluster-wide set the flag
--set deployNamespacedServiceBroker=true which will register the broker into
the deployed Namespace.
A full list of configuration parameters can be found in the Helm template's values.yaml definition.
After the Helm chart is deployed, a
ClusterServiceBroker resource should have
been created. You can check for it with
$ kubectl get ClusterServiceBroker aws-servicebroker NAME URL STATUS AGE aws-servicebroker https://aws-servicebroker-aws-servicebroker.aws-sb.svc.cluster.local Ready 3d
STATUS is not ready, there was an issue. Some things to check while troubleshooting are:
- The DynamoDB infrastructure is up
- The AWS User has access to the DynamoDB table via Policy or Group
- The Helm chart values were set correctly
It may take several minutes for your broker to come up and register itself with
Service Catalog. Once the broker is registed, you can view the provided services
kf marketplace command.
Method 2: Install in AWS
The downside to installing the AWS Service Broker in a GKE cluster is the required use of AWS User credentials instead of an AWS Role. However, the only required Kubernetes resource for the AWS Service Broker to work with Kf is the ClusterServiceBroker, assuming the AWS Service Broker's API is reachable from the GKE cluster.
There are two methods the API can be exposed to the GKE cluster:
- The API is accessible via a VPN bridge between Google Cloud and AWS
- The API is publicly accessible (not recommended)
In either case, it is strongly recommended to secure the Service Broker's API with a trusted TLS certificate and access credentials.
Once the API is accessible,
kubectl apply a
ClusterServiceBroker and a
Secret which contains the credentials for authorizing with the
apiVersion: servicecatalog.k8s.io/v1beta1 kind: ClusterServiceBroker metadata: name: aws-sb spec: # For all configuration options, look at the service catalog's # type definitions: # https://github.com/kubernetes-sigs/service-catalog/blob/master/pkg/apis/servicecatalog/v1beta1/types.go#L185 url: https://replace.with.url.to.service.broker insecureSkipTLSVerify: false # use a trusted TLS certificate authInfo: bearer: # or basic secretRef: namespace: some-namespace name: some-secret-name