►
Description
A deeper dive on the Kubernetes Service Catalog project, how to leverage the Service Broker API to bind and provision services, and how we are tying it all into the OpenShift user experience with
Steve Speicher, Diogenes Rettori, Paul Morie, and Serena Doyle from the OpenShift team at the OpenShift Commons Gathering Boston.
Learn more: https://www.redhat.com/en/summit/2017/agenda/sessions
A
B
D
A
Thanks
very
much
so
I
I
think
I
assumed
this
concept
off
idea
are
the
developments
are
on
Service,
Catalog
and
brokers
in
kubernetes
might
be
somewhat
new
to
some
of
you.
So
I'm
going
to
ask
pumorii
to
come
here
and
he's
going
to
explain
a
little
bit.
He
is,
as
he
said,
he's
the
lead
developer
and
in
Q
burn
edits
for
this.
So
both
please
come
to
the
stage
and
give
us
like.
Are
you
are
cured
video,
your
shoulders.
B
So
there's
really
four
entities.
You
have
to
understand
understand
this
problem
space.
We
will
just
talk
from
where
most
people
in
the
audience
are
going
to
lie.
As
far
as
like
day
to
day
using
catalog
say,
deter
you
want
to
consume
a
service
right
where
a
service
is
just
some
abstraction,
corresponding
to
a
capability
that
you
want
to
use.
That's
you,
your
the
service
consumer,
the
catalog
is
where
you
go
to
find,
which
services
you
have
access
to
and
to
provision
new
instances
of
those
services
and
bind
to
them
in
your
applications.
B
Service
broker
is
a
component
that
manages
a
set
of
capabilities,
so
the
catalog
prevents
the
services
that
are
provided
by
n,
different
brokers
that
your
cluster
operator
has
added
into
the
catalog
and
the
bridge
between
the
catalog
and
those
service
workers.
Is
this
open
service
broker
API,
which
is
the
like?
The
community
synthesis
of
stuff
that
was
previously
the
the
Cloud
Foundry
Brooker
API
is
now
called
open
service
broker
API.
We
have
folks
from
Red
Hat,
obviously
from
pivotal
from
Google
from
IBM
Fujitsu
sa
P
that
are
are
working
together
on
open
service
broker.
Api.
B
So
catalog
understands
open
Service,
Worker,
API
service
brokers,
implement
service
broker,
API
and
the
service
provider.
There's
the
line
is
a
little
blurry,
sometimes
between
what's
broker
and
what's
provider,
but
basically
the
provider
is
the
thing
that
really
has
the
capabilities
that
the
broker
presents
said
alright
cool
demo.
Next,
ok,.
B
B
So
what
you're
seeing
right
now
is
say
that
you
have
an
application.
You
need
to
use
a
message
queue
in
it
and
you
don't
want
to
have
to
know
the
details
about
where
that
queue
comes
from.
It
might
be.
Provision
in
a
number
of
different
ways
could
be
some
SAS
service
out
there
somewhere
could
be
an
animal
playbook.
That's
creating
a
new
message,
broker
a
message
queue
for
you.
The
point,
is
you?
Don't
that's
not
your
problem.
B
All
you
want
to
do
is
say
this
is
the
the
name
of
the
queue
and
click
create
and
you
get
it.
That's
the
level
of
detail
that
you're
interested
in
so
what's
happened.
Now
is
that
this
queue
has
been
created
and
when
I
clicked
create
the
there's,
a
API
resource
created
for
the
Service
Catalog
API
server
controller.
There's
a
controller
that
picked
that
the
events
up
for
that
create
and
went
out
and
talked
to
the
broker
that
provides
the
service
and
said,
I
want
a
new
instance
of
this
thing.
B
A
B
Trackpad
works
differently
too,
so
you
can
see
here
under
provision
services.
I've
got
the
cue
that
I
just
had
provisioned
and
I
can
now
create
a
binding
to
it.
So
what
binding
is
is
I
have
an
instance
of
this
thing.
I
need
to
work
with
it
in
my
application
and
I
want
to
manifest
information
about
how
do
I
use
it
into
my
application
as
a
secret
I.
Think
probably
most
of
you
are
familiar
with
secrets
and
config
maps,
so
I'm
going
to
create
a
binding
now.
B
B
So
you
can
see
here
the
secret
that
was
created
via
this
binding
has
the
the
host
to
talk
to
destination
address
some
other
information
about
coordinates
and
now,
if
I
were
to
go
and
start
a
new
pod,
I'd
be
able
to
use,
consume
the
secret
in
my
application
pod.
So
we're
going
to
just
leave
this
up
because
there's
different
things
to
talk
through
it,
but
that's
a
demo
in
a
nutshell.
B
A
Thanks
very
much
and
just
to
head
start
with
a
few
few
questions
here,
I'm
going
to
ask
Sarina
a
question,
so
this
is
a
this
is
a
completely
new
UI
for
us
and
OpenShift.
So
before
we
had
or
let's
say,
traditional
somewhat
overview,
UI
for
OpenShift,
which
is
this
that
we
see
here,
it's
a
somewhat
revamped.
But
the
way
to
add
things
to
a
project
is:
was
this
way
before
so
from
from
this
situation?
D
So
so
this
some
of
the
functionality
in
the
UI
actually
will
be
phased
in,
not
necessarily
all
seeing
its
initial
release,
but
the
thought
is
that
we're
going
to
keep
things
in
context,
keep
the
user
in
context
and
using
more
of
a
guided
approach.
So
what
we've
done
initially
is
we've
added
a
home
page
which
allows
you
to
have
quick
access
to
search
the
browser,
I'm,
sorry
search,
the
catalogs
browse
the
catalog,
as
well
as
have
a
day
one
experience
which
is
a
panel
on
the
right-hand
side,
which
then
ends
up
switching
to
a
day.
D
To
experience
to
give
you
access
to
your
all
of
your
projects.
But
then,
once
you
click
view
all
it
allows
you
to
get
into
the
projects
and
work
the
way
that
you
had
previously
going
forward.
What
will
also
allow
you
to
do
is
when
you're
sitting
inside
of
your
project
access
the
searching
certain
capability,
the
same
way
that
you
do
from
the
initial
landing
page,
so
that
things
will
allow
you
to
be
in
context.
So
that's
quick
overview.
Ok,
thank.
A
C
I
think
initially
it's
some
typical
things.
You
would
expect
you
see
things
as
database
being
able
to
provision
stand
up
database,
some
of
those
require,
maybe
some
simple
application.
Figuration
scripting
in
order
to
get
them
set
up
and
right
into
provisioning
logics
some
a
bit
more
complicated,
some
on
and
off
the
platform,
and
things
like
you
just
demonstrated
messaging
services,
so
I
see
a
number
of
those
things
being
available
in
the
catalog.
But,
as
you
see
as
Sri
said,
the
experience
is
really
driven
around
how
a
developer
wants
to
perform
certain
actions.
C
A
B
So
the
the
plan
is,
I
could
I
had
two
different
facets
of
that
answer.
So
in
a
vacuum,
if
you
want
to
build
your
own
broker,
we've
been
working
on
a
broker
sdk.
That
is
basically
gets
you
from
you've
heard
of
the
concept
to
you
have
a
broker
that
operates
its
operational.
You
can
write
like
a
manifest
file
to
say
which
services
your
broker
offers,
and
you
can
fill
in
business
logic
about
how
provision
bind
unbind
and
deep
revision
work.
B
We
do
also
have
some
brokers
that
are
in
progress
to
expose
open
ship
templates
as
services
be
a
service
broker
and
also
to
to
orchestrate
these
bind
sorry
provision
by
n--
unbind
d--
provision,
actions
with
ansible
playbooks.
To
so
there's
there's
a
few
different
options
and
I
think
the
story
turns
into
if
you,
if
you
can
accomplish
what
you
need
to
do
with
open
ship
templates
right
a
template.
If
you
need
something
more
than
that,
you
can
write
an
answerable,
playbook
or
instable.
E
B
B
E
G
B
So
the
the
as
I
was
saying
during
the
demo.
The
interesting
thing
about
this
is
that,
as
a
consumer
of
a
service,
you
don't
actually
have
to
know
whether
it's
in
platform
outside
of
the
platform
there's
a
range
of
different
services
that
we're
interested
in
that
range
from
like
self
service.
Give
me
a
new
thing
that
lives
in
my
own
OpenShift
project,
ranging
from
that
to
I
need
a
new
instance
of
this
sass
service
that
I
want
to
use.
B
F
Couple
different
questions:
one
was
from
from
from
looking
at
this
UI
and
the
user
experience
in
terms
of
what
the
developers
doing.
How
do
you
guys
think
about
promotion
between
and
how
does
that
differentiate
right?
So
once
your
once,
the
developer
has
built
the
environment,
use
the
message,
queue
and
so
on,
and
you
want
to
provoke
promoted
into
prod.
What
is
that
experience
look
like
and
a
separate
question
was,
if
you're
integrating
secrets-
and
you
can
film
through
secrets
mechanism,
how
do
you
handle
the
rotation
of
Secrets.
C
F
F
C
It
a
second,
so
the
promotion
is
done
like
any
I
think
aspect,
any
other
application
you
have
on
OpenShift
today,
in
some
sense,
be
able
to
set
up
a
you
know
as
a
developer
sets
and
provision
certain
services
and
I'll
have
a
certain
SLA
associated
with
it.
You
would
then
work
to
operationalize
it
and
put
some
promotion
around
such
that
you
can
extract
the
way
that
config
data
and
then
use
either
the
test
instance
and
then
strap
in
as
you
promote
through
your
pipelines
into
the
staging
environment
and
whatnot.
C
So
I
see
it
as
kind
of
a
similar
way
and
as
we
as
we
are
learning
and
going
forward
with
technology,
will
improve
the
experience
around
that
as
well,
because
it's
still,
you
know,
being
developed
at
the
same
time
we're
taking
some
of
these
key
scenarios
and
feeding
them
in
to
how
you
would
actually
use
it
as
right.
A
developer
would
not
start
day.
One
saying
I
want
this.
You
know
high
SLA,
expensive,
back-end
database
for
their
application.
C
A
To
a
little
bit
to
that,
that
is
a
very
good
aspect
that
we're
bringing
this
API
from
the
Cloud
Foundry
echo
system.
That
they've
been
doing
this
for
a
let's
say
three
four
years
and
the
kind
of
question
that
was
asked
was
I
mean
it
was
also
asked
to
them
like
how
are
we
going
to
differentiate
the
development
environment,
services
to
production,
environment
services
right
and
I?
Can
just
give
you
an
example
showing
the
environment
that
I
have
here.
A
It's
a
simple
environment
called
game:
apps
I
call
it
the
dev
environment,
but
my
applications
they
are.
They
are
reading
the
configuration
from
the
same
place.
So
in
my
example,
I'm
reading
the
configuration
from
slash
data
and
in
my
project
I
have
provisioned
a
queue:
that's
not
to
slash
data
in
my
pod
that
the
development
environment
to
you,
if
you
move
that
to
a
production
environment,
you're
going
to
have
a
instance
of
that
cue.
That
represents
a
production
instance
yet
mapped
on
the
exact
same
folder
in
your
pod.
A
So
that's
when
you
see
your
applications
moving
from
one
environment
to
another,
the
application
feeling
is
that
it's
always
reading
the
configuration
from
the
same
place,
but
the
actual
service
that
is
bound
between
the
dev
environment
and
the
production
environment
are
different
services.
So
in
the
dev
environment
for
that
project
that
namespace,
you
have
a
binding
that
represents
a
a
dev
instance
of
a
queue
and
during
the
production
environment
you
have
a
binding
that
represents
the
production
binding
of
the
queue.
A
B
So
there
was
another
question,
though,
about
rotation
and
I
think
the
the
sense
that
I
understood
the
question
in
was:
is
there
a
special
API
pathway
to
rotate
credentials
that
involves
the
service
worker?
Api
I
could
not
actually
see
who
is
speaking
so?
Could
you
verify
that
that
is
the
sense
in
which
you
meant
the
question.
B
There
are
a
number
of
features
that
we
want
to
add
to
the
API,
and
that
would
definitely
be
on
the
list
so
that
a
the
service
provider
could
say:
hey
I've
got
a
new
set
of
credentials
that
I
rotate
it
in
for
you.
This
is
what
you
should
use
now,
and
the
consuming
platform
could
update
the
secret
in
place
or
use
whatever
other
rotation
strategy.
You
wanted.
Yeah.
G
I'm
going
to
get
into
secrets
a
little
bit
more
in
the
next
session,
which
is
on
kubernetes
in
the
cluster
infrastructure,
because
it's
a
big
topic
in
the
kubernetes
upstream
encryption
at
rest,
vault
integrations
rotation
and
management.
So
so
the
second
section
that
we're
doing
in
a
little
while
we're
going
to
cover
that
in
more
detail.
So
other
questions
on
this
or
anything
related
to
yeah.
H
B
A
really
good
question
so
decomposing
it
a
little
bit
the
typical
quota
mechanisms
that
open
ship
customers
expect
I
think
are
definitely
going
to
be
part
of
the
GA
release.
I'm,
not
sure
whether
we
will
have
them
for
tech
review,
but
you
you
should
definitely
be
able
to
quote
a
number
instances
number
of
bindings
for
the
question
about
Kwas
parameters,
I
think
that
that
will
depend
greatly
on
the
implementation
of
the
service.
B
So
if,
if
your
service-
or
rather
if
the
service
you
want
to
use
is
one
that
has
robust
quas
capabilities,
there
are
going
to
be
mechanisms
that
lets
you
specify
parameters.
So
if,
for
example,
you
wanted
to
I'm
sorry
parameters
on
a
provision
and
a
bind,
so
if,
as
part
of
a
provision,
your
service
supports
some
type
of
quads
here
that
the
user
can
select.
Definitely
there
will
be
a
way
that
they
can
choose
that
during
provisioning.
Does
that
answer
your
question.
A
A
B
A
B
A
Question
to
choose
to
sarena
here
on
the
on
this
d,
this
UI
that
we
have
there's
a
clearly
different
areas.
I
see
this
upper
blue
blue
area
where
some
large
icons
and
dummy
text
it's
a
vintage
of
unreleased
product.
You
can
actually
have
dummy
text.
So
if
you
could
talk
a
little
bit
about
the
logic
behind
this
different
areas
and
the
expectations
that
we
have
for
them,
okay,.
D
Sure
so,
there's
four
main
areas.
The
top
area
you
can
see
is
a
search
bar
that
you
can
search
the
catalog
to
order
something
the
secondary
area
that
Diogenes
mentioned
with
the
four
icons.
That's
a
customizable
area.
What
an
online
it
will
be:
some
red,
Hut
staff
offerings
on-prem.
That
could
be
a
customizable
area
where
you
could
actually
have
links
to
anything
that
you
want
there
and
if
you
customize
it
for
them,
nothing
appears
that
would
be
shut.
It
would
be
shut
off
turned
off.
The
bottom
area
is
the
ability
to
browse
the
Service
Catalog.
D
We
only
have
search
capability,
we
don't
have
faceted
filtering,
but
we
will
have
that
going
forward
and
then
on
that
right-hand
side,
again,
that's
the
project
when
you
first
bring
it
up
when
there's
no
projects
that
exist
they'll
be
you'll,
be
have
access
to
a
tour
that
will
show
you
around
the
home
page,
also
some
help
resources
and
then,
once
you
start
adding
projects
that
becomes
your
access
to
your
projects
and
again
there's
some
customizability,
that's
there
that
can
be
done
and
so
that
that
can
change.
So.
A
Interesting
aspect
that
I'm
not
actually
in
the
project
yet
so
I'm
on
the
experience
that's
before
choosing
before
getting
into
a
project,
so
I
can
choose
where
I'm
going
to
deploy
my
project
or
my
key
or
my
service
after
not
necessarily
as
part
of
this
so
but
more
questions
from
the
audience.
There's
one
here
and
one
there
so
start
with
the
one
stannis
right.
F
A
So
first
the
sort
of
two
questions
in
one:
if
this
this
will
allow
other
things
that
are
not
necessarily
from
a
right
ahead
or,
for
example,
other
templates
to
be
published
in
this
catalog
I
think
I
allowed
Serena
to
answer
that
one.
But
then
the
question
is
like
how
much
our
back
will
play
into
this.
This
Service
Catalog
at
the
either
steel
or
yes,.
C
So
if
you
wanted
to
place
them
there
and
then
put
some
our
back
on
it,
that
could
put
some
controls
over
what
people
see
right
now,
we're
just
for
lack
of
a
better
way,
saying
it
getting
it
going
underneath
this
new
model
and
then
looking
to
expand
some
of
the
use
cases
to
support
aspects
like
that.
But
that's
a
that's
a
good
example.
C
D
B
The
I
think
there's
an
unanswered
question
about
our
back,
so
in
the
tech
preview
version,
I
I'm
not
positive,
whether
we'll
have
our
back
for
GA.
It's
definitely
a
requirement
and
there's
some
interesting
technical
challenges
like
precedent
that
we
have
to
establish
for
how
we
we
do
our
back
over
the
the
services
resource.
B
I
Was
going
to
add
something
so
to
the
question
about
mostly
user
name,
space
or
multiple
namespaces
being
the
source
for
the
template?
There
actually
is
a
pull
request
that
should
go
into
3/6,
which
allows
you
to
at
the
platform
level,
select
it,
but
to
Steve's
point
about
the
more
granular.
If
you
wanted
to
expose
different
catalogs
to
different
people,
that's
the
further
thing.
I
So,
hopefully
the
you
know
it
won't
just
have
to
be
opens
the
open
chef
namespace
in
3
6,
if
and
I
think,
that's
likely,
we'll
get
it
in
the
UI
doesn't
care
so
the
best
part
about
this
UI-
and
this
has
really
been
the
focus-
is
the
UI
just
talks
to
the
catalog
and
sees
everything?
And
so
the
subdivision
is
up
to
you.
If
you
want
to
categorize
those
templates
and
make
them
show
up
into
the
work
that
Serena's
team
is
done
a
lot
of
those
lines?
I
G
We
have
time
for
a
few
more
questions
and
just
to
remind
you,
service
brokers,
service
catalog.
This
is
some
of
the
newest
stuff,
we're
working
on.
That's
why
we
want
to
feature
it,
but
these
guys
up
here
also
work
on
things
like
source
to
image
and
Jenkins
CI
CD,
the
current
console,
the
current
CLI.
So
any
questions
you
want
to
ask
around
any
of
those
topics
is
open
as
well,
so
just
raise
your
hand
we'll
pass
the
mic.
B
Yeah
there's
a
template
broker
that
exposes
OpenShift
templates
and
there's
also
an
ansible
broker
that
Todd's
team
is
working
on.
It
I'm
sure,
if
Todd's
in
the
room
right
now
and
we're
actually
ok,
so
Todd
in
and
genre
in
the
back
there
and
they
work
on
the
ansible
playbook
bundle
broker,
where,
instead
of
writing
templates,
you're
writing
ansible
play
books
that
can
do
provision
and
bind
on
behind
D
provision
and
we're
actually
going
to
go
into
some
level
of
detail
tomorrow.
Todd
and
I
are
giving
a
talk
about
Service,
Catalog
and
the
antipode
brokers.
B
G
I
G
One
more
point
here
is
provision
and
bind
are
just
API
calls,
so
you
can
call
the
open
ship
templates.
You
can
call
the
ansible
play
books,
but
you
can
call
anything
right.
You
could
call
helm
if
you're
using
helm,
you
could
call
you
know
bash.
You
can
call
it
anything
that
you
can
put
behind
that
API
that
would
get
triggered
on
on
a
call
into
it
from
the
catalog
you
can
put
behind
it.
So
if
you
have
some
existing
automation
beyond
what
Red
Hat
works
on
you,
can
you
can
integrate
that
as
well?.
D
So
I
just
want
to
also
announce
it.
We
have
a
UFC
boost
on
during
the
week
of
summit
and
among
many
of
the
sessions
that
we
have.
We
have
three
specific
ones
covering
open
shifts.
So,
if
you're
interested
in
learning
more
about
what
we've
done
with
the
UI
or
give
feedback,
we'd
love
to
see
you
there
we'll
be
in
the
partner
pavilion
I.
A
G
A
I
can
so
I
just
saw
here
two
demos
that
that
both
shows
was
a
demo
using
a
this
new
thing,
weird
thing
called
and
math:
that's
the
s3
name
of
a
project
for
messaging
as
a
service.
That's
based
on
yet
another
open
source
project
called
Apache,
ActiveMQ
Artemis
right,
so
it's
active
AMQP
base
has
lots
of
other
protocols.
It's
mostly
AMQP
base
messaging
the
services-
and
this
is
a
very
good
example
of
the
usage
of
the
service
catalog,
because
as
a
consumer
as
a
developer
of
an
application,
I'm
writing
an
application.
A
I
do
not
want
to
care
about
the
infrastructure
delivering
that
application
right.
So
if
I
need
to
connect,
read
and
write
message
to
a
queue
or
to
a
destination
as
a
developer,
or
even
as
an
application,
architour
Enterprise
architects,
the
dynamics
of
how
the
services
are
provision
should
be
possibly
on
where
differently
in
specializing
messaging,
on
by
different
thing,
but
from
a
construction
perspective
you
actually
just
want
access
to
the
services
and
I'm
sure
all
of
you
use
any
of
the
AWS
services.
A
A
Maybe
IBM
message
broker
in
the
end,
but
you
don't
know,
because
you
have
a
consistent
API,
that
you
can
talk
to
that's,
delivering
the
service
capabilities
so
for
us
and
for
Red
Hat,
and
there
will
be
other
sessions
around
that
messaging
as
a
service.
It's
a
very
good
example,
but
are
considering
other
products
from
right
ahead,
like
JBoss
data
grid,
for
example,
you
actually
want
a
place
to
read
and
write
data
from
a
cache
right
for
Red
Hat
single
sign-on.
You
want
to
be
able
to
register
your
applications
in
their
security
rearm.
A
You
don't
necessarily
want
to
know
how
that
service
is
managed
or
provision
right.
Another
example
for
BRMS
and
V
PMS.
You
may
want
to
have
your
pricing,
yours
or
your
rules
and
your
processes
publish
in
the
catalog,
so
the
applications
can
just
consume.
That
and
for
API
management
that
even
a
Jew,
more
bigger
use
case
right.
We're
going
to
use
API
management
to
be
lets,
say
a
generic
polish
of
services.
You
have
your
arrest
endpoint!
You
want
to
publish
your
rest
endpoint
so
that
it
can
be
consumed
by
other
applications.
A
H
A
The
questions
like
how
do
we
do
dependency
management
right,
and
this
is
a
it's
a
very
important
asset
because
talking
to
enterprise
architects,
they
want
to
define
that
they
declare
a
blueprint
for
the
application
and
they
want
that
book
blueprints
to
have
the
dependencies
fulfilled
automatically.
So
if
you
are
deploying
an
application
that
requires
a
service
called
my
queue
service
right,
the
we
should
be
able
to
do
the
automatic
provisioning
binding
of
that
service.
A
If,
if
there
is
a,
for
example,
a
service
called
my
queue
service
already
published
in
the
catalog,
although
they're
these
mechanics,
they
do
not
yet
exist
in
openshift
nor
cuban
artists.
But
that's
that's
a
roadmap.
We
want
to
be
able
to
declare
the
dependencies
of
your
application
and,
if
open
shipped
in
cuban
areas,
they
know
how
to
fulfill
those
dependencies
we're
going
to
have
automatic
fulfillment
of
dependencies.
Another
very
good
rate
point
to
that
to
that
is
that
you'll
be
able
to
have
a
dependency
graph
right.