Service Brokers are Your App’s Best Friend

Aaron Schlesinger
Dec 15, 2017 · 3 min read

Kubernetes has fundamentally shifted the way we run our apps. At KubeCon 2017, we saw exciting new technologies that are helping us make that shift:

We also saw the tried-and-true service broker technologies adapted to the new cloud native world. At the next KubeCon, all eyes will be on these technologies.

Service Brokers will be the new hotness at KubeCon 2018

I’ve been working in this space for about 2 years, and my team at Microsoft announced several open source projects that are bringing cloud native service brokers to the next level.

The Problem With Configuration Management

In the “old world” before cloud native technologies, your apps ran on VMs and you had a DevOps team to manage everything behind the scenes.

Their most important task was to make sure the apps could talk to the database, queue, email system, and so on. They somehow injected your app with the credentials for these services on the VM so the app could read them and connect.

If they were any good, your DevOps engineers configured these credentials with configuration management tooling like Chef or Puppet.

How your DevOps team used to manage your apps behind the scenes

Without those services installed and configured, apps would be useless, but all of this credentials work was poorly automated, or not automated at all. Credentials were usually kept on a post-it note and only a few people knew them.

We’re in a different world now. The post-it note workflow doesn’t work anymore

Kubernetes runs your app in thousands of containers, and your cluster is always changing. Your DevOps team can’t keep up with the change.

We need new tools to make this easier in Kubernetes. We need a new way.

Why Brokers are Important

In our new cloud native world, your database, queue, email system, and more are all called service dependencies. Plain and simple, your containers will crash if they can’t connect to their dependencies.

Service brokers make sure everything is installed and configured before your app starts.

Service brokers automatically provision, secure and inject your app with its service dependencies before it starts.

In other words, service brokers take your database credentials off of your post-it notes and automatically put them into your cluster, where they belong.

How service brokers fit into your Kubernetes cluster

Brokers are a great fit for your Kubernetes cluster because they can make sure that containers will be injected with credentials for their service dependencies any time one starts.

Automating the Post-It Note Workflow

Instead of manually configuring your containers to mount a Kubernetes secret that someone else created (from copying a post-it note into YAML), you add two manifests to your app: ServiceInstance and ServiceBinding. If you’re using Helm, that’s as simple as adding two files to your chart.

You do that, and your database credentials are magically injected into your app.

No more post-it notes, no more deploying and praying, no more bugging your DevOps engineers.

You focus on writing code and your DevOps team focuses on improving your infrastructure. Nobody needs to worry about credentials — the service broker automates it all.

The Folks Behind the Magic

A team of people from far and wide across Microsoft came together to pull off this magic. If I listed them all here, this post would be twice as long. You know who you are, and I’m grateful to be able to work with you all every day. I can’t wait for what’s next!

This post was inspired by my colleague and friend Matt Butcher’s wonderful post: “If Kubernetes Is Your Home, Helm is Your Ikea”

Aaron Schlesinger

Written by

Gopher, containerizer, and Kubernetes-er

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade