Kubernetes has fundamentally shifted the way we run our apps. At KubeCon 2017, we saw exciting new technologies that are helping us make that shift:
We also saw the tried-and-true service broker technologies adapted to the new cloud native world. At the next KubeCon, all eyes will be on these technologies.
Service Brokers will be the new hotness at KubeCon 2018
The Problem With Configuration Management
In the “old world” before cloud native technologies, your apps ran on VMs and you had a DevOps team to manage everything behind the scenes.
Their most important task was to make sure the apps could talk to the database, queue, email system, and so on. They somehow injected your app with the credentials for these services on the VM so the app could read them and connect.
Without those services installed and configured, apps would be useless, but all of this credentials work was poorly automated, or not automated at all. Credentials were usually kept on a post-it note and only a few people knew them.
We’re in a different world now. The post-it note workflow doesn’t work anymore
Kubernetes runs your app in thousands of containers, and your cluster is always changing. Your DevOps team can’t keep up with the change.
We need new tools to make this easier in Kubernetes. We need a new way.
Why Brokers are Important
In our new cloud native world, your database, queue, email system, and more are all called service dependencies. Plain and simple, your containers will crash if they can’t connect to their dependencies.
Service brokers make sure everything is installed and configured before your app starts.
Service brokers automatically provision, secure and inject your app with its service dependencies before it starts.
In other words, service brokers take your database credentials off of your post-it notes and automatically put them into your cluster, where they belong.
Brokers are a great fit for your Kubernetes cluster because they can make sure that containers will be injected with credentials for their service dependencies any time one starts.
Automating the Post-It Note Workflow
Instead of manually configuring your containers to mount a Kubernetes secret that someone else created (from copying a post-it note into YAML), you add two manifests to your app: ServiceInstance and ServiceBinding. If you’re using Helm, that’s as simple as adding two files to your chart.
You do that, and your database credentials are magically injected into your app.
No more post-it notes, no more deploying and praying, no more bugging your DevOps engineers.
You focus on writing code and your DevOps team focuses on improving your infrastructure. Nobody needs to worry about credentials — the service broker automates it all.
The Folks Behind the Magic
A team of people from far and wide across Microsoft came together to pull off this magic. If I listed them all here, this post would be twice as long. You know who you are, and I’m grateful to be able to work with you all every day. I can’t wait for what’s next!
This post was inspired by my colleague and friend Matt Butcher’s wonderful post: “If Kubernetes Is Your Home, Helm is Your Ikea”