Use Kubernetes Helm Packages to Build Tanzu Application Service tiles. Kibosh, a New Service Broker, Makes It Simple.

April 17, 2018 Jared Ruckle

Jeenal Shah, Matt Cholick, and the Pivotal platform engineering team love a challenge. So when they got an opportunity to bring Cloud Foundry and Kubernetes closer together, the team jumped at the chance.

Whether you’re pushing apps to Cloud Foundry, or running containers in Kubernetes, you need an easy way to attach services to your code. Both projects have converged on the Open Service Broker API as the mechanism for this task. Why the need for sharing tooling between the projects?

Customers turn to Pivotal to solve problems for them. They want to ship apps, but the 12-factor pattern doesn’t cover everything. Kubernetes and Pivotal Container Service opens up the door to solving many of the other scenarios,” said Cholick. “When you have an app platform and Kubernetes running side-by-side, you want to use common abstractions wherever possible.”

Here’s where it gets tricky. Say you’re an ISV looking to offer an installable version of your software—like a database, or API gateway, or code repository—for users of Cloud Foundry and Kubernetes. Until now, you’ve had to maintain two versions of your product: a tile for use with Pivotal Cloud Foundry and a Helm package for Kubernetes. Not impossible, but not ideal either.

“Several ISVs already have fully-supported Helm charts for their code. We’re pragmatic, so we decided to meet people where they are,” Cholick notes. “The question became, ‘how do we make it easy for ISVs to ‘port’ their Helm packages into the familiar PCF tile?’”

The answer turned out to be refreshingly straightforward with the introduction of PKS. The platform engineering team figured that PKS gave ISVs a way to deploy on-demand services in Kubernetes, and make them available to Pivotal Application Service.

“The team began by thinking about the starting point, the ISV’s Helm chart. The outcome we wanted was well-understood, too. We wanted the partner to have an integrated tile that was easy to maintain,” Shah said. “So the engineering task in front of us was a bridging exercise.”

The outcome of this work? Kibosh, a nifty utility for software publishers. The project was recently opened sourced by Pivotal’s platform engineering team.

The whiteboard from the Kibosh inception session.

Meet Kibosh, the ISV’s Best Friend

What is Kibosh exactly?

“Kibosh is an open service broker that, when asked to create that service, will deploy a Helm chart to PKS,” Shah explains.

“There are two components to it. First, there’s a generic OSBAPI compliant broker that provisions a Helm chart in a cluster. The second part is the Helm chart itself. This could come from an ISV, or anyone, really. The software publisher then uses the Tile Generator to package the Helm chart, along with Kibosh, into a tile. Users then download and install the tile into their PCF deployment normally.”

So what happens after an operator installs the tile? How does it work if you’re a developer? Let’s answer this through the lens of two familiar CF cli commands:

  • cf create-service calls to Kibosh will create the collection of Kubernetes resources described by the chart.

  • cf bind-service calls to Kibosh will expose back any services and secrets created by the chart

A UML diagram of the workflow in Kibosh. Source: Kibosh Github repo.

Cholick offers a more concise summary of Kibosh: it’s the right abstraction for ISVs who want to offer their software to Pivotal Cloud Foundry users.

“ISVs want their software to be easily packaged and consumed by customers. If they’ve already built Helm charts, and are maintaining that for their customers, why wouldn’t we want to embrace that? The end result is a thriving marketplace that gives our customers lots of choice and flexibility. It’s also great for our partners, because they have new business opportunities with minimal engineering overhead.”

According to Cholick, the story gets even better for partners.

“Another challenge partners face - similar to what platform operators face - is our pace of change. Pivotal ships a lot of software quite quickly. And our partners want to focus on improving their core product. So we want to minimize the work, and re-work to their integration code. If parties don’t have to spend time owning and maintaining incremental packaging, they’re better able to maintain an integration. The tile generator is one of the pieces of code we wrote and maintain to help address that. BOSH, the deployment toolchain for distributed systems, is always there if you need that power to accomplish an integration.”

Kibosh is an MVP - So Try It Out!

In recent weeks, Pivotal’s platform team has worked with partners to kick the tires on Kibosh.

“Kibosh is a fit for really any type of add-on service. If you need to store state, like with Postgres, a cache, or NoSQL database, you should try Kibosh out,” Shah suggests. “DevOps tools and even low-code platforms will find the project useful as well.”

What else should partners know about Kibosh? If you’ve worked with the platform engineering team before, you can expect assistance to build integrations using Kibosh in the coming months.

“We’ve been focusing this year on how we can build tooling to support integrations, and Kibosh is one of the results. The cf marketplace is a powerful, self-service developer experience,” adds Cholick. “It’s so liberating as dev to be able to say ‘My application stores state, so I’m simply go to type cf create-service postgres default-plan my-app-postgres’”.

ISVs should also stay tuned for Hsobik, a project that aims to populate the Kubernetes service catalog with tried-and-true PAS marketplace services. This effort will help enterprises quickly grow the marketplace of available services for PKS deployments.

Why Cloud Foundry AND Kubernetes

As a good rule of thumb, you should use the highest abstraction you can get away with. Why? With the right abstraction, toil is minimized. You can focus on delivering your unique business value through software.

In this case, Kubernetes, the Open Service Broker API, and Kibosh are the trifecta of handy abstractions. Together, they are a useful way to run pre-packaged software, from a third-party ISV or from internal, in-house development teams. What’s more, this standard pattern brings more choice to the universe of services a developer can use with their apps. And that’s good news in every scenario.

“Just one tool on its own is incomplete. You need to have an app platform, Kubernetes, and serverless models. And it should be easy for devs to add the right service to all their code. That’s our North Star on the partner team,” said Shah.

Pivotal’s ecosystem teams have been busy building nifty tools to help bring partner tech to the Cloud Foundry ecosystem, including Kibosh, the Tile Generator, and the On-Demand Services SDK. Want to know more about bring your tech to the Pivotal customer base? Visit us at CF Summit in Boston this week, or attend an upcoming Partner Days workshop.

About the Author

Jared Ruckle

Jared works in product marketing at VMware.

Follow on Twitter Follow on Linkedin More Content by Jared Ruckle
Previous
Need to Secure Credentials for Off-Platform Services in PCF? Try the CredHub Service Broker, Now in Beta! We Take an Inside Look.
Need to Secure Credentials for Off-Platform Services in PCF? Try the CredHub Service Broker, Now in Beta! We Take an Inside Look.

Pivotal released the CredHub Service Broker as a beta. It's a service broker that helps developers secure o...

Next
Open Service Broker for Azure
Open Service Broker for Azure