Cette page vous explique comment déployer Kf Cloud Service Broker pour Google Cloud et l'utiliser pour provisionner ou annuler la gestion des ressources de sauvegarde. Découvrez les concepts et l'architecture pour en savoir plus sur Kf Cloud Service Broker.
Créez des variables d'environnement
Linux
export PROJECT_ID=YOUR_PROJECT_ID export CLUSTER_PROJECT_ID=YOUR_PROJECT_ID export CLUSTER_NAME=kf-cluster export INSTANCE_NAME=cloud-service-broker export COMPUTE_REGION=us-central1
Windows PowerShell
Set-Variable -Name PROJECT_ID -Value YOUR_PROJECT_ID Set-Variable -Name CLUSTER_PROJECT_ID -Value YOUR_PROJECT_ID Set-Variable -Name CLUSTER_NAME -Value kf-cluster Set-Variable -Name INSTANCE_NAME -Value cloud-service-broker Set-Variable -Name COMPUTE_REGION -Value us-central1
Configurer la base de données Kf Cloud Service Broker
Créer une instance Cloud SQL pour MySQL
gcloud sql instances create ${INSTANCE_NAME} --cpu=2 --memory=7680MB --require-ssl --region=${COMPUTE_REGION}
Créez une base de données nommée
servicebroker
dans l'instance Cloud SQL pour MySQL.gcloud sql databases create servicebroker -i ${INSTANCE_NAME}
Créez un nom d'utilisateur et un mot de passe pour Kf Cloud Service Broker.
gcloud sql users create csbuser -i ${INSTANCE_NAME} --password=csbpassword
Configurer un compte de service Google pour Kf Cloud Service Broker
Créez un compte de service Google.
gcloud iam service-accounts create csb-${CLUSTER_NAME}-sa \ --project=${CLUSTER_PROJECT_ID} \ --description="GSA for CSB at ${CLUSTER_NAME}" \ --display-name="csb-${CLUSTER_NAME}"
Accordez des autorisations
roles/cloudsql.client
au compte de service. Cette opération est nécessaire pour connecter le pod Kf Cloud Service Broker à l'instance Cloud SQL pour MySQL via le proxy d'authentification Cloud SQL.gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/cloudsql.client"
Accordez des autorisations Google Cloud supplémentaires au compte de service.
gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/compute.networkUser"
gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/cloudsql.admin"
gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/redis.admin"
Validez les autorisations.
gcloud projects get-iam-policy ${CLUSTER_PROJECT_ID} \ --filter='bindings.members:serviceAccount:"CSB_SERVICE_ACCOUNT_NAME"' \ --flatten="bindings[].members"
Configurer Workload Identity pour Kf Cloud Service Broker
Associez le compte de service Google au compte de service Kubernetes.
gcloud iam service-accounts add-iam-policy-binding "csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --project=${CLUSTER_PROJECT_ID} \ --role="roles/iam.workloadIdentityUser" \ --member="serviceAccount:${CLUSTER_PROJECT_ID}.svc.id.goog[kf-csb/csb-user]"
Validez la liaison.
gcloud iam service-accounts get-iam-policy "csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --project=${CLUSTER_PROJECT_ID}
Configurer un secret Kubernetes pour partager la configuration avec Kf Cloud Service Broker
Créez un fichier config.yml.
cat << EOF >> ./config.yml gcp: credentials: "" project: ${CLUSTER_PROJECT_ID}
db: host: 127.0.0.1 password: csbpassword user: csbuser tls: false api: user: servicebroker password: password EOF
Créez l'espace de noms
kf-csb
.kubectl create ns kf-csb
Créez le secret Kubernetes.
kubectl create secret generic csb-secret --from-file=config.yml -n kf-csb
Installer Kf Cloud Service Broker
Téléchargez le fichier
kf-csb.yml
.gsutil cp gs://kf-releases/csb/v1.0.0/kf-csb.yaml /tmp/kf-csb.yaml
Modifiez
/tmp/kf-csb.yaml
et remplacez les espaces réservés par les valeurs finales. Dans l'exemple ci-dessous,sed
est utilisé.sed -i "s|<GSA_NAME>|csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com|g" /tmp/kf-csb.yaml
sed -i "s|<INSTANCE_CONNECTION_NAME>|${CLUSTER_PROJECT_ID}:${COMPUTE_REGION}:${INSTANCE_NAME}|g" /tmp/kf-csb.yaml
sed -i "s|<DB_PORT>|3306|g" /tmp/kf-csb.yaml
Appliquez le fichier yaml pour Kf Cloud Service Broker.
kubectl apply -f /tmp/kf-csb.yaml
Vérifiez l'état d'installation de Kf Cloud Service Broker.
kubectl get pods -n kf-csb
Créer un agent de service
kf create-service-broker cloud-service-broker servicebroker password http://csb-controller.kf-csb/
Valider l'installation
Vérifiez les services disponibles sur la place de marché.
kf marketplace
Si tous les éléments sont correctement installés et configurés, vous devriez obtenir le résultat suivant :
$ kf marketplace
Broker Name Namespace Description
cloud-service-broker csb-google-bigquery A fast, economical and fully managed data warehouse for large-scale data analytics.
cloud-service-broker csb-google-dataproc Dataproc is a fully-managed service for running Apache Spark and Apache Hadoop clusters in a simpler, more cost-efficient way.
cloud-service-broker csb-google-mysql Mysql is a fully managed service for the Google Cloud Platform.
cloud-service-broker csb-google-postgres PostgreSQL is a fully managed service for the Google Cloud Platform.
cloud-service-broker csb-google-redis Cloud Memorystore for Redis is a fully managed Redis service for the Google Cloud Platform.
cloud-service-broker csb-google-spanner Fully managed, scalable, relational database service for regional and global application data.
cloud-service-broker csb-google-stackdriver-trace Distributed tracing service
cloud-service-broker csb-google-storage-bucket Google Cloud Storage that uses the Terraform back-end and grants service accounts IAM permissions directly on the bucket.
Effectuer un nettoyage
Supprimez cloud-service-broker.
kf delete-service-broker cloud-service-broker
Supprimez les composants CSB.
kubectl delete ns kf-csb
Supprimez l'instance Cloud SQL pour MySQL Kf Cloud Service Broker.
gcloud sql instances delete ${INSTANCE_NAME} --project=${CLUSTER_PROJECT_ID}
Supprimez les liaisons de stratégie IAM.
gcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \ --role=roles/cloudsql.client
gcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \ --role=roles/compute.networkUser
gcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \ --role=roles/redis.admin
Supprimez le GSA.
gcloud iam service-accounts delete csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com \ --project=${CLUSTER_PROJECT_ID}
Étape suivante
- Testez Kf Cloud Service Broker dans notre guide Spring Music.