Create a plugin

This page describes how to create Service Extensions plugins that you can use to implement edge extensibility with Google Cloud services such as Media CDN.

For a product overview, see Service Extensions overview.

Before you begin

1. Prepare and upload the files required to create a plugin.

2. Get the required Identity and Access Management (IAM) roles and permissions.

3. Enable the Network Services API, if it's not already enabled.

   gcloud services enable networkservices.googleapis.com
   

4. If you intend to enable logging for the plugin, enable the Service Extensions API.

   gcloud services enable networkactions.googleapis.com
   

Create a plugin

Creating a plugin entails specifying a container image that contains the plugin code, adding a Wasm action, and specifying labels and logging options for the plugin.

1. Create a plugin by running the gcloud service-extensions wasm-plugins create command:

   gcloud service-extensions wasm-plugins create WASM_PLUGIN \
        --description=PLUGIN_DESCRIPTION \
        --labels=[LABELS,...] \
        --log-config=[LOG_CONFIG,...] \
        --image=IMAGE \
        --main-version=MAIN_VERSION \
        --plugin-config=PLUGIN_CONFIG | --plugin-config-file=PLUGIN_CONFIG_FILE | --plugin-config-uri=PLUGIN_CONFIG_URI
   

   Replace the following:

   • WASM_PLUGIN: the ID or the fully qualified name of the plugin
   • PLUGIN_DESCRIPTION: a description of the plugin
   • LABELS: labels in the form of key-value pairs separated by commas

   • LOG_CONFIG: logging options for the plugin. When the enable option is not set (the default) or set to false, logs are not captured for the plugin. To enable logging, set the enable option to true. Then, specify the following details:

     • sample-rate: the sampling rate of activity logs as a value between 0 and 1. The value 0 indicates that log messages are not stored. The default value 1 indicates that all log messages are stored. A floating point value between 0.0 and 1.0 indicates that a percentage of log messages is stored.

     • min-log-level: the minimum severity level of plugin log messages to be exported to Cloud Logging. The default value is INFO.

   • IMAGE: the URI of the container image with the Wasm module stored in the Artifact Registry repository. Before you specify a container image from another project, ensure that Service Extensions has access to it.

   • MAIN_VERSION: the ID of the plugin version to create and set as the main (active) version

   • PLUGIN_CONFIG, PLUGIN_CONFIG_FILE, or PLUGIN_CONFIG_URI: the optional configuration file, which can be specified as a text file, a local file, or a container image in Artifact Registry, respectively

   For example:

   gcloud service-extensions wasm-plugins create my-plugin \
       --description="This is my plugin." \
       --log-config=enable=true,sample-rate=0.5,min-log-level=INFO \
       --labels=key1=value1,key2=value2 \
       --image=...-docker.pkg.dev/my-project/repository/container:tag \
       --main-version=v1 \
       --plugin-config=config.txt
   

2. Create a Wasm action for the plugin by running the gcloud service-extensions wasm-actions create command:

   gcloud service-extensions wasm-actions create WASM_ACTION \
       --wasm-plugin=WASM_PLUGIN \
       --supported-events=[EVENT,...]
   

   Replace the following:

   • WASM_ACTION: the ID or the fully qualified name of the Wasm action
   • WASM_PLUGIN: the name of the plugin to which you want to attach the action
   • EVENT: the portion of the payload to be processed by the plugin as indicated by either or both of these values: request-headers or response-headers. If not specified, both headers are processed.

3. Deploy your plugin in Media CDN routes.

It might take several minutes for a plugin to be created and the related success message to appear. It might take a few more minutes for the new plugin to be distributed across all locations. The number of minutes might vary across locations because the plugin is not delivered to all locations simultaneously.

Access container images in another project

Before you can select container images from another project, the Service Extensions service agent must have access to the project repository and artifactregistry.repositories.downloadArtifacts permission on the project.

The Service Extensions service agent is named as follows:

service-PROJECT_NUMBER@gcp-sa-networkactions.iam.gserviceaccount.com

Replace PROJECT_NUMBER with your project number.

What's next

• Learn how to deploy plugins in Media CDN routes.
• Learn how to manage plugins.
• See the Service Extensions overview.