Nesta página, mostramos como implantar o Cloud Service Broker do Kf para Google Cloud e usá-lo para provisionar ou desprovisionar recursos de backup. Leia sobre os conceitos e a arquitetura para saber mais sobre o Cloud Service Broker do Kf.
Criar variáveis de ambiente
Linux
export PROJECT_ID=YOUR_PROJECT_ID export CLUSTER_PROJECT_ID=YOUR_PROJECT_ID export CLUSTER_NAME=kf-cluster export INSTANCE_NAME=cloud-service-broker export COMPUTE_REGION=us-central1
Windows Powershell
Set-Variable -Name PROJECT_ID -Value YOUR_PROJECT_ID Set-Variable -Name CLUSTER_PROJECT_ID -Value YOUR_PROJECT_ID Set-Variable -Name CLUSTER_NAME -Value kf-cluster Set-Variable -Name INSTANCE_NAME -Value cloud-service-broker Set-Variable -Name COMPUTE_REGION -Value us-central1
Configurar o banco de dados do Cloud Service Broker do Kf
Crie uma instância do Cloud SQL para MySQL.
gcloud sql instances create ${INSTANCE_NAME} --cpu=2 --memory=7680MB --require-ssl --region=${COMPUTE_REGION}Crie um banco de dados chamado
servicebrokerna instância do Cloud SQL para MySQL.gcloud sql databases create servicebroker -i ${INSTANCE_NAME}Crie um nome de usuário e uma senha a serem usados pelo Cloud Service Broker do Kf.
gcloud sql users create csbuser -i ${INSTANCE_NAME} --password=csbpassword
Configurar uma conta de serviço do Google (GSA) para o Cloud Service Broker do Kf
Crie uma conta de serviço do Google.
gcloud iam service-accounts create csb-${CLUSTER_NAME}-sa \ --project=${CLUSTER_PROJECT_ID} \ --description="GSA for CSB at ${CLUSTER_NAME}" \ --display-name="csb-${CLUSTER_NAME}"Conceda permissões
roles/cloudsql.clientà conta de serviço. Isso é necessário para conectar o pod do Cloud Service Broker do Kf à instância do Cloud SQL para MySQL pelo proxy de autenticação do Cloud SQL.gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/cloudsql.client"Conceda permissões adicionais do Google Cloud à conta de serviço.
gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/compute.networkUser"gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/cloudsql.admin"gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --role="roles/redis.admin"Verifique as permissões.
gcloud projects get-iam-policy ${CLUSTER_PROJECT_ID} \ --filter='bindings.members:serviceAccount:"CSB_SERVICE_ACCOUNT_NAME"' \ --flatten="bindings[].members"
Configurar a identidade da carga de trabalho do Cloud Service Broker do Kf
Vincule a conta de serviço do Google à conta de serviço do Kubernetes.
gcloud iam service-accounts add-iam-policy-binding "csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --project=${CLUSTER_PROJECT_ID} \ --role="roles/iam.workloadIdentityUser" \ --member="serviceAccount:${CLUSTER_PROJECT_ID}.svc.id.goog[kf-csb/csb-user]"Confira a vinculação.
gcloud iam service-accounts get-iam-policy "csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \ --project=${CLUSTER_PROJECT_ID}
Configurar um secret do Kubernetes para compartilhar a configuração com o Cloud Service Broker do Kf
Crie um arquivo config.yml.
cat << EOF >> ./config.yml gcp: credentials: "" project: ${CLUSTER_PROJECT_ID}db: host: 127.0.0.1 password: csbpassword user: csbuser tls: false api: user: servicebroker password: password EOFCrie o namespace
kf-csb:kubectl create ns kf-csbCrie o secret do Kubernetes.
kubectl create secret generic csb-secret --from-file=config.yml -n kf-csb
Instalar o Cloud Service Broker do Kf
Faça o download do
kf-csb.yml.gcloud storage cp gs://kf-releases/csb/v1.0.0/kf-csb.yaml /tmp/kf-csb.yamlEdite
/tmp/kf-csb.yamle substitua os marcadores pelos valores finais. No exemplo abaixo,sedé usado.sed -i "s|<GSA_NAME>|csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com|g" /tmp/kf-csb.yamlsed -i "s|<INSTANCE_CONNECTION_NAME>|${CLUSTER_PROJECT_ID}:${COMPUTE_REGION}:${INSTANCE_NAME}|g" /tmp/kf-csb.yamlsed -i "s|<DB_PORT>|3306|g" /tmp/kf-csb.yamlAplique o yaml para o Cloud Service Broker do Kf.
kubectl apply -f /tmp/kf-csb.yamlVerifique o status de instalação do Cloud Service Broker do Kf.
kubectl get pods -n kf-csb
Criar um agente de serviços
kf create-service-broker cloud-service-broker servicebroker password http://csb-controller.kf-csb/Como validar a instalação
Verifique os serviços disponíveis no mercado.
kf marketplaceSe tudo estiver instalado e configurado corretamente, você verá o seguinte:
$ kf marketplace
Broker Name Namespace Description
cloud-service-broker csb-google-bigquery A fast, economical and fully managed data warehouse for large-scale data analytics.
cloud-service-broker csb-google-dataproc Dataproc is a fully-managed service for running Apache Spark and Apache Hadoop clusters in a simpler, more cost-efficient way.
cloud-service-broker csb-google-mysql Mysql is a fully managed service for the Google Cloud Platform.
cloud-service-broker csb-google-postgres PostgreSQL is a fully managed service for the Google Cloud Platform.
cloud-service-broker csb-google-redis Cloud Memorystore for Redis is a fully managed Redis service for the Google Cloud Platform.
cloud-service-broker csb-google-spanner Fully managed, scalable, relational database service for regional and global application data.
cloud-service-broker csb-google-stackdriver-trace Distributed tracing service
cloud-service-broker csb-google-storage-bucket Google Cloud Storage that uses the Terraform back-end and grants service accounts IAM permissions directly on the bucket.
A seguir
- Teste o Cloud Service Broker do Kf com nosso Guia do Spring Music.
Limpar
Exclua cloud-service-broker.
kf delete-service-broker cloud-service-brokerExclua os componentes do CSB.
kubectl delete ns kf-csbExclua a instância do Cloud SQL para MySQL do Cloud Service Broker do Kf.
gcloud sql instances delete ${INSTANCE_NAME} --project=${CLUSTER_PROJECT_ID}Remova as vinculações da política de IAM.
gcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \ --role=roles/cloudsql.clientgcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \ --role=roles/compute.networkUsergcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \ --member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \ --role=roles/redis.adminRemova o GSA.
gcloud iam service-accounts delete csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com \ --project=${CLUSTER_PROJECT_ID}