Versi 2.7

Versi yang tersedia

2.11 - Versi terbaru
2.10
2.9
2.7 - EOL/Didukung
2.6 - EOL/Tidak Didukung
2.8 - EOL/Tidak Didukung
2.5 - EOL/OL1 Tidak Didukung
{1/OL1/OL1}Tidak Didukung
{1/OL1/OL1}Tidak Didukung

Deploy Broker Layanan Cloud Kf

Halaman ini menunjukkan cara men-deploy Kf Cloud Service Broker untuk Google Cloud dan menggunakannya untuk menyediakan atau mencabut akses resource pendukung. Baca konsep dan arsitektur untuk mempelajari lebih lanjut Kf Cloud Service Broker.

Membuat variabel lingkungan

Linux

export PROJECT_ID=YOUR_PROJECT_ID
export CLUSTER_PROJECT_ID=YOUR_PROJECT_ID
export CLUSTER_NAME=kf-cluster
export INSTANCE_NAME=cloud-service-broker
export COMPUTE_REGION=us-central1

Windows PowerShell

Set-Variable -Name PROJECT_ID -Value YOUR_PROJECT_ID
Set-Variable -Name CLUSTER_PROJECT_ID -Value YOUR_PROJECT_ID
Set-Variable -Name CLUSTER_NAME -Value kf-cluster
Set-Variable -Name INSTANCE_NAME -Value cloud-service-broker
Set-Variable -Name COMPUTE_REGION -Value us-central1

Menyiapkan database Kf Cloud Service Broker

Membuat instance Cloud SQL untuk MySQL

Catatan: Baca Membuat dan mengelola pengguna MySQL untuk Cloud SQL untuk MySQL dan menetapkan sandi aman untuk pengguna root default.
```
gcloud sql instances create ${INSTANCE_NAME} --cpu=2 --memory=7680MB --require-ssl --region=${COMPUTE_REGION}
```
Buat database bernama servicebroker di instance Cloud SQL untuk MySQL.

Catatan: Dokumentasikan nama database karena digunakan pada langkah-langkah selanjutnya.
```
gcloud sql databases create servicebroker -i ${INSTANCE_NAME}
```
Buat nama pengguna dan sandi yang akan digunakan oleh Kf Cloud Service Broker.

Catatan: Dokumentasikan nilai ini karena akan digunakan pada langkah-langkah berikutnya.
```
gcloud sql users create csbuser -i ${INSTANCE_NAME} --password=csbpassword
```

Menyiapkan Akun Layanan Google untuk Kf Cloud Service Broker

Buat Akun Layanan Google.

gcloud iam service-accounts create csb-${CLUSTER_NAME}-sa \
  --project=${CLUSTER_PROJECT_ID} \
  --description="GSA for CSB at ${CLUSTER_NAME}" \
  --display-name="csb-${CLUSTER_NAME}"

Beri roles/cloudsql.client izin ke Akun Layanan. Langkah ini diperlukan untuk menghubungkan pod Kf Cloud Service Broker ke instance Cloud SQL untuk MySQL melalui proxy Cloud SQL Auth.

gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \
  --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \
  --role="roles/cloudsql.client"

Memberikan izin Google Cloud tambahan ke Akun Layanan.

gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \
  --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \
  --role="roles/compute.networkUser"

gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \
  --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \
  --role="roles/cloudsql.admin"

gcloud projects add-iam-policy-binding ${CLUSTER_PROJECT_ID} \
  --member="serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \
  --role="roles/redis.admin"

Verifikasi izin.

Peringatan: Ganti variabel CSB_SERVICE_ACCOUNT_NAME pada YAML di bawah dengan akun layanan lengkap yang di-resolve dari csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com
```
gcloud projects get-iam-policy ${CLUSTER_PROJECT_ID} \
  --filter='bindings.members:serviceAccount:"CSB_SERVICE_ACCOUNT_NAME"' \
  --flatten="bindings[].members"
```

Menyiapkan Workload Identity untuk Kf Cloud Service Broker

Ikat Akun Layanan Google dengan Akun Layanan Kubernetes.

gcloud iam service-accounts add-iam-policy-binding "csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \
  --project=${CLUSTER_PROJECT_ID} \
  --role="roles/iam.workloadIdentityUser" \
  --member="serviceAccount:${CLUSTER_PROJECT_ID}.svc.id.goog[kf-csb/csb-user]"

Verifikasi binding.

gcloud iam service-accounts get-iam-policy "csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com" \
  --project=${CLUSTER_PROJECT_ID}

Siapkan Kubernetes Secret untuk membagikan konfigurasi dengan Kf Cloud Service Broker

Buat file config.yml.

cat << EOF >> ./config.yml
gcp:
  credentials: ""
  project: ${CLUSTER_PROJECT_ID}
db:
  host: 127.0.0.1
  password: csbpassword
  user: csbuser
  tls: false
api:
  user: servicebroker
  password: password
EOF

Buat namespace kf-csb.
```
kubectl create ns kf-csb
```

Membuat Secret Kubernetes.

kubectl create secret generic csb-secret --from-file=config.yml -n kf-csb

Instal Broker Layanan Cloud Kf

Download kf-csb.yml.

gsutil cp gs://kf-releases/csb/v1.0.0/kf-csb.yaml /tmp/kf-csb.yaml

Mengedit /tmp/kf-csb.yaml dan mengganti placeholder dengan nilai akhir. Dalam contoh di bawah ini, sed digunakan.

sed -i "s|<GSA_NAME>|csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com|g" /tmp/kf-csb.yaml
sed -i "s|<INSTANCE_CONNECTION_NAME>|${CLUSTER_PROJECT_ID}:${COMPUTE_REGION}:${INSTANCE_NAME}|g" /tmp/kf-csb.yaml
sed -i "s|<DB_PORT>|3306|g" /tmp/kf-csb.yaml

Terapkan yaml untuk Kf Cloud Service Broker.
```
kubectl apply -f /tmp/kf-csb.yaml
```
Verifikasi status penginstalan Kf Cloud Service Broker.
```
kubectl get pods -n kf-csb
```

Membuat broker layanan

  kf create-service-broker cloud-service-broker servicebroker password http://csb-controller.kf-csb/

Memvalidasi penginstalan

Memeriksa layanan yang tersedia di marketplace.

  kf marketplace

Jika semuanya sudah diinstal dan dikonfigurasi dengan benar, Anda akan melihat berikut ini:

  $ kf marketplace

  Broker                Name                          Namespace  Description
  cloud-service-broker  csb-google-bigquery                      A fast, economical and fully managed data warehouse for large-scale data analytics.
  cloud-service-broker  csb-google-dataproc                      Dataproc is a fully-managed service for running Apache Spark and Apache Hadoop clusters in a simpler, more cost-efficient way.
  cloud-service-broker  csb-google-mysql                         Mysql is a fully managed service for the Google Cloud Platform.
  cloud-service-broker  csb-google-postgres                      PostgreSQL is a fully managed service for the Google Cloud Platform.
  cloud-service-broker  csb-google-redis                         Cloud Memorystore for Redis is a fully managed Redis service for the Google Cloud Platform.
  cloud-service-broker  csb-google-spanner                       Fully managed, scalable, relational database service for regional and global application data.
  cloud-service-broker  csb-google-stackdriver-trace             Distributed tracing service
  cloud-service-broker  csb-google-storage-bucket                Google Cloud Storage that uses the Terraform back-end and grants service accounts IAM permissions directly on the bucket.

Pembersihan

Hapus broker-layanan cloud.

kf delete-service-broker cloud-service-broker

Menghapus komponen CSB.
```
kubectl delete ns kf-csb
```

Hapus instance Cloud SQL untuk MySQL Service Broker Kf Cloud.

gcloud sql instances delete ${INSTANCE_NAME} --project=${CLUSTER_PROJECT_ID}

Menghapus binding kebijakan IAM.

gcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \
--member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \
--role=roles/cloudsql.client

gcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \
--member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \
--role=roles/compute.networkUser

gcloud projects remove-iam-policy-binding ${CLUSTER_PROJECT_ID} \
--member='serviceAccount:csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com' \
--role=roles/redis.admin

Hapus GSA.

gcloud iam service-accounts delete csb-${CLUSTER_NAME}-sa@${CLUSTER_PROJECT_ID}.iam.gserviceaccount.com \
  --project=${CLUSTER_PROJECT_ID}

Apa langkah selanjutnya?

Uji Kf Cloud Service Broker dengan panduan Spring Music kami.