This page describes how to create Service Extensions plugins that you can use to implement extensibility with Google Cloud services.
For a product overview, see Service Extensions overview.
Before you begin
Prepare and upload the files required to create a plugin.
Get the required Identity and Access Management (IAM) roles and permissions.
Enable the Network Services API, if it's not already enabled.
gcloud services enable networkservices.googleapis.com
If you intend to enable logging for the plugin, enable the Network Actions API.
gcloud services enable networkactions.googleapis.com
Create a plugin
Creating a plugin entails specifying a container image that contains the plugin code and specifying labels and logging options for the plugin.
Console
To create a plugin, follow these steps:
In the Google Cloud console, go to the Service Extensions page.
Click the Plugins tab.
Click Create plugin.
In the Basics section, do the following:
Enter a unique plugin name.
The name must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens and must not end with a hyphen.
Optional: Enter a brief description about the plugin by using up to 1024 characters.
In the Container image section, do the following:
For Plugin version name, specify a name for the plugin version.
The name must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens and must not end with a hyphen.
Optional: For Plugin version description, enter a brief description about the plugin version by using up to 1024 characters.
For Container image URL, click Select, and then select the container image with the Wasm module from the Artifact Registry pane.
The Artifact Registry pane displays the folders in the repository that's connected to the current project.
To select a container image from another project, ensure that Service Extensions has access to it, and then click Change, next to the project name.
Locate the container image, and then click Select.
Optional: In the Plugin configuration section, to associate a configuration file with the plugin, select the Add plugin configuration checkbox, and then select either of the following options:
Upload plugin configuration file: If your file size is less than 900 KiB, click Browse to locate the file in your local drive.
Select plugin configuration image from Artifact Registry: If your file size is more than 900 KiB, click Select, and then select the image from the Artifact Registry pane.
Optional: In the Labels section, click Add label. Then, in the row that appears, do the following:
- For Key, enter a key name.
- For Value, enter a value for the key.
To add more key-value pairs, with the maximum limit being 64, click Add label.
For more information about labels, see Create and update labels.
Optional: In the Logging section, select Enable logging and do the following:
For Sample rate, specify a value between
0
and1
. The value0
indicates that log messages are not stored. The default value1
indicates that all log messages are stored. A floating point value between0.0
and1.0
indicates that a percentage of log messages is stored.For Minimum log level, select the minimum severity level of plugin log messages to be exported to Cloud Logging. The default value is
Info and higher
.
Click Create.
gcloud
Create a plugin by running the
gcloud beta service-extensions wasm-plugins create
command:gcloud beta service-extensions wasm-plugins create WASM_PLUGIN \ --description=PLUGIN_DESCRIPTION \ --labels=[LABELS,...] \ --log-config=[LOG_CONFIG,...] \ --image=IMAGE \ --main-version=MAIN_VERSION \ --plugin-config=PLUGIN_CONFIG | --plugin-config-file=PLUGIN_CONFIG_FILE | --plugin-config-uri=PLUGIN_CONFIG_URI
Replace the following:
WASM_PLUGIN
: the ID or the fully qualified name of the pluginPLUGIN_DESCRIPTION
: a description of the pluginLABELS
: labels in the form of key-value pairs separated by commasLOG_CONFIG
: logging options for the plugin. When theenable
option is set tofalse
, logs are not captured for the plugin. To enable logging, set theenable
option totrue
. Then, specify the following details:sample-rate
: the sampling rate of activity logs as a value between0
and1
. The value0
indicates that log messages are not stored. The default value1
indicates that all log messages are stored. A floating point value between0.0
and1.0
indicates that a percentage of log messages is stored.min-log-level
: the minimum severity level of plugin log messages to be exported to Cloud Logging. The default value isINFO
.
IMAGE
: the URI of the container image with the Wasm module stored in the Artifact Registry repository. Before you specify a container image from another project, ensure that Service Extensions has access to it.MAIN_VERSION
: the ID of the plugin version to create and set as the main (active) versionPLUGIN_CONFIG
,PLUGIN_CONFIG_FILE
, orPLUGIN_CONFIG_URI
: the optional configuration data, which can be specified as text, a local file, or a container image in Artifact Registry, respectively
For example:
gcloud beta service-extensions wasm-plugins create my-plugin \ --description="This is my plugin." \ --log-config=enable=true,sample-rate=0.5,min-log-level=INFO \ --labels=key1=value1,key2=value2 \ --image=...-docker.pkg.dev/my-project/repository/container:tag \ --main-version=v1 \ --plugin-config=config.txt
To run these plugins, you can configure Cloud Load Balancing extensions and Media CDN extensions.
Access container images in another project
Before you can select container images from another project, the
Service Extensions service agent must have
access to the project repository
and artifactregistry.repositories.downloadArtifacts
permission on the project.
The Service Extensions service agent is named as follows:
service-PROJECT_NUMBER@gcp-sa-networkactions.iam.gserviceaccount.com
Replace PROJECT_NUMBER
with your project number.
What's next
- Learn how to configure Cloud Load Balancing route and traffic plugins.
- Learn how to attach plugins to Media CDN routes.
- Learn how to manage plugins.
- See the Service Extensions overview.