/gcp-service-broker

Cloud Foundry service broker for Google Cloud Platform services

Primary LanguageGoApache License 2.0Apache-2.0

Cloud Foundry Service Broker for Google Cloud Platform

This is the home of the Cloud Foundry Service Broker for Google Cloud Platform. For a demo of installing and using the broker, see here

Background

Service Brokers

This product is a Cloud Foundry Service Broker. It adheres to v2.8 of the Service Broker API.

Google Cloud Platform (GCP)

GCP is a cloud service provider. In addition to VMs and networking, many other useful services are available. The ones available through this Service Broker are:

Installation

Requires Go 1.8 and the associated buildpack.

Installing as a Pivotal Ops Manager tile

Documentation for installing as a Pivotal Ops Manager tile is available here

  1. Go to Google Cloud Console and sign up, walking through the setup wizard
  2. Next to the Google Cloud Platform logo in the upper left-hand corner, click the dropdown and select "Create Project"
  3. Give your project a name and click "Create"
  4. When the project is created (a notification will show in the upper right), refresh the page.

Enable the following services in API Manager > Library.

  1. Enable the Google Cloud Resource Manager API
  2. Enable the Google Identity and Access Management (IAM) API
  3. If you want to enable Cloud SQL as a service, enable the Cloud SQL API
  4. If you want to enable BigQuery as a service, enable the BigQuery API
  5. If you want to enable Cloud Storage as a service, enable the Cloud Storage API
  6. If you want to enable Pub/Sub as a service, enable the Cloud Pub/Sub API
  7. If you want to enable Bigtable as a service, enable the Bigtable Admin API
  8. If you want to enable Datastore as a service, enable the Datastore API
  1. From the GCP console, navigate to IAM & Admin > Service accounts and click Create Service Account.
  2. Enter a Service account name.
  3. Select the checkbox to Furnish a new Private Key, and then click Create.
  4. Save the automatically downloaded key file to a secure location.
  5. Navigate to IAM & Admin > IAM and locate your service account.
  6. From the dropdown on the right, choose Project > Owner and click Save.
  1. Create new MySQL instance
  2. Run CREATE DATABASE servicebroker;
  3. Run CREATE USER '<username>'@'%' IDENTIFIED BY '<password>';
  4. Run GRANT ALL PRIVILEGES ON servicebroker.* TO '<username>'@'%' WITH GRANT OPTION;
  5. (Optional) create SSL certs for the database and save them somewhere secure

Add these to the env section of manifest.yml

  • ROOT_SERVICE_ACCOUNT_JSON (the string version of the credentials file created for the Owner level Service Account)
  • SECURITY_USER_NAME (a username to sign all service broker requests with - the same one used in cf create-service-broker)
  • SECURITY_USER_PASSWORD (a password to sign all service broker requests with - the same one used in cf create-service-broker)
  • DB_HOST (the host for the database to back the service broker)
  • DB_USERNAME (the database username for the service broker to use)
  • DB_PASSWORD (the database password for the service broker to use)

See https://github.com/GoogleCloudPlatform/gcp-service-broker/blob/master/docs/customization.md for instructions on providing database name and port overrides, ssl certs, and custom service plans for Cloud SQL, Bigtable, and Spanner.

  1. cf push gcp-service-broker
  2. cf create-service-broker <service broker name> <username> <password> <service broker url>
  3. (for all applicable services, e.g.) cf enable-service-access google-pubsub

For more information, see the Cloud Foundry docs on managing Service Brokers

It is advisable, if you want to use CloudSQL, to increase the default timeout for provision and bind operations to 90 seconds. CloudFoundry does not, at this point in time, support asynchronous binding, and CloudSQL bind operations may exceed 60 seconds. To change this setting, set broker_client_timeout_seconds = 90 in your deployment manifest.

Usage

See https://github.com/GoogleCloudPlatform/gcp-service-broker/blob/master/docs/use.md for instructions on creating and binding to GCP Services

See the examples folder to understand how to use services once they are created and bound.

Commands

The cmd folder contains commands that can be run independent of the broker.

  • migrate: migrates the database to the latest schema

Testing

Production testing for the GCP Service Broker is administered via a private Concourse pipeline.

To run tests locally, use Ginkgo.

Integration tests require the ROOT_SERVICE_ACCOUNT_JSON environment variable to be set.

Note: Integration tests create and destroy real project resources and therefore have associated costs to run

Change Notes

see https://github.com/GoogleCloudPlatform/gcp-service-broker/blob/master/CHANGELOG.md

Support

For functional issues with the service broker or feature requests, please file a github issue here:

https://github.com/GoogleCloudPlatform/gcp-service-broker/issues

They will be prioritized and updated here:

https://github.com/GoogleCloudPlatform/gcp-service-broker/projects/1

For discussions and updates, please subscribe to this group:

https://groups.google.com/forum/#!forum/gcp-service-broker

Contributing

see https://github.com/GoogleCloudPlatform/gcp-service-broker/blob/master/CONTRIBUTING

This is not an official Google product.