Installing and Configuring GCP Service Broker

This topic describes how to install the Google Cloud Platform (GCP) Service Broker by configuring your GCP account and importing the product file into Pivotal Cloud Foundry (PCF) Operations Manager.

Step 1: Set up a GCP Project

Follow the steps below to create a project and enable necessary APIs.

  1. In a browser, navigate to https://console.cloud.google.com. If you do not have an account, sign up and use the setup wizard to create an account.
  2. From the GCP console, click the dropdown to the left of the search bar and select Create Project.
  3. Enter a project name and click Create.
  4. A notification appears confirming the creation of your project. Refresh the page.

Step 2: Enable APIs

  1. Navigate to API Manager > Library.
  2. Enable the Google Cloud Resource Manager API.
  3. Enable the Google Identity and Access Management (IAM) API.
  4. If you want to enable Cloud SQL as a service, enable the Cloud SQL API.
  5. If you want to enable BigQuery as a service, enable the BigQuery API.
  6. If you want to enable Cloud Storage as a service, enable the Cloud Storage API.
  7. If you want to enable Pub/Sub as a service, enable the Cloud Pub/Sub API.

Step 3: Set Up a Root Service Account

Follow the steps below to set up a “root” Service Account.

  1. From the GCP console, navigate to IAM & Admin > Service accounts and click Create Service Account.
  2. Enter a Service account name.
  3. Select the checkbox to Furnish a new Private Key, then click Create.
  4. Save the automatically downloaded key file to a secure location.
  5. Navigate to IAM & Admin > IAM and locate your service account.
  6. From the dropdown on the right, choose Project > Owner and click Save.

Step 4: Create a Service Broker Database

You can use any MySQL database to back the Service Broker. To use GCP Cloud SQL, follow the instructions below:

Note: Pivotal recommends using Cloud SQL if your PCF deployment runs on GCP.

  1. From the GCP console, select SQL, and then click Create instance.
  2. Set up your database instance with the default settings and click Create.
  3. After the instance boots, click its name in the list of SQL instances.
  4. Select Access Control > SSL.
  5. Click Allow only SSL Connections
  6. Click Create Client Certificate.
  7. Enter a name and click Add. A popup appears.
  8. Download the three certificate files and save them to a secure location.
  9. Record the connection string given at the bottom of the popup.
  10. Under Access Control > Authorization, click Add Network.
  11. Enter 0.0.0.0/0 in the Network field and click Done.
  12. Under Access Control > Users, click the three dot icon to open the menu next to the root user, then click Change Password.
  13. Enter a new password for the root user and click OK.
  14. From a terminal window, connect to the host machine using the connection string that you recorded in an earlier step, using the root user and password.
  15. In the terminal window, run the following commands:
    1. CREATE DATABASE servicebroker;
    2. CREATE USER 'USERNAME'@'%' IDENTIFIED BY 'PASSWORD';
    3. GRANT ALL PRIVILEGES ON servicebroker.* TO 'USERNAME'@'%' WITH GRANT OPTION;

Step 5: Install in Ops Manager

To install the GCP Service Broker tile in Ops Manager, complete the following steps:

  1. Download the GCP Service Broker product file from Pivotal Network.

  2. From the Ops Manager Installation Dashboard, click Import a Product to upload the product file.

  3. Click Add next to the uploaded product description in the Available Products view to add this product to your staging area.

Step 6: Configure in Ops Manager

Click the newly added tile and configure the following sections:

Root Service Account

  1. Click Root Service Account. Root service account
  2. Paste the contents of your service account private key file from Step 1 into the text box.
  3. Click Save.

Database Properties

  1. Click Database Properties. Database properties
  2. For hostname, enter the public IP address of your database.
  3. Enter the username, password, and ssl-certs for your database.
  4. Ensure your database port is set to 3306. Modify your port configuration if necessary.
  5. Click Save.

Cloud SQL (MySQL) Custom Plans

If you want to enable Cloud SQL MySQL for your developers, you must configure plans in this section. If you do not want to enable Cloud SQL, ignore this section.

  1. Click Cloud SQL MySQL Custom Plans. Cloudsql mysql custom plans
  2. To create a plan, click Add.
  3. Enter a plan name, a display name, and a description to display in the database.
  4. Enter a case-sensitive Tier/Machine Type value (e.g. D4 or db-n1-standard-2). See Cloud SQL Pricing for details.
  5. (Optional) If you selected a first generation instance type when creating your Cloud SQL database, you can change your pricing plan.
  6. (Optional) If you selected a second generation instance type when creating your Cloud SQL database, enter a maximum disk size in GB.
  7. Click Save.

Cloud SQL (PostgreSQL) Custom Plans

If you want to enable Cloud SQL PostgreSQL for your developers, you must configure plans in this section. If you do not want to enable Cloud SQL, ignore this section.

  1. Click Cloud SQL PostgreSQL Custom Plans. Cloudsql postgres custom plans
  2. To create a plan, click Add.
  3. Enter a plan name, a display name, and a description to display in the database.
  4. Enter a case-sensitive Tier/Machine Type value of the form “custom-db--”, where must be at least 3840. For details, see Cloud SQL Pricing.
  5. (Optional) Enter a maximum disk size in GB.
  6. Click Save.

Bigtable Custom Plans

If you want to enable Bigtable for your developers, follow the steps below.

  1. Click Bigtable Custom Plans. Bigtable custom plans
  2. To create a plan, click Add.
  3. Enter a Plan Name, a Display Name, and a Description to display in the database.
  4. For the Storage Type, specify either SSD or HDD. The default is SSD. For more information, see Bigtable Pricing.
  5. For the Number of Nodes, specify an integer value between 3 and 30. The default is 3. For more information, see Bigtable Pricing.
  6. Click Save.

Spanner Custom Plans

If you want to enable Spanner for your developers, follow the steps below.

  1. Click Spanner Custom Plans. Spanner custom plans
  2. To create a plan, click Add.
  3. Enter a Plan Name, a Display Name, and a Description to display in the database.
  4. For the Number of Nodes, specify a positive integer value. The default is 3. For more information, see Spanner Pricing.
  5. Click Save.

Service Access

By default, all orgs and spaces can access all services and plans used by the GCP Service Broker. Follow the instructions below to disable the default access.

  1. Click Service Access. Service access
  2. Clear the Enable global access to plans of service gcp_service_broker checkbox.
  3. Click Save.

Step 7: Confirm Installation

Note: The GCP Service Broker installs an app named gcp-service-broker in the gcp-service-broker-space space of the system org.

  1. After Ops Manager finishes the installation, the GCP Service Broker appears as a green tile in the Installation Dashboard.

  2. In Apps Manager, all orgs and spaces show the new services in the Services Marketplace. Users can create instances of these services through Apps Manager or by using the Cloud Foundry Command Line Interface (cf CLI). For more information, see Using GCP Service Broker.

Step 8: Confirm Service and Plan Access

The GCP Service Broker installs with all services enabled by default, except for Cloud SQL, which you select to enable or not during configuration.

You can disable or enable any services through the cf CLI using cf disable-service-access or cf enable-service-access.

Create a pull request or raise an issue on the source for this page in GitHub