Using GCP Service Broker

This topic describes how developers set up, operate, and scale Google Cloud Platform (GCP) resources from Pivotal Cloud Foundry (PCF) by creating and managing service instances using the GCP Service Broker.

The procedures in this topic require the Cloud Foundry Command Line Interface (cf CLI).

View Services

  1. In a terminal window, run cf marketplace to list the available GCP Service Broker services.

  2. Run cf marketplace -s SERVICE to view the descriptions for the plans of a service.

Note: To view pricing details for each service, see the GCP Pricing topic.

Create Service Instances

This section describes how to create instances of each of the services supported by the GCP Service Broker.

Google Cloud Storage

Create

Run cf create-service google-storage to create a new bucket. The following example creates a bucket named mybucket with the standard plan:

$ cf create-service google-storage standard mybucket

You can optionally specify the following parameters:

  • name: If not supplied, is autogenerated and provided on bind.
  • location: Defaults to us.

Bind

Bind the google-storage service to an app to create a new service account and private key. The following example creates a service account with the minimum necessary permissions to view bucket objects. For more information, see the GCP Understanding Roles topic.

$ cf bind-service myapp mybucket -c '{"role": "storage.objectViewer"}'

Note: Run cf unbind-service to delete the service account and key created when binding.

Example Binding credentials

"credentials": {
     "Email": "redacted",
     "Name": "redacted",
     "PrivateKeyData": "redacted",
     "UniqueId": "redacted",
     "bucket_name": "foobar",
}

Google BigQuery

Create

Run cf create-service google-bigquery to create a new dataset. The following example creates a dataset named mydataset with the default plan:

$ cf create-service google-bigquery default mydataset

You can optionally specify the following parameters:

  • name: If not supplied, is autogenerated and provided on bind.

Bind

Bind the google-bigquery service to an app to create a new service account and private key.

The following example creates a service account with the minimum necessary permissions to view datasets. For more information, see the GCP Understanding Roles topic.

$ cf bind-service myapp mydataset -c '{"role": "bigquery.dataViewer"}'

Note: Run cf unbind-service to delete the service account and key created when binding.

Example Binding credentials

"credentials": {
     "Email": "redacted",
     "Name": "redacted",
     "PrivateKeyData": "redacted",
     "UniqueId": "redacted",
     "dataset_id": "foobar",
}

Google PubSub

Create

Run cf create-service google-pubsub to create a new topic and optional subscription. The following example creates a topic named mytopic and a pull subscription named mysubscription with the default plan:

$ cf create-service google-pubsub default mypubsub

You can optionally specify the following parameters:

  • topic_name: If not supplied, is autogenerated and provided on bind.
  • subscription_name
  • is_push: Defaults to false.
  • endpoint: Used when is_push = true. Defaults to nil.
  • ack_deadline: In seconds. Defaults to 10, with a maximum of 600.

Bind

Bind the google-pubsub service to an app to create a new service account and private key. The following example creates a service account with minimum necessary permissions to view topics and subscriptions. For more information, see the GCP Understanding Roles topic.

$ cf bind-service myapp mypubsub -c '{"role": "pubsub.viewer"}'

Note: Run cf unbind-service to delete the service account and key created when binding.

Example Binding credentials

"credentials": {
     "Email": "redacted",
     "Name": "redacted",
     "PrivateKeyData": "redacted",
     "UniqueId": "redacted",
     "topic_name": "foobar",
     "subscription_name": "empty_if_not_set",
}

Google Cloud SQL

Create

Run cf create-service google-cloudsql to create a new database instance and database. PCF Operators create custom plans for Google Cloud SQL when installing the GCP Service Broker. The following example creates an instance named myinstance and a database named mydb with a custom d4_standard plan:

$ cf create-service google-cloudsql d4_standard mycloudsql

Note: Google Cloud SQL uses asynchronous provisioning.

You can optionally specify the following parameters:

  • instance_name: If not supplied, is autogenerated and provided on bind.
  • database_name: If not supplied, is autogenerated and provided on bind.
  • version: Defaults to 5.6.
  • disk_size: In GB. Only for 2nd gen. Defaults to 10.
  • region: Defaults to us-central.
  • zone: Only for 2nd gen.
  • disk_type: Only for 2nd gen. Defaults to ssd.
  • failover_replica_name: Only for 2nd gen. Creates a failover replica if specified. Defaults to "".
  • maintenance_window_day: Only for 2nd gen. Defaults to 1, which is Sunday.
  • maintenance_window_hour: Only for 2nd gen. Defaults to 0.
  • backups_enabled Defaults to true. Set to false to disable.
  • backup_start_time: Defaults to 06:00.
  • binlog: Defaults to false for 1st gen, true for 2nd gen. Set to true to use.
  • activation_policy: Defaults to on demand.
  • replication_type: Defaults to synchronous.
  • auto_resize: Only for 2nd gen. Defaults to false. Set to true to use.

Bind

Bind the google-cloudsql service to an app to create a new user and set of ssl certs. The following example creates a new user and ssl certs.

$ cf bind-service myapp mycloudsql

You can optionally specify the following parameters:

  • username: If not supplied, is autogenerated.
  • password: If not supplied, is autogenerated.

Note: Run cf unbind-service to delete this user and invalidate the created ssl certs.

Example Binding credentials

"credentials": {
     "CaCert": "-----BEGIN CERTIFICATE-----\nredacted\n-----END CERTIFICATE-----",
     "ClientCert": "-----BEGIN CERTIFICATE-----\nredacted\n-----END CERTIFICATE-----",
     "ClientKey": "-----BEGIN RSA PRIVATE KEY-----\redacted\n-----END RSA PRIVATE KEY-----",
     "Password": "unencoded-redacted",
     "Sha1Fingerprint": "redacted",
     "Username": "redacted",
     "database_name": "redacted",
     "host": "255.255.255.255",
     "instance_name": "redacted",
     "last_master_operation_id": "some-guid",
     "uri": "mysql://username:encodedpassword@host/databasename?ssl_mode=required"
}

Google Machine Learning APIs

Create

Using cf create-service to create an instance of google-ml-apis does not create any resources. This service is for bindings only. It is likely that this implementation will change in the future.

$ cf create-service google-ml-apis default mymlapis

Bind

Bind the google-mlapis service to an app to create a new service account and private key. The following example creates a service account with the minimum necessary permissions to use the Machine Learning APIs. For more information, see the GCP Understanding Roles topic.

$ cf bind-service myapp mymlapis -c '{"role": "viewer"}'

Note: Run cf unbind-service to delete the service account and key created when binding.

Example Binding credentials

"credentials": {
     "Email": "redacted",
     "Name": "redacted",
     "PrivateKeyData": "redacted",
     "UniqueId": "redacted",
}

Google Bigtable

Create

Run cf create-service google-bigtable to create a new instance. The following example creates an instance named mybtinstance with a custom bigtable-small:

$ cf create-service google-bigtable bigtable-small mybtinstance

You can optionally specify the following parameters:

  • name: If not supplied, is autogenerated and provided on bind.
  • cluster_id
  • num_nodes: An integer between 3 and 30. Defaults to 3.
  • storage_type: Either HDD or SSD. Defaults to SSD.
  • zone: Defaults to us-east1-b.

Bind

Bind the google-bigtable service to an app to create a new service account and private key. The following example creates a service account with admin permissions. For more information, see the GCP Understanding Roles topic.

$ cf bind-service myapp mybtinstance -c '{"role": "bigtable.admin"}'

Note: Run cf unbind-service to delete the service account and key created when binding.

Example Binding credentials

"credentials": {
     "Email": "redacted",
     "Name": "redacted",
     "PrivateKeyData": "redacted",
     "UniqueId": "redacted",
     "instance_id": "redacted"
}

Google Spanner (BETA Google Service)

Create

Run cf create-service google-spanner to create a new instance. The following example creates an instance named myspinstance with a custom spanner-default plan:

$ cf create-service google-spanner spanner-default myspinstance

You can optionally specify the following parameters:

  • name: If not supplied, is autogenerated and provided on bind.
  • display_name: If not supplied, is autogenerated.
  • region: Defaults to regional-us-central1.

Bind

Bind the google-spanner service to an app to create a new service account and private key. The following example creates a service account with admin permissions. For more information, see the GCP Understanding Roles topic.

$ cf bind-service myapp myspinstance -c '{"role": "spanner.admin"}'

Note: Run cf unbind-service to delete the service account and key created when binding.

Example Binding credentials

"credentials": {
     "Email": "redacted",
     "Name": "redacted",
     "PrivateKeyData": "redacted",
     "UniqueId": "redacted",
     "instance_id": "redacted"
}

Stackdriver Debugger

Create

Using cf create-service to create an instance of google-stackdriver-debugger does not create any resources. This service is for bindings only.

$ cf create-service google-stackdriver-debugger default my-debugger

Bind

Bind the google-stackdriver-debugger service to an app to create a new service account and private key. The following example creates a service account with the minimum necessary permissions to act as a Stackdriver Debugger Agent. For more information, see the GCP Understanding Roles topic.

$ cf bind-service myapp my-debugger 

Note: Run cf unbind-service to delete the service account and key created when binding.

Example Binding credentials

"credentials": {
     "Email": "redacted",
     "Name": "redacted",
     "PrivateKeyData": "redacted",
     "UniqueId": "redacted",
}

Stackdriver Trace

Create

Using cf create-service to create an instance of google-stackdriver-trace does not create any resources. This service is for bindings only.

$ cf create-service google-stackdriver-trace default my-tracer

Bind

Bind the google-stackdriver-trace service to an app to create a new service account and private key. The following example creates a service account with the minimum necessary permissions to act as a Stackdriver Trace Agent. For more information, see the GCP Understanding Roles topic.

$ cf bind-service myapp my-tracer 

Note: Run cf unbind-service to delete the service account and key created when binding.

Example Binding credentials

"credentials": {
     "Email": "redacted",
     "Name": "redacted",
     "PrivateKeyData": "redacted",
     "UniqueId": "redacted",
}

Delete a Service Instance

Note: Before deleting a service instance, ensure there are no apps bound to the service instance and no data contained within, such as objects in a storage bucket.

Run the following command to delete a service instance:

$ cf delete-service YOUR-SERVICE-INSTANCE
Really delete the service YOUR-SERVICE-INSTANCE> y
Deleting service YOUR-SERVICE-INSTANCE in org system / space dev1 as appdev1...
OK
Delete in progress. Use 'cf services' or 'cf service YOUR-SERVICE-INSTANCE' to check operation status.

Create a pull request or raise an issue on the source for this page in GitHub