Créer un service de backend externe

De Wiki de Jordan LE NUFF
< Cloud computing‎ | Google Cloud Platform‎ | Procédures diverses
Révision datée du 3 novembre 2022 à 08:55 par Jordan (discussion | contributions) (Page créée avec « ==Présentation== Cette section a pour objet de regrouper tous les sujets traitant de la plateform de cloud computing de Google : Google Cloud Platform. ==Contexte== ==… »)
(diff) ← Version précédente | Voir la version actuelle (diff) | Version suivante → (diff)
Sauter à la navigation Sauter à la recherche

Présentation

Cette section a pour objet de regrouper tous les sujets traitant de la plateform de cloud computing de Google : Google Cloud Platform.

Contexte

Mise en œuvre

export PARENT_FOLDER_ID=123456789
export PROJECT_FOLDER_NAME=my-great-project
export PROJECT_STEP=prod
export PROJECT_NAME=${PROJECT_FOLDER_NAME}-${PROJECT_STEP}
export BILLING_ACCOUNT_ID=123ABC-456DEF-789GHI
export REGION=europe-west9

gcloud resource-manager folders create \
--display-name=$PROJECT_FOLDER_NAME \
--folder=$PARENT_FOLDER_ID

export PROJECT_FOLDER_ID=$(gcloud resource-manager folders list \
--folder=$PARENT_FOLDER_ID \
--filter 'displayName='$PROJECT_FOLDER_NAME \
--format="value(ID)")

gcloud projects create $PROJECT_NAME \
--folder=$PROJECT_FOLDER_ID

wait ....

export PROJECT_ID=$(gcloud projects list \
--filter 'name='$PROJECT_NAME \
--format="value(projectId)")

gcloud beta billing projects link ${PROJECT_ID} \
--billing-account=${BILLING_ACCOUNT_ID}

gcloud services enable compute.googleapis.com \
--project=${PROJECT_ID}

gcloud compute addresses create ${PROJECT_NAME}-ip \
--network-tier=PREMIUM \
--ip-version=IPV4 \
--global \
--project=${PROJECT_ID}

Optionnel :
export IP_ADDRESS=$(gcloud compute addresses describe ${PROJECT_NAME}-ip \
--format="get(address)" \
--global \
--project=${PROJECT_ID})

gcloud compute ssl-certificates create ${PROJECT_NAME}-mydomain-cert \
--description="SSL cert for mydomain front" \
--domains=www.mydomain.com,mydomain.com \
--global \
--project=${PROJECT_ID}

gcloud compute ssl-certificates create ${PROJECT_NAME}-mydomain-cert-temp \
--certificate=mydomain.com.fullchain.pem \
--private-key=mydomain.com.privkey.pem \
--global \
--project=${PROJECT_ID}

gcloud compute network-endpoint-groups create ${PROJECT_NAME}-my-external-server-neg \
--global \
--network-endpoint-type=INTERNET_IP_PORT \
--default-port=80 \
--project=${PROJECT_ID}

NB : adresse IP factice
gcloud compute network-endpoint-groups update ${PROJECT_NAME}-my-external-server-neg \
--global \
--add-endpoint=ip=111.222.333.444,port=80 \
--project=${PROJECT_ID}

gcloud compute backend-services create ${PROJECT_NAME}-my-external-server-be \
--load-balancing-scheme=EXTERNAL \
--enable-logging \
--logging-sample-rate=1 \
--global \
--project=${PROJECT_ID}

gcloud compute backend-services add-backend ${PROJECT_NAME}-my-external-server-be \
--global \
--network-endpoint-group=${PROJECT_NAME}-my-external-server-neg \
--global-network-endpoint-group \
--project=${PROJECT_ID}

cat <<EOF>/tmp/url.yaml
defaultUrlRedirect:
  httpsRedirect: true
  redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
  stripQuery: false
kind: compute#urlMap
name: ${PROJECT_NAME}-http-to-https-lb
EOF

gcloud compute url-maps validate \
--source=/tmp/url.yaml \
--project=${PROJECT_ID}

gcloud compute url-maps import ${PROJECT_NAME}-http-to-https-lb \
--source /tmp/url.yaml \
--global \
--project=${PROJECT_ID}

gcloud compute url-maps create ${PROJECT_NAME}-my-external-server-lb \
--default-service ${PROJECT_NAME}-my-external-server-be \
--project=${PROJECT_ID}

gcloud compute target-http-proxies create ${PROJECT_NAME}-http-proxy \
--url-map=${PROJECT_NAME}-http-to-https-lb \
--global \
--project=${PROJECT_ID}

gcloud compute target-https-proxies create ${PROJECT_NAME}-https-proxy \
--ssl-certificates=${PROJECT_NAME}-mydomain-cert-temp,${PROJECT_NAME}-mydomain-cert \
--url-map=${PROJECT_NAME}-my-external-server-lb \
--project=${PROJECT_ID}

gcloud compute forwarding-rules create ${PROJECT_NAME}-http-rule \
--load-balancing-scheme=EXTERNAL \
--network-tier=PREMIUM \
--address=${PROJECT_NAME}-ip \
--global \
--target-http-proxy=${PROJECT_NAME}-http-proxy \
--ports=80 \
--project=${PROJECT_ID}

gcloud compute forwarding-rules create ${PROJECT_NAME}-https-rule \
--load-balancing-scheme=EXTERNAL \
--network-tier=PREMIUM \
--address=${PROJECT_NAME}-ip \
--target-https-proxy=${PROJECT_NAME}-https-proxy \
--global \
--ports=443 \
--project=${PROJECT_ID}

gcloud compute target-https-proxies update ${PROJECT_NAME}-https-proxy \
--ssl-certificates=${PROJECT_NAME}-mydomain-cert \
--project=${PROJECT_ID}
Récupérée de « https://wiki.jordan-lenuff.com/index.php?title=Cloud_computing/Google_Cloud_Platform/Procédures_diverses/Créer_un_service_de_backend_externe&oldid=1565 »