Créer un service de backend externe

De Wiki de Jordan LE NUFF
Sauter à la navigation Sauter à la recherche

Présentation

Cette procédure a pour objet de créer un service de backend externe dans GCP.

Contexte

Cette procédure crée l’exhaustivité des éléments nécessaires à la mise en œuvre d’un backend externe. Il faudra donc, en fonction des besoins, ne pas utiliser les étapes qui sont déjà implémentées (par exemple, un projet déjà créé, un équilibreur de charge existant, etc …).

Mise en œuvre

export PARENT_FOLDER_ID=123456789
export PROJECT_FOLDER_NAME=my-great-project
export PROJECT_STEP=prod
export PROJECT_NAME=${PROJECT_FOLDER_NAME}-${PROJECT_STEP}
export BILLING_ACCOUNT_ID=123ABC-456DEF-789GHI
export REGION=europe-west9

gcloud resource-manager folders create \
--display-name=$PROJECT_FOLDER_NAME \
--folder=$PARENT_FOLDER_ID

export PROJECT_FOLDER_ID=$(gcloud resource-manager folders list \
--folder=$PARENT_FOLDER_ID \
--filter 'displayName='$PROJECT_FOLDER_NAME \
--format="value(ID)")

gcloud projects create $PROJECT_NAME \
--folder=$PROJECT_FOLDER_ID

wait ....

export PROJECT_ID=$(gcloud projects list \
--filter 'name='$PROJECT_NAME \
--format="value(projectId)")

gcloud beta billing projects link ${PROJECT_ID} \
--billing-account=${BILLING_ACCOUNT_ID}

gcloud services enable compute.googleapis.com \
--project=${PROJECT_ID}

gcloud compute addresses create ${PROJECT_NAME}-ip \
--network-tier=PREMIUM \
--ip-version=IPV4 \
--global \
--project=${PROJECT_ID}

Optionnel :
export IP_ADDRESS=$(gcloud compute addresses describe ${PROJECT_NAME}-ip \
--format="get(address)" \
--global \
--project=${PROJECT_ID})

gcloud compute ssl-certificates create ${PROJECT_NAME}-mydomain-cert \
--description="SSL cert for mydomain front" \
--domains=www.mydomain.com,mydomain.com \
--global \
--project=${PROJECT_ID}

gcloud compute ssl-certificates create ${PROJECT_NAME}-mydomain-cert-temp \
--certificate=mydomain.com.fullchain.pem \
--private-key=mydomain.com.privkey.pem \
--global \
--project=${PROJECT_ID}

gcloud compute network-endpoint-groups create ${PROJECT_NAME}-my-external-server-neg \
--global \
--network-endpoint-type=INTERNET_IP_PORT \
--default-port=80 \
--project=${PROJECT_ID}

NB : adresse IP factice
gcloud compute network-endpoint-groups update ${PROJECT_NAME}-my-external-server-neg \
--global \
--add-endpoint=ip=111.222.333.444,port=80 \
--project=${PROJECT_ID}

gcloud compute backend-services create ${PROJECT_NAME}-my-external-server-be \
--load-balancing-scheme=EXTERNAL \
--enable-logging \
--logging-sample-rate=1 \
--global \
--project=${PROJECT_ID}

gcloud compute backend-services add-backend ${PROJECT_NAME}-my-external-server-be \
--global \
--network-endpoint-group=${PROJECT_NAME}-my-external-server-neg \
--global-network-endpoint-group \
--project=${PROJECT_ID}

cat <<EOF>/tmp/url.yaml
defaultUrlRedirect:
  httpsRedirect: true
  redirectResponseCode: MOVED_PERMANENTLY_DEFAULT
  stripQuery: false
kind: compute#urlMap
name: ${PROJECT_NAME}-http-to-https-lb
EOF

gcloud compute url-maps validate \
--source=/tmp/url.yaml \
--project=${PROJECT_ID}

gcloud compute url-maps import ${PROJECT_NAME}-http-to-https-lb \
--source /tmp/url.yaml \
--global \
--project=${PROJECT_ID}

gcloud compute url-maps create ${PROJECT_NAME}-my-external-server-lb \
--default-service ${PROJECT_NAME}-my-external-server-be \
--project=${PROJECT_ID}

gcloud compute target-http-proxies create ${PROJECT_NAME}-http-proxy \
--url-map=${PROJECT_NAME}-http-to-https-lb \
--global \
--project=${PROJECT_ID}

gcloud compute target-https-proxies create ${PROJECT_NAME}-https-proxy \
--ssl-certificates=${PROJECT_NAME}-mydomain-cert-temp,${PROJECT_NAME}-mydomain-cert \
--url-map=${PROJECT_NAME}-my-external-server-lb \
--project=${PROJECT_ID}

gcloud compute forwarding-rules create ${PROJECT_NAME}-http-rule \
--load-balancing-scheme=EXTERNAL \
--network-tier=PREMIUM \
--address=${PROJECT_NAME}-ip \
--global \
--target-http-proxy=${PROJECT_NAME}-http-proxy \
--ports=80 \
--project=${PROJECT_ID}

gcloud compute forwarding-rules create ${PROJECT_NAME}-https-rule \
--load-balancing-scheme=EXTERNAL \
--network-tier=PREMIUM \
--address=${PROJECT_NAME}-ip \
--target-https-proxy=${PROJECT_NAME}-https-proxy \
--global \
--ports=443 \
--project=${PROJECT_ID}

gcloud compute target-https-proxies update ${PROJECT_NAME}-https-proxy \
--ssl-certificates=${PROJECT_NAME}-mydomain-cert \
--project=${PROJECT_ID}
Récupérée de « https://wiki.jordan-lenuff.com/index.php?title=Cloud_computing/Google_Cloud_Platform/Procédures_diverses/Créer_un_service_de_backend_externe&oldid=1566 »