This directory contains configuration tools and other support files for running
registry-server on GKE with envoy setup.
Following steps assume you're in the root directory.
-
Run
make buildto build the docker image and upload to GCR. The default server configuration is registry-server.yaml. You can provide a different configuration by replacing this file or by setting configuration using environment variables. -
Create a GKE deployment and expose the backend server through a load balancer:
- To create an external LB, run
make deploy-gke - To create an internal LB, run
make deploy-gke LB=internal
- To create an external LB, run
-
Setup the client authentication. This step differs based on the load balancer type you chose in the previous step:
- External LB: run
source auth/GKE.sh. - Internal LB: Usually you can't access services that are behind the
internal LB from your local. For more details, please check
here.
- Find the ingress IP:
kubectl get service registry-backend -o jsonpath="{.status.loadBalancer.ingress[0].ip}". - Find the service port:
kubectl get service registry-backend -o jsonpath="{.spec.ports[0].port}" - SSH into a VM.
- Run the following commands with
ingress_ipfound in the first step andservice_portfound in the second step:export APG_REGISTRY_ADDRESS="<ingress_ip>:<service_port>" export APG_REGISTRY_AUDIENCES="http://${APG_REGISTRY_ADDRESS}" export APG_REGISTRY_CLIENT_EMAIL=$(gcloud config list account --format "value(core.account)") export APG_REGISTRY_TOKEN=$(gcloud auth print-identity-token ${APG_REGISTRY_CLIENT_EMAIL})
- Find the ingress IP:
- External LB: run
-
Verify the server. The GKE deployment uses
<PROJECT_NUMBER>[email protected]by default. Please ensure the service account has sufficient permissions to access the database you configured. Below is a sample curl call to access your GKE deployment:curl $APG_REGISTRY_AUDIENCES/v1/status -i -H "Authorization: Bearer $APG_REGISTRY_TOKEN"