Last active
November 28, 2023 16:14
-
-
Save mikesparr/8985378640242d8e453cc2212509814d to your computer and use it in GitHub Desktop.
Step-by-step setup of Google Cloud function connecting to Redis with Serverless VPC Connector
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Reference: https://cloud.google.com/memorystore/docs/redis/connect-redis-instance-functions#python | |
| # enable APIs | |
| gcloud services enable redis.googleapis.com | |
| gcloud services enable cloudfunctions.googleapis.com | |
| gcloud services enable vpcaccess.googleapis.com | |
| # set these to your specific environment | |
| export PROJECT_ID=db-cluster-tests | |
| export REDIS_INSTANCE=myinstance | |
| export REDIS_VERSION="redis_4_0" | |
| export GCP_REGION=us-central1 | |
| export GCP_NETWORK=default | |
| export VPC_CONNECTOR=redis-vpc-conn | |
| export VPC_RANGE="10.8.0.0/28" | |
| export FUNCTION_NAME=visit_count | |
| export STORAGE_ROLE=simpleStorageRole | |
| # create redis cluster | |
| gcloud redis instances create $REDIS_INSTANCE --size=2 --region=$GCP_REGION \ | |
| --redis-version=$REDIS_VERSION | |
| # confirm redis installation | |
| gcloud redis instances describe $REDIS_INSTANCE --region=$GCP_REGION | |
| # fetch the authorizedNetwork (if not 'default' then change vars above) | |
| export REDIS_NETWORK=$(gcloud redis instances describe $REDIS_INSTANCE --region=$GCP_REGION --format="value(authorizedNetwork)") | |
| export REDIS_HOST=$(gcloud redis instances describe $REDIS_INSTANCE --region=$GCP_REGION --format="value(host)") | |
| export REDIS_PORT=$(gcloud redis instances describe $REDIS_INSTANCE --region=$GCP_REGION --format="value(port)") | |
| echo "Redis network: $REDIS_NETWORK, host: $REDIS_HOST, port: $REDIS_PORT" | |
| # create VPC connector (use the network name [not full path] and region from above) | |
| gcloud compute networks vpc-access connectors create $VPC_CONNECTOR \ | |
| --network $GCP_NETWORK \ | |
| --region $GCP_REGION \ | |
| --range $VPC_RANGE | |
| # verify connector | |
| gcloud compute networks vpc-access connectors describe $VPC_CONNECTOR --region $GCP_REGION | |
| # fetch the project number to use in IAM bindings | |
| export PROJECT_NUM=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)") | |
| echo "Project number: $PROJECT_NUM" | |
| # create custom role for storage permissions | |
| gcloud iam roles create $STORAGE_ROLE \ | |
| --project $PROJECT_ID \ | |
| --title $STORAGE_ROLE \ | |
| --description "get and create storage objects" \ | |
| --permissions "storage.objects.create,storage.objects.get" | |
| export STORAGE_ROLE_NAME=$(gcloud iam roles describe $STORAGE_ROLE --project $PROJECT_ID --format="value(name)") | |
| echo "Storage role: $STORAGE_ROLE_NAME" | |
| # add IAM bindings (replace project number with one you fetched) | |
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | |
| --member=serviceAccount:[email protected] \ | |
| --role=roles/viewer | |
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | |
| --member=serviceAccount:[email protected] \ | |
| --role=roles/compute.networkUser | |
| gcloud projects add-iam-policy-binding $PROJECT_ID \ | |
| --member=serviceAccount:[email protected] \ | |
| --role=$STORAGE_ROLE_NAME | |
| # download sample function | |
| git clone https://github.com/GoogleCloudPlatform/python-docs-samples | |
| cd python-docs-samples/functions/memorystore/redis | |
| # deploy function with your VPC connector | |
| gcloud beta functions deploy $FUNCTION_NAME \ | |
| --runtime python37 \ | |
| --trigger-http \ | |
| --region $GCP_REGION \ | |
| --vpc-connector projects/$PROJECT_ID/locations/$GCP_REGION/connectors/$VPC_CONNECTOR \ | |
| --set-env-vars REDISHOST=$REDIS_HOST,REDISPORT=$REDIS_PORT | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment