GCP Pub/Sub

GCP Pub/Sub组件详细文档

创建 Dapr 组件

要安装GCP pubsub,请创建一个类型为pubsub.gcp.pubsub的组件。 See this guide on how to create and apply a pubsub configuration

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4.   name: gcp-pubsub
  5.   namespace: default
  6. spec:
  7.   type: pubsub.gcp.pubsub
  8.   version: v1
  9.   metadata:
  10.   - name: type
  11.     value: service_account
  12.   - name: projectId
  13.     value: <PROJECT_ID> # replace
  14.   - name: identityProjectId
  15.     value: <IDENTITY_PROJECT_ID> # replace
  16.   - name: privateKeyId
  17.     value: <PRIVATE_KEY_ID> #replace
  18.   - name: clientEmail
  19.     value: <CLIENT_EMAIL> #replace
  20.   - name: clientId
  21.     value: <CLIENT_ID> # replace
  22.   - name: authUri
  23.     value: https://accounts.google.com/o/oauth2/auth
  24.   - name: tokenUri
  25.     value: https://oauth2.googleapis.com/token
  26.   - name: authProviderX509CertUrl
  27.     value: https://www.googleapis.com/oauth2/v1/certs
  28.   - name: clientX509CertUrl
  29.     value: https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com #replace PROJECT_NAME
  30.   - name: privateKey
  31.     value: <PRIVATE_KEY> # replace x509 cert
  32.   - name: disableEntityManagement
  33.     value: "false"

Warning

以上示例将密钥明文存储, It is recommended to use a secret store for the secrets as described here.

元数据字段规范

字段必填详情Example
typeNGCP 凭证类型. Only service_account is supported. Defaults to service_accountservice_account
project_idYGCP 项目 idmyproject-123
identityProjectIdNIf the GCP pubsub project is different from the identity project, specify the identity project using this attribute“myproject-123”
privateKeyIdNIf using explicit credentials, this field should contain the private_key_id field from the service account json document“my-private-key”
privateKeyNIf using explicit credentials, this field should contain the private_key field from the service account json——-BEGIN PRIVATE KEY——-MIIBVgIBADANBgkqhkiG9w0B
clientEmailNIf using explicit credentials, this field should contain the client_email field from the service account json“myservice@myproject-123.iam.gserviceaccount.com”
clientIdNIf using explicit credentials, this field should contain the client_id field from the service account json106234234234
authUriNIf using explicit credentials, this field should contain the auth_uri field from the service account jsonhttps://accounts.google.com/o/oauth2/auth
tokenUriNIf using explicit credentials, this field should contain the token_uri field from the service account jsonhttps://oauth2.googleapis.com/token
authProviderX509CertUrlNIf using explicit credentials, this field should contain the auth_provider_x509_cert_url field from the service account jsonhttps://www.googleapis.com/oauth2/v1/certs
clientX509CertUrlNIf using explicit credentials, this field should contain the client_x509_cert_url field from the service account jsonhttps://www.googleapis.com/robot/v1/metadata/x509/myserviceaccount%40myproject.iam.gserviceaccount.com
disableEntityManagementN当设置为“true”时,主题和订阅不会自动创建。 默认值为 “false”“true”, “false”

创建 GCP Pub/Sub

You can use either “explicit” or “implicit” credentials to configure access to your GCP pubsub instance. If using explicit, most fields are required. Implicit relies on dapr running under a Kubernetes service account (KSA) mapped to a Google service account (GSA) which has the necessary permissions to access pubsub. In implicit mode, only the projectId attribute is needed, all other are optional.

按照这里的说明设置Google Cloud Pub/Sub系统。

相关链接