GCP Pub/Sub
GCP Pub/Sub组件详细文档
创建 Dapr 组件
要安装GCP pubsub,请创建一个类型为pubsub.gcp.pubsub的组件。 See this guide on how to create and apply a pubsub configuration
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: gcp-pubsub
namespace: default
spec:
type: pubsub.gcp.pubsub
version: v1
metadata:
- name: type
value: service_account
- name: projectId
value: <PROJECT_ID> # replace
- name: identityProjectId
value: <IDENTITY_PROJECT_ID> # replace
- name: privateKeyId
value: <PRIVATE_KEY_ID> #replace
- name: clientEmail
value: <CLIENT_EMAIL> #replace
- name: clientId
value: <CLIENT_ID> # replace
- name: authUri
value: https://accounts.google.com/o/oauth2/auth
- name: tokenUri
value: https://oauth2.googleapis.com/token
- name: authProviderX509CertUrl
value: https://www.googleapis.com/oauth2/v1/certs
- name: clientX509CertUrl
value: https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com #replace PROJECT_NAME
- name: privateKey
value: <PRIVATE_KEY> # replace x509 cert
- name: disableEntityManagement
value: "false"
Warning
以上示例将密钥明文存储, It is recommended to use a secret store for the secrets as described here.元数据字段规范
| 字段 | 必填 | 详情 | Example |
|---|---|---|---|
| type | N | GCP 凭证类型. Only service_account is supported. Defaults to service_account | service_account |
| project_id | Y | GCP 项目 id | myproject-123 |
| identityProjectId | N | If the GCP pubsub project is different from the identity project, specify the identity project using this attribute | "myproject-123" |
| privateKeyId | N | If using explicit credentials, this field should contain the private_key_id field from the service account json document | "my-private-key" |
| privateKey | N | If using explicit credentials, this field should contain the private_key field from the service account json | -----BEGIN PRIVATE KEY-----MIIBVgIBADANBgkqhkiG9w0B |
| clientEmail | N | If using explicit credentials, this field should contain the client_email field from the service account json | "myservice@myproject-123.iam.gserviceaccount.com" |
| clientId | N | If using explicit credentials, this field should contain the client_id field from the service account json | 106234234234 |
| authUri | N | If using explicit credentials, this field should contain the auth_uri field from the service account json | https://accounts.google.com/o/oauth2/auth |
| tokenUri | N | If using explicit credentials, this field should contain the token_uri field from the service account json | https://oauth2.googleapis.com/token |
| authProviderX509CertUrl | N | If using explicit credentials, this field should contain the auth_provider_x509_cert_url field from the service account json | https://www.googleapis.com/oauth2/v1/certs |
| clientX509CertUrl | N | If using explicit credentials, this field should contain the client_x509_cert_url field from the service account json | https://www.googleapis.com/robot/v1/metadata/x509/myserviceaccount%40myproject.iam.gserviceaccount.com |
| disableEntityManagement | N | 当设置为"true"时,主题和订阅不会自动创建。 默认值为 "false" | "true", "false" |
创建 GCP Pub/Sub
You can use either “explicit” or “implicit” credentials to configure access to your GCP pubsub instance. If using explicit, most fields are required. Implicit relies on dapr running under a Kubernetes service account (KSA) mapped to a Google service account (GSA) which has the necessary permissions to access pubsub. In implicit mode, only the projectId attribute is needed, all other are optional.
按照这里的说明设置Google Cloud Pub/Sub系统。
相关链接
- Dapr组件的基本格式
- Read this guide for instructions on configuring pub/sub components
- 发布/订阅构建块
May 29, 2021: New Crowdin updates (#72) (602a67f8)