The documentation you are viewing is for Dapr v1.8 which is an older version of Dapr. For up-to-date documentation, see the latest version.

GCP Pub/Sub

GCP Pub/Sub组件详细文档

创建 Dapr 组件

要安装GCP pubsub，请创建一个类型为pubsub.gcp.pubsub的组件。 See this guide on how to create and apply a pubsub configuration

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: gcp-pubsub
  namespace: default
spec:
  type: pubsub.gcp.pubsub
  version: v1
  metadata:
  - name: type
    value: service_account
  - name: projectId
    value: <PROJECT_ID> # replace
  - name: identityProjectId
    value: <IDENTITY_PROJECT_ID> # replace
  - name: privateKeyId
    value: <PRIVATE_KEY_ID> #replace
  - name: clientEmail
    value: <CLIENT_EMAIL> #replace
  - name: clientId
    value: <CLIENT_ID> # replace
  - name: authUri
    value: https://accounts.google.com/o/oauth2/auth
  - name: tokenUri
    value: https://oauth2.googleapis.com/token
  - name: authProviderX509CertUrl
    value: https://www.googleapis.com/oauth2/v1/certs
  - name: clientX509CertUrl
    value: https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com #replace PROJECT_NAME
  - name: privateKey
    value: <PRIVATE_KEY> # replace x509 cert
  - name: disableEntityManagement
    value: "false"

Warning

以上示例将密钥明文存储， It is recommended to use a secret store for the secrets as described here.

元数据字段规范

字段	必填	详情	Example
type	N	GCP 凭证类型. Only `service_account` is supported. Defaults to `service_account`	`service_account`
project_id	Y	GCP 项目 id	`myproject-123`
identityProjectId	N	If the GCP pubsub project is different from the identity project, specify the identity project using this attribute	`"myproject-123"`
privateKeyId	N	If using explicit credentials, this field should contain the `private_key_id` field from the service account json document	`"my-private-key"`
privateKey	N	If using explicit credentials, this field should contain the `private_key` field from the service account json	`-----BEGIN PRIVATE KEY-----MIIBVgIBADANBgkqhkiG9w0B`
clientEmail	N	If using explicit credentials, this field should contain the `client_email` field from the service account json	`"myservice@myproject-123.iam.gserviceaccount.com"`
clientId	N	If using explicit credentials, this field should contain the `client_id` field from the service account json	`106234234234`
authUri	N	If using explicit credentials, this field should contain the `auth_uri` field from the service account json	`https://accounts.google.com/o/oauth2/auth`
tokenUri	N	If using explicit credentials, this field should contain the `token_uri` field from the service account json	`https://oauth2.googleapis.com/token`
authProviderX509CertUrl	N	If using explicit credentials, this field should contain the `auth_provider_x509_cert_url` field from the service account json	`https://www.googleapis.com/oauth2/v1/certs`
clientX509CertUrl	N	If using explicit credentials, this field should contain the `client_x509_cert_url` field from the service account json	`https://www.googleapis.com/robot/v1/metadata/x509/myserviceaccount%40myproject.iam.gserviceaccount.com`
disableEntityManagement	N	当设置为`"true"`时，主题和订阅不会自动创建。默认值为 `"false"`	`"true"`, `"false"`

创建 GCP Pub/Sub

You can use either “explicit” or “implicit” credentials to configure access to your GCP pubsub instance. If using explicit, most fields are required. Implicit relies on dapr running under a Kubernetes service account (KSA) mapped to a Google service account (GSA) which has the necessary permissions to access pubsub. In implicit mode, only the projectId attribute is needed, all other are optional.

按照这里的说明设置Google Cloud Pub/Sub系统。

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.