Skip to content
This repository has been archived by the owner on Jun 19, 2022. It is now read-only.

Latest commit

 

History

History
69 lines (52 loc) · 2.69 KB

README.md

File metadata and controls

69 lines (52 loc) · 2.69 KB
Raw

Enable Cloud Pub/Sub

The following are prerequisites for Channel, Topic and PullSubscription.

Installing Pub/Sub Enabled Service Account

  1. Create a Google Cloud project and install the gcloud CLI and run gcloud auth login. This sample will use a mix of gcloud and kubectl commands. The rest of the sample assumes that you've set the $PROJECT_ID environment variable to your Google Cloud project id, and also set your project ID as default using gcloud config set project $PROJECT_ID.

  2. Enable the Cloud Pub/Sub API on your project:

    gcloud services enable pubsub.googleapis.com

  3. Create a Google Cloud Service Account. This sample creates one service account for both registration and receiving messages, but you can also create a separate service account for receiving messages if you want additional privilege separation.

    1. Create a new service account named cloudrunevents-pullsub with the following command:

      gcloud iam service-accounts create cloudrunevents-pullsub

    2. Give that Service Account the Pub/Sub Editor role on your Google Cloud project:

      gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member=serviceAccount:cloudrunevents-pullsub@$PROJECT_ID.iam.gserviceaccount.com \
  --role roles/pubsub.editor

    3. Optional: If you plan on using the StackDriver monitoring APIs, also give the Service Account the Monitoring MetricWriter role on your Google Cloud project:

      gcloud projects add-iam-policy-binding $PROJECT_ID \
--member=serviceAccount:cloudrunevents-pullsub@$PROJECT_ID.iam.gserviceaccount.com \
--role roles/monitoring.metricWriter

    4. Download a new JSON private key for that Service Account. Be sure not to check this key into source control!

      gcloud iam service-accounts keys create cloudrunevents-pullsub.json \
--iam-account=cloudrunevents-pullsub@$PROJECT_ID.iam.gserviceaccount.com

    5. Create a secret on the kubernetes cluster with the downloaded key:

      # The secret should not already exist, so just try to create it.
kubectl --namespace default create secret generic google-cloud-key --from-file=key.json=cloudrunevents-pullsub.json

      google-cloud-key and key.json are default values expected by Channel, Topic and PullSubscription.