-
Create a Google Cloud project and install the
gcloudCLI and rungcloud auth login. This guide will use a mix ofgcloudandkubectlcommands. The rest of the guide assumes that you've set thePROJECT_IDenvironment variable to your Google Cloud project id, and also set your project ID as default usinggcloud config set project $PROJECT_ID. -
Install Knative. Preferably, set up both Serving and Eventing. The latter is only required if you want to use the Pub/Sub
Channel. -
Create the
cloud-run-eventsnamespace. This is the namespace where our control plane pods run.kubectl create namespace cloud-run-events
-
Create a Google Cloud Service Account with the appropriate permissions needed for the control plane to manage native GCP resources.
-
Create a new Service Account named
cloud-run-eventswith the following command:gcloud iam service-accounts create cloud-run-events
-
Give that Service Account permissions on your project. The actual permissions needed will depend on the resources you are planning to use. The Table below enumerates such permissions:
Resource Roles CloudPubSubSource roles/pubsub.editor CloudStorageSource roles/storage.admin CloudSchedulerSource roles/cloudscheduler.admin CloudAuditLogsSource roles/pubsub.admin, roles/logging.configWriter, roles/logging.privateLogViewer Channel roles/pubsub.editor PullSubscription roles/pubsub.editor Topic roles/pubsub.editor In this guide, and for the sake of simplicity, we will just grant
roles/ownerprivileges to the Service Account, which encompasses all of the above plus some other permissions. Note that if you prefer finer-grained privileges, you can just grant the ones described in the Table. Also, you can refer to managing multiple projects in case you want your Service Account to manage multiple projects.gcloud projects add-iam-policy-binding $PROJECT_ID \ --member=serviceAccount:cloud-run-events@$PROJECT_ID.iam.gserviceaccount.com \ --role roles/owner
-
Download a new JSON private key for that Service Account. Be sure not to check this key into source control!
gcloud iam service-accounts keys create cloud-run-events.json \ --iam-account=cloud-run-events@$PROJECT_ID.iam.gserviceaccount.com -
Create a Secret on the Kubernetes cluster in the
cloud-run-eventsnamespace with the downloaded key:kubectl --namespace cloud-run-events create secret generic google-cloud-key --from-file=key.json=cloud-run-events.json
Note that
google-cloud-keyandkey.jsonare default values expected by our control plane.
-
-
Finally, install the Knative-GCP constructs. You can either:
-
Install from master using ko
ko apply -f ./config
OR
-
Install a release. Remember to update
{{< version >}}in the commands below with the appropriate release version.-
First install the CRDs by running the
kubectl applycommand with the--selectorflag. This prevents race conditions during the install, which cause intermittent errors:kubectl apply --selector pubsub.cloud.google.com/crd-install=true \ --filename https://github.com/google/knative-gcp/releases/download/{{< version >}}/cloud-run-events.yaml kubectl apply --selector messaging.cloud.google.com/crd-install=true \ --filename https://github.com/google/knative-gcp/releases/download/{{< version >}}/cloud-run-events.yaml kubectl apply --selector events.cloud.google.com/crd-install=true \ --filename https://github.com/google/knative-gcp/releases/download/{{< version >}}/cloud-run-events.yaml -
To complete the install run the
kubectl applycommand again, this time without the--selectorflags:kubectl apply --filename https://github.com/google/knative-gcp/releases/download/{{< version >}}/cloud-run-events.yaml
-
-
This repository has been archived by the owner on Jun 19, 2022. It is now read-only.
install
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||