將 Infra 從 Code-Base 改為 Cloud-Resource-Base Part3

2024 iThome 鐵人賽

DAY 23

DevOps

從 AWS 轉生到 GCP 世界，還順便轉職成 DevOps 的 SRE系列第 23 篇

16th鐵人賽

嗷嗷嗷

2024-10-07 18:59:23

142 瀏覽

分享至

昨天我們已經實測 Trigger Cloud Function，今天要將 pubsub 跟 eventarc 掛上。但在掛上之前，昨天的 code 其實有個小問題，就是 job 用重複名字會遇到 already exist，所以要將 job 改為動態的名稱

Error: (409)
Reason: Conflict
HTTP response headers: HTTPHeaderDict({'Audit-Id': 'dc89a3c1-d51d-40be-b01f-8894fd3ee54f', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'Warning': '299 - "autopilot-default-resources-mutator:Autopilot updated Job default/python-logger-job: defaulted unspecified \'cpu\' resource for containers [python-logger] (see http://g.co/gke/autopilot-defaults)."', 'X-Kubernetes-Pf-Flowschema-Uid': '4e8adb95-3a4a-456a-9c9c-d0ae11c42a39', 'X-Kubernetes-Pf-Prioritylevel-Uid': '3d6f40a9-62d5-40cb-b7ec-e2d6fb742058', 'Date': 'Mon, 07 Oct 2024 02:48:34 GMT', 'Content-Length': '234'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"jobs.batch \"python-logger-job\" already exists","reason":"AlreadyExists","details":{"name":"python-logger-job","group":"batch","kind":"jobs"},"code":409}

這邊是用 time 來做動態標記

base_job_name = os.getenv('JOB_NAME', 'python-logger-job')
job_name = f"{base_job_name}-{datetime.now().strftime('%Y%m%d-%H%M%S')}"

完成後，我們來掛上 Eventarc，在研究 Eventarc 的時候，意外發現 cloud_function 有出 v2，是建立在 cloud run 下面的。為了讓 Eventarc 可以支援較新的語法。我們也將 Cloud function 改成 v2 版本。(雖然 cloud function 被整進 cloud run 裡面，跟 AWS function 好不一樣，超不習慣QQ)

# Set Eventarc
resource "google_eventarc_trigger" "function_trigger" {
  name     = "gke-job-trigger-pubsub"
  location = "asia-east1"
  project  = var.project_id

  matching_criteria {
    attribute = "type"
    value     = "google.cloud.pubsub.topic.v1.messagePublished"
  }

  destination {
    cloud_run_service {
      service = google_cloudfunctions2_function.gke_job_trigger.name
      region  = "asia-east1"
    }
  }

  transport {
    pubsub {
      topic = google_pubsub_topic.topic.id
    }
  }

  service_account = google_service_account.function_account.email
}

建立一個 pubsub 觸發 eventarc

# 创建 Pub/Sub 主题
resource "google_pubsub_topic" "topic" {
  name = "gke-job-trigger-topic"
}

最後，記得添加讓 cloud function 可以被任意 resources 觸發的 iam 設定

# 添加 IAM 策略绑定，允许所有用户调用函数
resource "google_cloud_run_service_iam_member" "allUsers" {
  location = google_cloudfunctions2_function.gke_job_trigger.location
  service  = google_cloudfunctions2_function.gke_job_trigger.name
  role     = "roles/run.invoker"
  member   = "allUsers"
}