[英]Enabling all API in Google Cloud project
Google Cloud needs enabled API before many things are possible to be done.在可以完成许多事情之前,谷歌云需要启用 API。
Enabling needs just one CLI command, and usually is very fast.启用只需要一个 CLI 命令,而且通常非常快。 Enabling is even proposed by CLI if I try to do something which requires not-enabled API. But it anyway interrupts development.如果我尝试做一些需要未启用 API 的事情,CLI 甚至会建议启用。但它无论如何都会中断开发。
My question is why they are not enabled by default?我的问题是为什么默认情况下不启用它们? And is it ok if I enable them all just after creating new project to don't bother about enabling them later?如果我在创建新项目后立即启用它们以便以后不用再启用它们,是否可以?
I would like to understand purpose of such design and learn best practices.我想了解这种设计的目的并学习最佳实践。
Well, they're disabled mainly in order not to incurr costs that you weren't intending on inducing, for you to be aware which service you're using at which point and to track the usage/costs for each of them.好吧,它们被禁用主要是为了不产生您不打算诱导的成本,以便您了解您在哪个点使用的服务并跟踪每个服务的使用/成本。
Also, some services like Pub/Sub are dependent on others, and others such as Container Registry (or Artifact Registry), require a Cloud Storage bucket for artifacts to be stored, and it will create a one automatically if you're pushing a Docker image or using Cloud Build.此外,某些服务(例如 Pub/Sub)依赖于其他服务,而其他服务(例如 Container Registry(或 Artifact Registry))需要一个 Cloud Storage 存储桶来存储工件,如果您推送 Docker,它会自动创建一个图像或使用 Cloud Build。 So these are things for you to be aware of.所以这些是你需要注意的事情。
Enabling an API takes a bit of time depending on the service, yes, but it's a one-time action per project.启用 API 需要一些时间,具体取决于服务,是的,但这是每个项目的一次性操作。 I'm not sure what exactly your concerns on the waiting time are, but if you want to run commands while having executed a gcloud
command to enable some APIs you can use the --async
flag which will run the commands in the background without needing you to wait for it to complete before running another one.我不确定您对等待时间的担忧到底是什么,但是如果您想在执行gcloud
命令以启用某些 API 的同时运行命令,您可以使用--async
标志,它将在后台运行命令而不需要您等待它完成后再运行另一个。
Lastly, sure, you can just enable them all if you know what you're doing but at your own risk - it's a safer route to enable just the ones you need and as you might already be aware, you can enable multiple in a single gcloud
command.最后,当然,如果您知道自己在做什么,则可以全部启用它们,但风险自负——这是一种更安全的方法,只启用您需要的那些,而且您可能已经意识到,您可以一次启用多个gcloud
命令。 In the example of Container Registry, it uses Cloud Storage, for which you will still be billed on.在 Container Registry 的示例中,它使用 Cloud Storage,您仍然需要为此付费。
Enabling services enables access to (often billed) resources.启用服务可以访问(通常是收费的)资源。
It's considered good practice to keep this "surface" of resources constrained to those that you(r customers) need;将这种资源“表面”限制在您(或客户)需要的资源上被认为是一种很好的做法; the more services you enable, the greater your potential attack surface and potential bills.您启用的服务越多,潜在的攻击面和潜在账单就越大。
Google provides an increasing number of services (accessible through APIs ). Google 提供越来越多的服务(可通过API访问)。 It is highly unlikely that you would ever want to access them all.您不太可能想要访问所有这些内容。
APIs are enabled by Project. API 由 Project 启用。 The Project creation phase (including enabling services) is generally only a very small slice of the entire lifetime of a Project;项目创建阶段(包括启用服务)通常只占项目整个生命周期的一小部分; even of those Projects created-and-torn-down on demand.甚至那些按需创建和拆除的项目。
It's possible to enable the APIs asynchronously, permitting you to enable-not-block each service:可以异步启用 API,允许您启用而不是阻止每个服务:
for SERVICE in "containerregistry" "container" "cloudbuild" ...
do
gcloud services enable ${SERVICE}.googleapis.com --project=${PROJECT} --async
done
Following on from this, it is good practice to automate your organization's project provisioning (scripts, Terraform , Deployment Manager etc.).在此基础上,自动化您组织的项目配置(脚本、 Terraform 、部署管理器等)是一种很好的做法。 This provides a baseline template for how your projects are created, which services are enabled, default permissions etc. Then your developers simply fire-and-forget a provisioner (hopefully also checked-in to your source control), drink a coffee and wait these steps are done for them.这为您的项目的创建方式、启用的服务、默认权限等提供了一个基线模板。然后您的开发人员只需即发即弃配置程序(希望也签入您的源代码管理),喝杯咖啡并等待这些为他们完成了步骤。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.