如何部署 Google Cloud Function(第 2 代)?
[英]How do I deploy a Google Cloud Function (2nd generation)?
问题描述
I've previously only used Cloud Functions of gen.
我以前只使用过 gen 的 Cloud Functions。 1 but now plan to move to 2nd generation and is just trying to deploy/test a first basic function. I'm just taking the Google sample for a storage triggered function and try to deploy it, but it keeps failing. 1 但现在计划转移到第二代并且只是尝试部署/测试第一个基本 function。我只是将 Google 样本用于存储触发 function并尝试部署它,但它一直失败。
This is what it looks like:这是它的样子:
> gcloud functions deploy nodejs-finalize-function --gen2 --runtime=nodejs16 --project myproject --region=europe-west3 --source=. --entry-point=handleImage --trigger-event-filters='type=google.cloud.storage.object.v1.finalized' --trigger-event-filters='bucket=se_my_images'
Preparing function...done.
X Deploying function...
✓ [Build] Logs are available at [https://console.cloud.google.com/cloud-build/builds;region=europe-west3/a8355043-adf0-4485-a510-1d54b7e11111?project=123445666123]
✓ [Service]
✓ [Trigger]
- [ArtifactRegistry] Deleting function artifacts in Artifact Registry...
. [Healthcheck]
. [Triggercheck]
Failed.
ERROR: (gcloud.functions.deploy) OperationError: code=7, message=Creating trigger failed for projects/myproject/locations/europe-west3/triggers/nodejs-finalize-function-898863: The Cloud Storage service account for your bucket is unable to publish to Cloud Pub/Sub topics in the specified project.
To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher (roles/pubsub.publisher) IAM role in the specified project. (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
The error looks easy to understand, but I have aded the Pub/Sub Publisher role to all my service accounts now (the ones listed below) and I still keep getting the same error.该错误看起来很容易理解,但我现在已将 Pub/Sub Publisher 角色添加到我的所有服务帐户(下面列出的帐户),但我仍然不断收到相同的错误。
>gcloud iam service-accounts list --project myproject
DISPLAY NAME EMAIL DISABLED
firebase-adminsdk firebase-adminsdk-u2x33@myproject.iam.gserviceaccount.com False
Default compute service account 930445666575-compute@developer.gserviceaccount.com False
backend-dev backend-dev@myproject.iam.gserviceaccount.com False
App Engine default service account myproject@appspot.gserviceaccount.com False
I don't know how to move forward from here so I hope someone can help.我不知道如何从这里前进,所以我希望有人能提供帮助。
*** EDIT ***. ***编辑***。
I added the role to the listed service accounts in the GCP console, IAM > Permissions > View By Principal page/view where I used the Edit Principal button to assign an additional role (Pub/Sub Publisher) to the service accounts (note that I added the role to all my listed service accounts since I'm not 100% sure which one is used by GCP for cloud deployment).我将角色添加到 GCP 控制台中列出的服务帐户,IAM > Permissions > View By Principal page/view 我使用 Edit Principal 按钮为服务帐户分配了一个额外的角色(Pub/Sub Publisher)(注意我将该角色添加到我列出的所有服务帐户中,因为我不能 100% 确定 GCP 使用哪个帐户进行云部署)。
1 个解决方案
解决方案1
0 已采纳 2022-11-02 11:51:20
since you are already using gcloud cli, i suggest you follow the step 2 which says:由于您已经在使用 gcloud cli,我建议您按照步骤 2 进行操作:
PROJECT_ID=$(gcloud config get-value project)
PROJECT_NUMBER=$(gcloud projects list --filter="project_id:$PROJECT_ID" --format='value(project_number)')
SERVICE_ACCOUNT=$(gsutil kms serviceaccount -p $PROJECT_NUMBER)
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$SERVICE_ACCOUNT \
--role roles/pubsub.publisher
After these 4 cmd's, you should have no problems.. I don't use gcp interface for iam purposes, since all my iam policies are uploaded by terraform/terragrunt.在这 4 个 cmd 之后,您应该没有问题。我不将 gcp 接口用于 iam 目的,因为我所有的 iam 策略都是通过 terraform/terragrunt 上传的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.