1. 簡介
Eventarc 可讓您輕鬆將各種服務 (Cloud Run、Kubernetes、Workflows) 與來自不同來源的事件連結。您可以使用此架構建構事件導向架構,其中的微服務是鬆散耦合及分散式。它還會負責事件擷取、傳送、安全性、授權和錯誤處理工作,進而提升開發人員的敏捷性和應用程式彈性。如要瞭解 Eventarc,請參閱Eventarc 程式碼研究室的「使用 Eventarc 觸發事件觸發 Cloud Run」。
在這個程式碼研究室中,您將使用 Eventarc 讀取 Pub/Sub、Cloud Storage 和 Cloud 稽核記錄中的事件,並將這些事件傳遞至在 Google Kubernetes Engine (GKE) 上執行的 Kubernetes 服務。
課程內容
- 建立 GKE 叢集。
- 建立 GKE 服務做為事件接收端。
- 建立 Pub/Sub 觸發條件。
- 建立 Cloud Storage 觸發條件
- 建立 Cloud 稽核記錄觸發條件。
2. 設定和需求
自助式環境設定
- 登入 Google Cloud 控制台,然後建立新專案或重複使用現有專案。如果您還沒有 Gmail 或 Google Workspace 帳戶,請務必建立帳戶。
- 「Project name」是這個專案參與者的顯示名稱。這是 Google API 不會使用的字元字串。您隨時可以更新。
- 專案 ID 在所有 Google Cloud 專案中都是不重複的值,且無法變更 (設定後即無法變更)。Cloud 控制台會自動產生唯一字串,您通常不需要特別留意。在大多數程式碼研究室中,您需要參照專案 ID (通常會標示為
PROJECT_ID)。如果您不喜歡產生的 ID,可以產生另一個隨機 ID。或者,您也可以自行嘗試,看看是否可用。這項設定在這個步驟後即無法變更,並會在專案期間維持不變。 - 提醒您,有些 API 會使用第三個值,也就是「專案編號」。如要進一步瞭解這三個值,請參閱說明文件。
- 接下來,您需要在 Cloud 控制台中啟用帳單功能,才能使用 Cloud 資源/API。執行本程式碼研究室時,費用應該不會太高,甚至可能不收費。如要關閉資源,避免產生教學課程以外的費用,您可以刪除建立的資源,或是刪除整個專案。Google Cloud 新使用者可享有 $300 美元的免費試用期。
啟動 Cloud Shell
雖然 Google Cloud 可透過筆記型電腦遠端操作,但在本程式碼研究室中,您將使用 Google Cloud Shell,這是在雲端運作的指令列環境。
在 Google Cloud 控制台中,按一下右上方工具列的 Cloud Shell 圖示:
佈建並連線至環境的作業需要一些時間才能完成。完成後,畫面應如下所示:
這個虛擬機器會載入您需要的所有開發工具。提供永久的 5 GB 主目錄,而且在 Google Cloud 中運作,可大幅提升網路效能和驗證功能。您可以在瀏覽器中完成本程式碼研究室的所有工作。您不需要安裝任何東西。
事前準備
在 Cloud Shell 中,確認專案 ID 已設定完畢:
PROJECT_ID=your-project-id gcloud config set project $PROJECT_ID
3. 建立 GKE 叢集
首先,請為 GKE 啟用必要服務:
gcloud services enable container.googleapis.com
建立 Autopilot GKE 叢集:
CLUSTER_NAME=eventarc-cluster REGION=us-central1 gcloud container clusters create-auto $CLUSTER_NAME --region $REGION
請確認叢集建立作業已完成,再繼續進行下一個步驟。
4. 部署 GKE 服務
在部署服務前,請使用 kubectl 取得驗證憑證,以便與叢集互動:
gcloud container clusters get-credentials $CLUSTER_NAME \
--region $REGION
接著,將 Cloud Run 的 hello 容器部署為 GKE 上的 Kubernetes 部署作業。這項服務會記錄收到的 HTTP 要求和 CloudEvents:
SERVICE_NAME=hello-gke
kubectl create deployment $SERVICE_NAME \
--image=gcr.io/cloudrun/hello
將部署作業公開為內部 Kubernetes 服務。這麼做會建立一個可在叢集內存取的穩定 IP 服務:
kubectl expose deployment $SERVICE_NAME \ --type ClusterIP --port 80 --target-port 8080
在繼續進行下一個步驟之前,請確認 Pod 是否正在執行:
kubectl get pods NAME READY STATUS hello-gke-df6469d4b-5vv22 1/1 Running
您也可以透過以下方式查看服務:
kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP hello-gke LoadBalancer 10.51.1.26 <none>
5. 設定 Eventarc
在這個步驟中,您將執行 Eventarc 設定步驟,並初始化 Eventarc GKE 目的地。
首先,請為 Eventarc 和 Eventarc GKE 目的地啟用必要服務:
gcloud services enable eventarc.googleapis.com \ cloudresourcemanager.googleapis.com
接著,請啟用 Eventarc 來管理 GKE 叢集:
gcloud eventarc gke-destinations init
Eventarc 會為每個鎖定 GKE 服務的觸發事件建立個別的事件轉送器 pod,並需要明確的權限才能修改叢集。方法是授予特殊服務帳戶權限,以便管理叢集中的資源。每個 Google Cloud 專案都需要執行這項操作一次。
6. 事件探索
在建立觸發條件之前,您可以瞭解事件來源、事件來源可發出的事件類型,以及如何設定觸發條件以便使用這些事件。
如要瞭解 Eventarc 支援的事件,請參閱說明文件頁面。您也可以使用 gcloud 探索事件。
如要查看不同類型事件的清單,請按照下列步驟操作:
gcloud beta eventarc attributes types list NAME DESCRIPTION google.cloud.audit.log.v1.written Cloud Audit Log written google.cloud.pubsub.topic.v1.messagePublished Cloud Pub/Sub message published google.cloud.storage.object.v1.archived Cloud Storage: Sent when a live version of an (object versioned) object is archived or deleted. google.cloud.storage.object.v1.deleted Cloud Storage: Sent when an object has been permanently deleted. google.cloud.storage.object.v1.finalized Cloud Storage: Sent when a new object (or a new generation of an existing object). google.cloud.storage.object.v1.metadataUpdated Cloud Storage: Sent when the metadata of an existing object changes.
如要進一步瞭解各類型事件,請按照下列步驟操作:
gcloud beta eventarc attributes types describe google.cloud.audit.log.v1.written attributes: type,serviceName,methodName,resourceName description: 'Cloud Audit Log: Sent when a log is written.' name: google.cloud.audit.log.v1.written
如要查看發出特定事件類型的服務清單,請按照下列步驟操作:
gcloud beta eventarc attributes service-names list --type=google.cloud.audit.log.v1.written SERVICE_NAME DISPLAY_NAME accessapproval.googleapis.com Access Approval accesscontextmanager.googleapis.com Access Context Manager admin.googleapis.com Google Workspace Admin aiplatform.googleapis.com AI Platform (under Vertex AI) apigee.googleapis.com Apigee apigeeconnect.googleapis.com Apigee Connect ... workflows.googleapis.com Workflows
如要查看各項服務可觸發的方法名稱 (子事件) 清單,請按照下列步驟操作:
gcloud beta eventarc attributes method-names list --type=google.cloud.audit.log.v1.written --service-name=workflows.googleapis.com METHOD_NAME google.cloud.workflows.v1.Workflows.CreateWorkflow google.cloud.workflows.v1.Workflows.DeleteWorkflow google.cloud.workflows.v1.Workflows.GetWorkflow google.cloud.workflows.v1.Workflows.ListWorkflows google.cloud.workflows.v1.Workflows.UpdateWorkflow google.cloud.workflows.v1beta.Workflows.CreateWorkflow google.cloud.workflows.v1beta.Workflows.DeleteWorkflow google.cloud.workflows.v1beta.Workflows.GetWorkflow google.cloud.workflows.v1beta.Workflows.ListWorkflows google.cloud.workflows.v1beta.Workflows.UpdateWorkflow
7. 建立 Pub/Sub 觸發條件
接收事件的方式之一是透過 Pub/Sub。任何應用程式都可以將訊息發布至 Pub/Sub,這些訊息可透過 Eventarc 傳送至服務。
設定方式
建立任何觸發事件前,您需要建立服務帳戶,供觸發事件使用。
建立服務帳戶:
SERVICE_ACCOUNT=eventarc-gke-trigger-sa gcloud iam service-accounts create $SERVICE_ACCOUNT
服務帳戶必須具備下列角色,才能觸發 GKE 目的地:
roles/pubsub.subscriberroles/monitoring.metricWriterroles/eventarc.eventReceiver(僅適用於 AuditLog 觸發條件。這會在後續步驟中加入)
授予角色:
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \ --role roles/pubsub.subscriber gcloud projects add-iam-policy-binding $PROJECT_ID \ --member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \ --role roles/monitoring.metricWriter
建立
建立觸發事件,將 Pub/Sub 訊息轉送至服務:
TRIGGER_NAME=trigger-pubsub-gke gcloud eventarc triggers create $TRIGGER_NAME \ --destination-gke-cluster=$CLUSTER_NAME \ --destination-gke-location=$REGION \ --destination-gke-namespace=default \ --destination-gke-service=$SERVICE_NAME \ --destination-gke-path=/ \ --event-filters="type=google.cloud.pubsub.topic.v1.messagePublished" \ --location=$REGION \ --service-account=$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com
測試
您可以列出所有觸發條件,確認觸發條件是否已建立:
gcloud eventarc triggers list
Pub/Sub 觸發條件會在幕後建立 Pub/Sub 主題。讓我們找出這項資訊,並指派給變數:
TOPIC_ID=$(gcloud eventarc triggers describe $TRIGGER_NAME --location $REGION --format='value(transport.pubsub.topic)')
使用 gcloud 將訊息發布至主題:
gcloud pubsub topics publish $TOPIC_ID --message="Hello World"
如要確認是否已收到事件,請先找出 pod 名稱:
kubectl get pods NAME READY STATUS hello-gke-df6469d4b-5vv22 1/1 Running
並將其儲存至變數:
POD_NAME=hello-gke-df6469d4b-5vv22
檢查 Pod 的記錄,確認已收到事件:
kubectl logs $POD_NAME
{
"severity": "INFO",
"eventType": "google.cloud.pubsub.topic.v1.messagePublished",
"message": "Received event of type google.cloud.pubsub.topic.v1.messagePublished. Event data: Hello World",
"event": {
"data": {
"subscription": "projects/atamel-eventarc-gke/subscriptions/eventarc-us-central1-trigger-pubsub-gke-sub-270",
"message": {
"data": "SGVsbG8gV29ybGQ=",
"messageId": "6031025573654834",
"publishTime": "2022-10-19T14:13:07.990Z"
}
},
"datacontenttype": "application/json",
"id": "6031025573654834",
"source": "//pubsub.googleapis.com/projects/atamel-eventarc-gke/topics/eventarc-us-central1-trigger-pubsub-gke-729",
"specversion": "1.0",
"time": "2022-10-19T14:13:07.99Z",
"type": "google.cloud.pubsub.topic.v1.messagePublished"
}
}
8. 建立 Cloud Storage 觸發條件
您也可以透過 Cloud Storage 接收事件。舉例來說,應用程式可以將檔案上傳至儲存桶,而該事件可透過 Eventarc 傳送至服務。
設定方式
建立 Cloud Storage 觸發條件之前,請先建立值區來接收事件:
BUCKET_NAME=eventarc-gcs-$PROJECT_ID gcloud storage buckets update gs://$BUCKET_NAME --location=$REGION
您也需要為 Cloud Storage 觸發條件新增 pubsub.publisher 角色:
SERVICE_ACCOUNT_STORAGE=$(gcloud storage service-agent --project=$PROJECT_ID)
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:$SERVICE_ACCOUNT_STORAGE \
--role roles/pubsub.publisher
建立
建立觸發條件,將新的檔案建立事件從值區重新導向至服務:
TRIGGER_NAME=trigger-storage-gke gcloud eventarc triggers create $TRIGGER_NAME \ --destination-gke-cluster=$CLUSTER_NAME \ --destination-gke-location=$REGION \ --destination-gke-namespace=default \ --destination-gke-service=$SERVICE_NAME \ --destination-gke-path=/ \ --event-filters="type=google.cloud.storage.object.v1.finalized" \ --event-filters="bucket=$BUCKET_NAME" \ --location=$REGION \ --service-account=$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com
測試
您可以列出所有觸發條件,確認觸發條件是否已建立:
gcloud eventarc triggers list
建立檔案,然後使用 gcloud storage 將檔案上傳至值區:
echo "Hello World" > random.txt gcloud storage cp random.txt gs://$BUCKET_NAME/random.txt
檢查 Pod 的記錄,確認已收到事件:
kubectl logs $POD_NAME
{
"severity": "INFO",
"eventType": "google.cloud.storage.object.v1.finalized",
"message": "Received event of type google.cloud.storage.object.v1.finalized. Event data: {\n \"kind\": \"storage#object\",\n \"id\": \"eventarc-gcs-atamel-eventarc-gke/random.txt/1666190425669022\",\n \"selfLink\": \"https://www.googleapis.com/storage/v1/b/eventarc-gcs-atamel-eventarc-gke/o/random.txt\",\n \"name\": \"random.txt\",\n \"bucket\": \"eventarc-gcs-atamel-eventarc-gke\",\n \"generation\": \"1666190425669022\",\n \"metageneration\": \"1\",\n \"contentType\": \"text/plain\",\n \"timeCreated\": \"2022-10-19T14:40:25.678Z\",\n \"updated\": \"2022-10-19T14:40:25.678Z\",\n \"storageClass\": \"STANDARD\",\n \"timeStorageClassUpdated\": \"2022-10-19T14:40:25.678Z\",\n \"size\": \"12\",\n \"md5Hash\": \"5Z/5eUEET4XfUpfhwwLSYA==\",\n \"mediaLink\": \"https://storage.googleapis.com/download/storage/v1/b/eventarc-gcs-atamel-eventarc-gke/o/random.txt?generation=1666190425669022\u0026alt=media\",\n \"contentLanguage\": \"en\",\n \"crc32c\": \"R1jUOQ==\",\n \"etag\": \"CJ77zIPD7PoCEAE=\"\n}\n",
"event": {
"bucket": "eventarc-gcs-atamel-eventarc-gke",
"data": {
"kind": "storage#object",
"id": "eventarc-gcs-atamel-eventarc-gke/random.txt/1666190425669022",
"selfLink": "https://www.googleapis.com/storage/v1/b/eventarc-gcs-atamel-eventarc-gke/o/random.txt",
"name": "random.txt",
"bucket": "eventarc-gcs-atamel-eventarc-gke",
"generation": "1666190425669022",
"metageneration": "1",
"contentType": "text/plain",
"timeCreated": "2022-10-19T14:40:25.678Z",
"updated": "2022-10-19T14:40:25.678Z",
"storageClass": "STANDARD",
"timeStorageClassUpdated": "2022-10-19T14:40:25.678Z",
"size": "12",
"md5Hash": "5Z/5eUEET4XfUpfhwwLSYA==",
"mediaLink": "https://storage.googleapis.com/download/storage/v1/b/eventarc-gcs-atamel-eventarc-gke/o/random.txt?generation=1666190425669022\u0026alt=media",
"contentLanguage": "en",
"crc32c": "R1jUOQ==",
"etag": "CJ77zIPD7PoCEAE="
},
"datacontenttype": "application/json",
"id": "6031255652220627",
"source": "//storage.googleapis.com/projects/_/buckets/eventarc-gcs-atamel-eventarc-gke",
"specversion": "1.0",
"subject": "objects/random.txt",
"time": "2022-10-19T14:40:25.678152Z",
"type": "google.cloud.storage.object.v1.finalized"
}
}
9. 建立 Cloud 稽核記錄觸發條件
雖然 Cloud Storage 觸發條件是監聽 Cloud Storage 事件的較佳方式,但在這個步驟中,您會建立 Cloud 稽核記錄觸發條件來執行相同的操作。
設定方式
如要接收服務的事件,您必須啟用稽核記錄。在 Google Cloud Console 中,從左上方選單中選取 IAM & Admin 和 Audit Logs。在服務清單中勾選 Google Cloud Storage:
確認右側已選取 Admin、Read 和 Write,然後按一下 Save:
您也必須將 eventarc.eventReceiver 角色新增至 Cloud 稽核記錄觸發條件的觸發服務帳戶:
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \ --role roles/eventarc.eventReceiver
建立
建立觸發條件,將新的檔案建立事件從值區重新導向至服務:
TRIGGER_NAME=trigger-auditlog-storage-gke gcloud eventarc triggers create $TRIGGER_NAME \ --destination-gke-cluster=$CLUSTER_NAME \ --destination-gke-location=$REGION \ --destination-gke-namespace=default \ --destination-gke-service=$SERVICE_NAME \ --destination-gke-path=/ \ --event-filters="type=google.cloud.audit.log.v1.written" \ --event-filters="serviceName=storage.googleapis.com" \ --event-filters="methodName=storage.objects.create" \ --event-filters-path-pattern="resourceName=/projects/_/buckets/$BUCKET_NAME/objects/*" \ --location=$REGION \ --service-account=$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com
測試
稽核記錄觸發條件需要一些時間才能初始化。您可以列出所有觸發條件,確認觸發條件是否已建立:
gcloud eventarc triggers list
您應該會看到 Active 欄位為 Yes:
NAME TYPE DESTINATION ACTIVE trigger-auditlog-storage-gke google.cloud.audit.log.v1.written GKE: hello-gke Yes
建立檔案,然後使用 gcloud storage 將檔案上傳至值區:
echo "Hello World" > random.txt gcloud storage cp random.txt gs://$BUCKET_NAME/random.txt
檢查 Pod 的記錄,確認已收到事件:
kubectl logs $POD_NAME
{
"severity": "INFO",
"eventType": "google.cloud.audit.log.v1.written",
"message": "Received event of type google.cloud.audit.log.v1.written. Event data: {\"protoPayload\":{\"status\":{},\"authenticationInfo\":{\"principalEmail\":\"atameldev@gmail.com\"},\"requestMetadata\":{\"callerIp\":\"149.71.143.227\",\"callerSuppliedUserAgent\":\"apitools Python/3.10.4 gsutil/5.14 (darwin) analytics/disabled interactive/True command/cp google-cloud-sdk/405.0.1,gzip(gfe)\",\"requestAttributes\":{\"time\":\"2022-10-19T15:05:54.144615670Z\",\"auth\":{}},\"destinationAttributes\":{}},\"serviceName\":\"storage.googleapis.com\",\"methodName\":\"storage.objects.create\",\"authorizationInfo\":[{\"resource\":\"projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt\",\"permission\":\"storage.objects.delete\",\"granted\":true,\"resourceAttributes\":{}},{\"resource\":\"projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt\",\"permission\":\"storage.objects.create\",\"granted\":true,\"resourceAttributes\":{}}],\"resourceName\":\"projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt\",\"serviceData\":{\"@type\":\"type.googleapis.com/google.iam.v1.logging.AuditData\",\"policyDelta\":{\"bindingDeltas\":[{\"action\":\"ADD\",\"role\":\"roles/storage.legacyObjectOwner\",\"member\":\"projectOwner:atamel-eventarc-gke\"},{\"action\":\"ADD\",\"role\":\"roles/storage.legacyObjectOwner\",\"member\":\"projectEditor:atamel-eventarc-gke\"},{\"action\":\"ADD\",\"role\":\"roles/storage.legacyObjectOwner\",\"member\":\"user:atameldev@gmail.com\"},{\"action\":\"ADD\",\"role\":\"roles/storage.legacyObjectReader\",\"member\":\"projectViewer:atamel-eventarc-gke\"}]}},\"resourceLocation\":{\"currentLocations\":[\"us-central1\"]}},\"insertId\":\"-8vmrbve7pol2\",\"resource\":{\"type\":\"gcs_bucket\",\"labels\":{\"project_id\":\"atamel-eventarc-gke\",\"bucket_name\":\"eventarc-gcs-atamel-eventarc-gke\",\"location\":\"us-central1\"}},\"timestamp\":\"2022-10-19T15:05:54.138732321Z\",\"severity\":\"INFO\",\"logName\":\"projects/atamel-eventarc-gke/logs/cloudaudit.googleapis.com%2Fdata_access\",\"receiveTimestamp\":\"2022-10-19T15:05:54.839604461Z\"}",
"event": {
"data": {
"protoPayload": {
"status": {
},
"authenticationInfo": {
"principalEmail": "atameldev@gmail.com"
},
"requestMetadata": {
"callerIp": "149.71.143.227",
"callerSuppliedUserAgent": "apitools Python/3.10.4 gsutil/5.14 (darwin) analytics/disabled interactive/True command/cp google-cloud-sdk/405.0.1,gzip(gfe)",
"requestAttributes": {
"time": "2022-10-19T15:05:54.144615670Z",
"auth": {
}
},
"destinationAttributes": {
}
},
"serviceName": "storage.googleapis.com",
"methodName": "storage.objects.create",
"authorizationInfo": [
{
"resource": "projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
"permission": "storage.objects.delete",
"granted": true,
"resourceAttributes": {
}
},
{
"resource": "projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
"permission": "storage.objects.create",
"granted": true,
"resourceAttributes": {
}
}
],
"resourceName": "projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
"serviceData": {
"@type": "type.googleapis.com/google.iam.v1.logging.AuditData",
"policyDelta": {
"bindingDeltas": [
{
"action": "ADD",
"role": "roles/storage.legacyObjectOwner",
"member": "projectOwner:atamel-eventarc-gke"
},
{
"action": "ADD",
"role": "roles/storage.legacyObjectOwner",
"member": "projectEditor:atamel-eventarc-gke"
},
{
"action": "ADD",
"role": "roles/storage.legacyObjectOwner",
"member": "user:atameldev@gmail.com"
},
{
"action": "ADD",
"role": "roles/storage.legacyObjectReader",
"member": "projectViewer:atamel-eventarc-gke"
}
]
}
},
"resourceLocation": {
"currentLocations": [
"us-central1"
]
}
},
"insertId": "-8vmrbve7pol2",
"resource": {
"type": "gcs_bucket",
"labels": {
"project_id": "atamel-eventarc-gke",
"bucket_name": "eventarc-gcs-atamel-eventarc-gke",
"location": "us-central1"
}
},
"timestamp": "2022-10-19T15:05:54.138732321Z",
"severity": "INFO",
"logName": "projects/atamel-eventarc-gke/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2022-10-19T15:05:54.839604461Z"
},
"datacontenttype": "application/json; charset=utf-8",
"dataschema": "https://googleapis.github.io/google-cloudevents/jsonschema/google/events/cloud/audit/v1/LogEntryData.json",
"id": "projects/atamel-eventarc-gke/logs/cloudaudit.googleapis.com%2Fdata_access-8vmrbve7pol21666191954138732",
"methodname": "storage.objects.create",
"recordedtime": "2022-10-19T15:05:54.138732321Z",
"resourcename": "projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
"servicename": "storage.googleapis.com",
"source": "//cloudaudit.googleapis.com/projects/atamel-eventarc-gke/logs/data_access",
"specversion": "1.0",
"subject": "storage.googleapis.com/projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
"time": "2022-10-19T15:05:54.839604461Z",
"type": "google.cloud.audit.log.v1.written"
}
}
10. 恭喜!
恭喜您完成程式碼研究室!
涵蓋內容
- 建立 GKE 叢集。
- 建立 GKE 服務做為事件接收端。
- 建立 Pub/Sub 觸發條件。
- 建立 Cloud Storage 觸發條件。
- 建立 Cloud 稽核記錄觸發條件。