透過 Eventarc 事件觸發 Kubernetes 服務

1. 簡介

cb762f29e9183a3f.png

Eventarc 可讓您輕鬆將各種服務 (Cloud Run、Kubernetes、Workflows) 與來自各種來源的事件連結。Kubernetes 可讓您建構事件導向的架構,其中微服務的鬆耦合和分佈情形很低。它也能處理事件擷取、提交、安全性、授權和錯誤處理等工作,提升開發人員的靈活性和應用程式彈性。如要進一步瞭解 Eventarc 的簡介,請參閱「透過 Eventarc 中的事件觸發 Cloud Run」程式碼研究室。

在本程式碼研究室中,您將使用 Eventarc 讀取 Pub/Sub、Cloud Storage 和 Cloud 稽核記錄的事件,並傳送至在 Google Kubernetes Engine (GKE) 上執行的 Kubernetes 服務。

課程內容

  • 建立 GKE 叢集。
  • 建立 GKE 服務做為事件接收器。
  • 建立 Pub/Sub 觸發條件。
  • 建立 Cloud Storage 觸發條件
  • 建立 Cloud 稽核記錄觸發條件。

2. 設定和需求

自修環境設定

  1. 登入 Google Cloud 控制台,建立新專案或重複使用現有專案。如果您還沒有 Gmail 或 Google Workspace 帳戶,請先建立帳戶

b35bf95b8bf3d5d8.png

a99b7ace416376c4.png

bd84a6d3004737c5.png

  • 「專案名稱」是這項專案參與者的顯示名稱。這是 Google API 未使用的字元字串。您隨時可以更新這項資訊。
  • 所有 Google Cloud 專案的專案 ID 均不得重複,而且設定後即無法變更。Cloud 控制台會自動產生一個不重複的字串。但通常是在乎它何在在大部分的程式碼研究室中,您必須參照專案 ID (通常為 PROJECT_ID)。如果您對產生的 ID 不滿意,可以隨機產生一個 ID。此外,您也可以自行嘗試,看看系統是否提供該付款方式。在完成這個步驟後就無法變更,而且在專案期間仍會保持有效。
  • 資訊中的第三個值是專案編號,部分 API 會使用這個編號。如要進一步瞭解這三個值,請參閱說明文件
  1. 接下來,您需要在 Cloud 控制台中啟用計費功能,才能使用 Cloud 資源/API。執行這個程式碼研究室並不會產生任何費用,如果有的話。如要關閉資源,以免系統產生本教學課程結束後產生的費用,您可以刪除自己建立的資源,或刪除整個專案。Google Cloud 的新使用者符合 $300 美元免費試用計畫的資格。

啟動 Cloud Shell

雖然 Google Cloud 可以從筆記型電腦遠端操作,但在本程式碼研究室中,您將使用 Google Cloud Shell,這是一種在 Cloud 中執行的指令列環境。

Google Cloud 控制台,按一下右上方的工具列上的 Cloud Shell 圖示:

55efc1aaa7a4d3ad.png

佈建並連線至環境的作業只需幾分鐘的時間。完成後,您應該會看到類似下方的內容:

7ffe5cbb04455448.png

這部虛擬機器都裝載了您需要的所有開發工具。提供永久的 5 GB 主目錄,而且在 Google Cloud 中運作,大幅提高網路效能和驗證能力。本程式碼研究室的所有工作都可以在瀏覽器中完成。不必安裝任何程式。

事前準備

在 Cloud Shell 中,請確認您已設定專案 ID:

PROJECT_ID=your-project-id
gcloud config set project $PROJECT_ID

3. 建立 GKE 叢集

首先,請啟用 GKE 的必要服務:

gcloud services enable container.googleapis.com

建立 Autopilot GKE 叢集:

CLUSTER_NAME=eventarc-cluster
REGION=us-central1

gcloud container clusters create-auto $CLUSTER_NAME --region $REGION

請先確認叢集已建立完成,再進行下一個步驟。

4. 部署 GKE 服務

在部署服務之前,請先取得驗證憑證,以便與 kubectl 互動:

gcloud container clusters get-credentials $CLUSTER_NAME \
    --region $REGION

接下來,請將 Cloud Run 的「hello container」部署為 GKE 上的 Kubernetes 部署。這項服務會記錄收到的 HTTP 要求和 CloudEvents:

SERVICE_NAME=hello-gke

kubectl create deployment $SERVICE_NAME \
    --image=gcr.io/cloudrun/hello

將部署作業公開為內部 Kubernetes 服務。這會在叢集中建立可存取穩定 IP 的服務:

kubectl expose deployment $SERVICE_NAME \
  --type ClusterIP --port 80 --target-port 8080

進行下一個步驟前,請確認 Pod 正在運作:

kubectl get pods

NAME                        READY   STATUS
hello-gke-df6469d4b-5vv22   1/1     Running

此外,您還會看到以下服務:

kubectl get svc

NAME         TYPE           CLUSTER-IP    EXTERNAL-IP
hello-gke    LoadBalancer   10.51.1.26    <none>

5. 設定 Eventarc

在這個步驟中,您將執行設定 Eventarc 並初始化 Eventarc GKE 目的地的步驟。

首先,請為 Eventarc 和 Eventarc GKE 目的地啟用必要服務:

gcloud services enable eventarc.googleapis.com \
  cloudresourcemanager.googleapis.com

接著,請啟用 Eventarc 來管理 GKE 叢集:

gcloud eventarc gke-destinations init

Eventarc 會為以 GKE 服務為目標的每個觸發條件分別建立事件轉送器 Pod,而且需要有明確權限才能變更叢集。方法是將權限授予特殊服務帳戶,管理叢集中的資源。每項 Google Cloud 專案只需要執行一次。

6. 活動探索

建立觸發條件前,您可以瞭解事件來源、可發出的事件類型,以及如何設定觸發條件來使用。

您可以參閱說明文件頁面,瞭解 Eventarc 支援的事件。您也可以使用 gcloud 瀏覽這些事件。

如要查看不同事件類型的清單,請按照下列步驟操作:

gcloud beta eventarc attributes types list

NAME                                           DESCRIPTION
google.cloud.audit.log.v1.written              Cloud Audit Log written
google.cloud.pubsub.topic.v1.messagePublished  Cloud Pub/Sub message published
google.cloud.storage.object.v1.archived         Cloud Storage: Sent when a live version of an (object versioned) object is archived or deleted.
google.cloud.storage.object.v1.deleted          Cloud Storage: Sent when an object has been permanently deleted.
google.cloud.storage.object.v1.finalized        Cloud Storage: Sent when a new object (or a new generation of an existing object).
google.cloud.storage.object.v1.metadataUpdated  Cloud Storage: Sent when the metadata of an existing object changes.

如要進一步瞭解每種事件類型,請按照下列步驟操作:

gcloud beta eventarc attributes types describe google.cloud.audit.log.v1.written

attributes: type,serviceName,methodName,resourceName
description: 'Cloud Audit Log: Sent when a log is written.'
name: google.cloud.audit.log.v1.written

如要查看發出特定事件類型的服務清單:

gcloud beta eventarc attributes service-names list --type=google.cloud.audit.log.v1.written

SERVICE_NAME                                DISPLAY_NAME
accessapproval.googleapis.com               Access Approval
accesscontextmanager.googleapis.com         Access Context Manager
admin.googleapis.com                        Google Workspace Admin
aiplatform.googleapis.com                   AI Platform (under Vertex AI)
apigee.googleapis.com                       Apigee
apigeeconnect.googleapis.com                Apigee Connect
...
workflows.googleapis.com                    Workflows

如要查看每項服務可發出的方法名稱 (子事件) 清單,請按照下列步驟操作:

gcloud beta eventarc attributes method-names list --type=google.cloud.audit.log.v1.written --service-name=workflows.googleapis.com

METHOD_NAME
google.cloud.workflows.v1.Workflows.CreateWorkflow
google.cloud.workflows.v1.Workflows.DeleteWorkflow
google.cloud.workflows.v1.Workflows.GetWorkflow
google.cloud.workflows.v1.Workflows.ListWorkflows
google.cloud.workflows.v1.Workflows.UpdateWorkflow
google.cloud.workflows.v1beta.Workflows.CreateWorkflow
google.cloud.workflows.v1beta.Workflows.DeleteWorkflow
google.cloud.workflows.v1beta.Workflows.GetWorkflow
google.cloud.workflows.v1beta.Workflows.ListWorkflows
google.cloud.workflows.v1beta.Workflows.UpdateWorkflow

7. 建立 Pub/Sub 觸發條件

其中一種接收事件的方式為 Pub/Sub。所有應用程式都可以將訊息發布至 Pub/Sub,這些訊息也可以透過 Eventarc 傳送至服務。

設定方式

您需要先有服務帳戶供觸發條件使用,才能建立觸發條件。

建立服務帳戶:

SERVICE_ACCOUNT=eventarc-gke-trigger-sa

gcloud iam service-accounts create $SERVICE_ACCOUNT

您必須為服務帳戶授予下列角色,才能使用具有 GKE 目的地的觸發條件:

  • roles/pubsub.subscriber
  • roles/monitoring.metricWriter
  • roles/eventarc.eventReceiver (僅適用於 AuditLog 觸發條件,您將在後續步驟中加入)

授予角色:

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \
  --role roles/pubsub.subscriber

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \
  --role roles/monitoring.metricWriter

建立

建立觸發條件,將 Pub/Sub 訊息轉送至您的服務:

TRIGGER_NAME=trigger-pubsub-gke

gcloud eventarc triggers create $TRIGGER_NAME \
  --destination-gke-cluster=$CLUSTER_NAME \
  --destination-gke-location=$REGION \
  --destination-gke-namespace=default \
  --destination-gke-service=$SERVICE_NAME \
  --destination-gke-path=/ \
  --event-filters="type=google.cloud.pubsub.topic.v1.messagePublished" \
  --location=$REGION \
  --service-account=$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com

測試

您可以列出所有觸發條件,確認是否已建立觸發條件:

gcloud eventarc triggers list

Pub/Sub 觸發條件會在封面建立 Pub/Sub 主題。讓我們找出並指派給變數:

TOPIC_ID=$(gcloud eventarc triggers describe $TRIGGER_NAME --location $REGION --format='value(transport.pubsub.topic)')

使用 gcloud 將訊息發布至主題:

gcloud pubsub topics publish $TOPIC_ID --message="Hello World"

如要確認收到的事件是否收到,請先找出 Pod 名稱:

kubectl get pods

NAME                        READY   STATUS
hello-gke-df6469d4b-5vv22   1/1     Running

然後儲存至變數:

POD_NAME=hello-gke-df6469d4b-5vv22 

查看 Pod 的記錄,確認收到的事件:

kubectl logs $POD_NAME

{
  "severity": "INFO",
  "eventType": "google.cloud.pubsub.topic.v1.messagePublished",
  "message": "Received event of type google.cloud.pubsub.topic.v1.messagePublished. Event data: Hello World",
  "event": {
    "data": {
      "subscription": "projects/atamel-eventarc-gke/subscriptions/eventarc-us-central1-trigger-pubsub-gke-sub-270",
      "message": {
        "data": "SGVsbG8gV29ybGQ=",
        "messageId": "6031025573654834",
        "publishTime": "2022-10-19T14:13:07.990Z"
      }
    },
    "datacontenttype": "application/json",
    "id": "6031025573654834",
    "source": "//pubsub.googleapis.com/projects/atamel-eventarc-gke/topics/eventarc-us-central1-trigger-pubsub-gke-729",
    "specversion": "1.0",
    "time": "2022-10-19T14:13:07.99Z",
    "type": "google.cloud.pubsub.topic.v1.messagePublished"
  }
}

8. 建立 Cloud Storage 觸發條件

另一種接收事件的方式是透過 Cloud Storage。例如,應用程式可將檔案上傳至值區,而該事件可以透過 Eventarc 傳送至服務。

設定方式

建立 Cloud Storage 觸發條件前,請先建立從以下來源接收事件的值區:

BUCKET_NAME=eventarc-gcs-$PROJECT_ID
gsutil mb -l $REGION gs://$BUCKET_NAME

您也需要將 pubsub.publisher 角色新增到 Cloud Storage 服務帳戶,以便使用 Cloud Storage 觸發條件:

SERVICE_ACCOUNT_STORAGE=$(gsutil kms serviceaccount -p $PROJECT_ID)
gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member serviceAccount:$SERVICE_ACCOUNT_STORAGE \
    --role roles/pubsub.publisher

建立

建立觸發條件,將值區的新檔案建立事件轉送至您的服務:

TRIGGER_NAME=trigger-storage-gke

gcloud eventarc triggers create $TRIGGER_NAME \
  --destination-gke-cluster=$CLUSTER_NAME \
  --destination-gke-location=$REGION \
  --destination-gke-namespace=default \
  --destination-gke-service=$SERVICE_NAME \
  --destination-gke-path=/ \
  --event-filters="type=google.cloud.storage.object.v1.finalized" \
  --event-filters="bucket=$BUCKET_NAME" \
  --location=$REGION \
  --service-account=$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com

測試

您可以列出所有觸發條件,確認是否已建立觸發條件:

gcloud eventarc triggers list

建立檔案,並使用 gsutil 將檔案上傳至值區:

echo "Hello World" > random.txt
gsutil cp random.txt gs://$BUCKET_NAME/random.txt

查看 Pod 的記錄,確認收到的事件:

kubectl logs $POD_NAME

{
  "severity": "INFO",
  "eventType": "google.cloud.storage.object.v1.finalized",
  "message": "Received event of type google.cloud.storage.object.v1.finalized. Event data: {\n  \"kind\": \"storage#object\",\n  \"id\": \"eventarc-gcs-atamel-eventarc-gke/random.txt/1666190425669022\",\n  \"selfLink\": \"https://www.googleapis.com/storage/v1/b/eventarc-gcs-atamel-eventarc-gke/o/random.txt\",\n  \"name\": \"random.txt\",\n  \"bucket\": \"eventarc-gcs-atamel-eventarc-gke\",\n  \"generation\": \"1666190425669022\",\n  \"metageneration\": \"1\",\n  \"contentType\": \"text/plain\",\n  \"timeCreated\": \"2022-10-19T14:40:25.678Z\",\n  \"updated\": \"2022-10-19T14:40:25.678Z\",\n  \"storageClass\": \"STANDARD\",\n  \"timeStorageClassUpdated\": \"2022-10-19T14:40:25.678Z\",\n  \"size\": \"12\",\n  \"md5Hash\": \"5Z/5eUEET4XfUpfhwwLSYA==\",\n  \"mediaLink\": \"https://storage.googleapis.com/download/storage/v1/b/eventarc-gcs-atamel-eventarc-gke/o/random.txt?generation=1666190425669022\u0026alt=media\",\n  \"contentLanguage\": \"en\",\n  \"crc32c\": \"R1jUOQ==\",\n  \"etag\": \"CJ77zIPD7PoCEAE=\"\n}\n",
  "event": {
    "bucket": "eventarc-gcs-atamel-eventarc-gke",
    "data": {
      "kind": "storage#object",
      "id": "eventarc-gcs-atamel-eventarc-gke/random.txt/1666190425669022",
      "selfLink": "https://www.googleapis.com/storage/v1/b/eventarc-gcs-atamel-eventarc-gke/o/random.txt",
      "name": "random.txt",
      "bucket": "eventarc-gcs-atamel-eventarc-gke",
      "generation": "1666190425669022",
      "metageneration": "1",
      "contentType": "text/plain",
      "timeCreated": "2022-10-19T14:40:25.678Z",
      "updated": "2022-10-19T14:40:25.678Z",
      "storageClass": "STANDARD",
      "timeStorageClassUpdated": "2022-10-19T14:40:25.678Z",
      "size": "12",
      "md5Hash": "5Z/5eUEET4XfUpfhwwLSYA==",
      "mediaLink": "https://storage.googleapis.com/download/storage/v1/b/eventarc-gcs-atamel-eventarc-gke/o/random.txt?generation=1666190425669022\u0026alt=media",
      "contentLanguage": "en",
      "crc32c": "R1jUOQ==",
      "etag": "CJ77zIPD7PoCEAE="
    },
    "datacontenttype": "application/json",
    "id": "6031255652220627",
    "source": "//storage.googleapis.com/projects/_/buckets/eventarc-gcs-atamel-eventarc-gke",
    "specversion": "1.0",
    "subject": "objects/random.txt",
    "time": "2022-10-19T14:40:25.678152Z",
    "type": "google.cloud.storage.object.v1.finalized"
  }
}

9. 建立 Cloud 稽核記錄觸發條件

雖然 Cloud Storage 觸發條件是監聽 Cloud Storage 事件的最佳方式,但在這個步驟中,您將建立 Cloud 稽核記錄觸發條件以執行相同作業。

設定方式

如要接收服務中的事件,請啟用稽核記錄。在 Google Cloud 控制台中,選取左上方的選單中的「IAM & Admin」和「Audit Logs」。在服務清單中,勾選 Google Cloud Storage

91d1bcef8f953fe3.png

確認已在右側選取 AdminReadWrite,然後按一下 Save

ccb31db1e55fd2e3.png

您也必須將 eventarc.eventReceiver 角色新增至觸發條件服務帳戶,以便使用 Cloud 稽核記錄觸發條件:

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \
  --role roles/eventarc.eventReceiver

建立

建立觸發條件,將值區的新檔案建立事件轉送至您的服務:

TRIGGER_NAME=trigger-auditlog-storage-gke

gcloud eventarc triggers create $TRIGGER_NAME \
  --destination-gke-cluster=$CLUSTER_NAME \
  --destination-gke-location=$REGION \
  --destination-gke-namespace=default \
  --destination-gke-service=$SERVICE_NAME \
  --destination-gke-path=/ \
  --event-filters="type=google.cloud.audit.log.v1.written" \
  --event-filters="serviceName=storage.googleapis.com" \
  --event-filters="methodName=storage.objects.create" \
  --event-filters-path-pattern="resourceName=/projects/_/buckets/$BUCKET_NAME/objects/*" \
  --location=$REGION \
  --service-account=$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com

測試

稽核記錄觸發條件需要一些時間才能完成初始化。您可以列出所有觸發條件,確認是否已建立觸發條件:

gcloud eventarc triggers list

您應該會看到 Active 欄位為 Yes

NAME                          TYPE                                           DESTINATION     ACTIVE
trigger-auditlog-storage-gke  google.cloud.audit.log.v1.written              GKE: hello-gke  Yes

建立檔案,並使用 gsutil 將檔案上傳至值區:

echo "Hello World" > random.txt
gsutil cp random.txt gs://$BUCKET_NAME/random.txt

查看 Pod 的記錄,確認收到的事件:

kubectl logs $POD_NAME

{
  "severity": "INFO",
  "eventType": "google.cloud.audit.log.v1.written",
  "message": "Received event of type google.cloud.audit.log.v1.written. Event data: {\"protoPayload\":{\"status\":{},\"authenticationInfo\":{\"principalEmail\":\"atameldev@gmail.com\"},\"requestMetadata\":{\"callerIp\":\"149.71.143.227\",\"callerSuppliedUserAgent\":\"apitools Python/3.10.4 gsutil/5.14 (darwin) analytics/disabled interactive/True command/cp google-cloud-sdk/405.0.1,gzip(gfe)\",\"requestAttributes\":{\"time\":\"2022-10-19T15:05:54.144615670Z\",\"auth\":{}},\"destinationAttributes\":{}},\"serviceName\":\"storage.googleapis.com\",\"methodName\":\"storage.objects.create\",\"authorizationInfo\":[{\"resource\":\"projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt\",\"permission\":\"storage.objects.delete\",\"granted\":true,\"resourceAttributes\":{}},{\"resource\":\"projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt\",\"permission\":\"storage.objects.create\",\"granted\":true,\"resourceAttributes\":{}}],\"resourceName\":\"projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt\",\"serviceData\":{\"@type\":\"type.googleapis.com/google.iam.v1.logging.AuditData\",\"policyDelta\":{\"bindingDeltas\":[{\"action\":\"ADD\",\"role\":\"roles/storage.legacyObjectOwner\",\"member\":\"projectOwner:atamel-eventarc-gke\"},{\"action\":\"ADD\",\"role\":\"roles/storage.legacyObjectOwner\",\"member\":\"projectEditor:atamel-eventarc-gke\"},{\"action\":\"ADD\",\"role\":\"roles/storage.legacyObjectOwner\",\"member\":\"user:atameldev@gmail.com\"},{\"action\":\"ADD\",\"role\":\"roles/storage.legacyObjectReader\",\"member\":\"projectViewer:atamel-eventarc-gke\"}]}},\"resourceLocation\":{\"currentLocations\":[\"us-central1\"]}},\"insertId\":\"-8vmrbve7pol2\",\"resource\":{\"type\":\"gcs_bucket\",\"labels\":{\"project_id\":\"atamel-eventarc-gke\",\"bucket_name\":\"eventarc-gcs-atamel-eventarc-gke\",\"location\":\"us-central1\"}},\"timestamp\":\"2022-10-19T15:05:54.138732321Z\",\"severity\":\"INFO\",\"logName\":\"projects/atamel-eventarc-gke/logs/cloudaudit.googleapis.com%2Fdata_access\",\"receiveTimestamp\":\"2022-10-19T15:05:54.839604461Z\"}",
  "event": {
    "data": {
      "protoPayload": {
        "status": {
        },
        "authenticationInfo": {
          "principalEmail": "atameldev@gmail.com"
        },
        "requestMetadata": {
          "callerIp": "149.71.143.227",
          "callerSuppliedUserAgent": "apitools Python/3.10.4 gsutil/5.14 (darwin) analytics/disabled interactive/True command/cp google-cloud-sdk/405.0.1,gzip(gfe)",
          "requestAttributes": {
            "time": "2022-10-19T15:05:54.144615670Z",
            "auth": {
            }
          },
          "destinationAttributes": {
          }
        },
        "serviceName": "storage.googleapis.com",
        "methodName": "storage.objects.create",
        "authorizationInfo": [
          {
            "resource": "projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
            "permission": "storage.objects.delete",
            "granted": true,
            "resourceAttributes": {
            }
          },
          {
            "resource": "projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
            "permission": "storage.objects.create",
            "granted": true,
            "resourceAttributes": {
            }
          }
        ],
        "resourceName": "projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
        "serviceData": {
          "@type": "type.googleapis.com/google.iam.v1.logging.AuditData",
          "policyDelta": {
            "bindingDeltas": [
              {
                "action": "ADD",
                "role": "roles/storage.legacyObjectOwner",
                "member": "projectOwner:atamel-eventarc-gke"
              },
              {
                "action": "ADD",
                "role": "roles/storage.legacyObjectOwner",
                "member": "projectEditor:atamel-eventarc-gke"
              },
              {
                "action": "ADD",
                "role": "roles/storage.legacyObjectOwner",
                "member": "user:atameldev@gmail.com"
              },
              {
                "action": "ADD",
                "role": "roles/storage.legacyObjectReader",
                "member": "projectViewer:atamel-eventarc-gke"
              }
            ]
          }
        },
        "resourceLocation": {
          "currentLocations": [
            "us-central1"
          ]
        }
      },
      "insertId": "-8vmrbve7pol2",
      "resource": {
        "type": "gcs_bucket",
        "labels": {
          "project_id": "atamel-eventarc-gke",
          "bucket_name": "eventarc-gcs-atamel-eventarc-gke",
          "location": "us-central1"
        }
      },
      "timestamp": "2022-10-19T15:05:54.138732321Z",
      "severity": "INFO",
      "logName": "projects/atamel-eventarc-gke/logs/cloudaudit.googleapis.com%2Fdata_access",
      "receiveTimestamp": "2022-10-19T15:05:54.839604461Z"
    },
    "datacontenttype": "application/json; charset=utf-8",
    "dataschema": "https://googleapis.github.io/google-cloudevents/jsonschema/google/events/cloud/audit/v1/LogEntryData.json",
    "id": "projects/atamel-eventarc-gke/logs/cloudaudit.googleapis.com%2Fdata_access-8vmrbve7pol21666191954138732",
    "methodname": "storage.objects.create",
    "recordedtime": "2022-10-19T15:05:54.138732321Z",
    "resourcename": "projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
    "servicename": "storage.googleapis.com",
    "source": "//cloudaudit.googleapis.com/projects/atamel-eventarc-gke/logs/data_access",
    "specversion": "1.0",
    "subject": "storage.googleapis.com/projects/_/buckets/eventarc-gcs-atamel-eventarc-gke/objects/random.txt",
    "time": "2022-10-19T15:05:54.839604461Z",
    "type": "google.cloud.audit.log.v1.written"
  }
}

10. 恭喜!

恭喜您完成本程式碼研究室。

涵蓋內容

  • 建立 GKE 叢集。
  • 建立 GKE 服務做為事件接收器。
  • 建立 Pub/Sub 觸發條件。
  • 建立 Cloud Storage 觸發條件。
  • 建立 Cloud 稽核記錄觸發條件。