如何从命令行部署具有多个秘密且只能通过 1 个服务帐户运行的 GCP 功能
How Can I Deploy A GCP Function from The Command Line WITH Multiple Secrets AND Only Runable Through 1 Service Account
我一直在不断部署、删除和重新部署 GCP 云功能。这个功能在浏览器中设置起来真的很复杂。它需要 5 个秘密,并且 运行s 通过一个服务帐户(重要的是这个函数只允许 运行 与这 1 个特定的服务帐户)。我还将 maxInstances 限制为 10。由于从浏览器连续重新部署需要很长时间,有没有办法通过命令行使用 gcloud 命令进行设置?或者可能是 Docker 命令或类似的东西?
这是gcloud functions describe <MY GCP CLOUD FUNCTION NAME>的输出:
availableMemoryMb: 256
buildId: <BUILD ID HERE (LOOKS LIKE A GUID)>
buildName: projects/<PROJECT ID HERE>/locations/us-central1/builds/<BUILD ID HERE>
dockerRegistry: CONTAINER_REGISTRY
entryPoint: <ENTRY POINT FUNCTION NAME HERE>
httpsTrigger:
securityLevel: SECURE_ALWAYS
url: https://us-central1-<PROJECT ID NAME HERE>.cloudfunctions.net/<CLOUD FUNCTION NAME HERE>
ingressSettings: ALLOW_ALL
labels:
deployment-tool: console-cloud
maxInstances: 10
name: projects/<PROJECT ID NAME HERE>/locations/us-central1/functions/<CLOUD FUNCTION NAME HERE>
runtime: python39
secretEnvironmentVariables:
- key: CONSUMER_KEY
projectId: '<PROJECT ID HERE>'
secret: <CONSUMER_KEY SECRET NAME HERE>
version: '1'
- key: CONSUMER_SECRET
projectId: '<PROJECT ID HERE>'
secret: <CONSUMER_SECRET SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_PART_ONE
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_PART_ONE SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_PART_TWO
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_PART_TWO SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_SECRET
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_SECRET SECRET NAME HERE>
version: '1'
serviceAccountEmail: <SERVICE ACCOUNT NAME HERE>@<PROJECT ID NAME HERE>.iam.gserviceaccount.com
sourceUploadUrl: https://storage.googleapis.com/uploads-<RANDOM LOOKING NUMBER THAT I DON'T RECOGNIZE>.us-central1.cloudfunctions.appspot.com/<RANDOM GUID LOOKING VALUE THAT I DON'T RECOGNIZE>.zip
status: ACTIVE
timeout: 60s
updateTime: '<TIMECODE HERE>'
versionId: '1'
我试图在 main.py 文件中为基本 python 函数创建一个部署命令,它只是将 Hello World 打印到终端。
gcloud functions --account=<SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com deploy <NEW FUNCTION NAME> \
--memory=256MB \
--runtime=python39 \
--trigger-http \
--security-level=secure-always \
--entry-point=hello_world \
--max-instances=10 \
--service-account=<SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com \
--source=/path/to/main/py/file/dir
我得到了这个错误:ERROR: (gcloud.functions.deploy) PERMISSION_DENIED: Permission 'cloudfunctions.functions.sourceCodeSet' denied on resource 'projects/<MY PROJECT NAME>/locations/us-central1' (or resource may not exist).
顺便说一句,我已经尝试将 Cloud Build Settings > Cloud Functions > Cloud Functions Developer 设置为启用。它仍然给我同样的错误...
我做错了什么?我怎样才能获得要部署的功能?
这有效:
gcloud functions deploy <NEW FUNCTION NAME> --memory 256MB --runtime python39 --trigger-http --project <MY PROJECT ID HERE> --set-secrets=SECRET_1=secret_1_name:latest,SECRET_2=secret_2_name:latest,SECRET_3=secret_3_name:latest,SECRET_4=secret_4_name:latest,SECRET_5=secret_5_name:latest --security-level secure-always --entry-point <ENTRY FUNCTION NAME> --max-instances 10 --service-account <SERVICE ACCOUNT NAME HERE>@<PROJECT ID HERE>.iam.gserviceaccount.com --source path/to/dir/with/main/py/
P.S。不要忘记将 requirements.txt 与 main.py
放在同一个文件夹中
根据错误消息,您必须分配角色 roles/cloudfunctions.developer,它提供权限 cloudfunctions.functions.sourceCodeSet。
我一直在不断部署、删除和重新部署 GCP 云功能。这个功能在浏览器中设置起来真的很复杂。它需要 5 个秘密,并且 运行s 通过一个服务帐户(重要的是这个函数只允许 运行 与这 1 个特定的服务帐户)。我还将 maxInstances 限制为 10。由于从浏览器连续重新部署需要很长时间,有没有办法通过命令行使用 gcloud 命令进行设置?或者可能是 Docker 命令或类似的东西?
这是gcloud functions describe <MY GCP CLOUD FUNCTION NAME>的输出:
availableMemoryMb: 256
buildId: <BUILD ID HERE (LOOKS LIKE A GUID)>
buildName: projects/<PROJECT ID HERE>/locations/us-central1/builds/<BUILD ID HERE>
dockerRegistry: CONTAINER_REGISTRY
entryPoint: <ENTRY POINT FUNCTION NAME HERE>
httpsTrigger:
securityLevel: SECURE_ALWAYS
url: https://us-central1-<PROJECT ID NAME HERE>.cloudfunctions.net/<CLOUD FUNCTION NAME HERE>
ingressSettings: ALLOW_ALL
labels:
deployment-tool: console-cloud
maxInstances: 10
name: projects/<PROJECT ID NAME HERE>/locations/us-central1/functions/<CLOUD FUNCTION NAME HERE>
runtime: python39
secretEnvironmentVariables:
- key: CONSUMER_KEY
projectId: '<PROJECT ID HERE>'
secret: <CONSUMER_KEY SECRET NAME HERE>
version: '1'
- key: CONSUMER_SECRET
projectId: '<PROJECT ID HERE>'
secret: <CONSUMER_SECRET SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_PART_ONE
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_PART_ONE SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_PART_TWO
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_PART_TWO SECRET NAME HERE>
version: '1'
- key: ACCESS_TOKEN_SECRET
projectId: '<PROJECT ID HERE>'
secret: <ACCESS_TOKEN_SECRET SECRET NAME HERE>
version: '1'
serviceAccountEmail: <SERVICE ACCOUNT NAME HERE>@<PROJECT ID NAME HERE>.iam.gserviceaccount.com
sourceUploadUrl: https://storage.googleapis.com/uploads-<RANDOM LOOKING NUMBER THAT I DON'T RECOGNIZE>.us-central1.cloudfunctions.appspot.com/<RANDOM GUID LOOKING VALUE THAT I DON'T RECOGNIZE>.zip
status: ACTIVE
timeout: 60s
updateTime: '<TIMECODE HERE>'
versionId: '1'
我试图在 main.py 文件中为基本 python 函数创建一个部署命令,它只是将 Hello World 打印到终端。
gcloud functions --account=<SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com deploy <NEW FUNCTION NAME> \
--memory=256MB \
--runtime=python39 \
--trigger-http \
--security-level=secure-always \
--entry-point=hello_world \
--max-instances=10 \
--service-account=<SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com \
--source=/path/to/main/py/file/dir
我得到了这个错误:ERROR: (gcloud.functions.deploy) PERMISSION_DENIED: Permission 'cloudfunctions.functions.sourceCodeSet' denied on resource 'projects/<MY PROJECT NAME>/locations/us-central1' (or resource may not exist).
顺便说一句,我已经尝试将 Cloud Build Settings > Cloud Functions > Cloud Functions Developer 设置为启用。它仍然给我同样的错误...
我做错了什么?我怎样才能获得要部署的功能?
这有效:
gcloud functions deploy <NEW FUNCTION NAME> --memory 256MB --runtime python39 --trigger-http --project <MY PROJECT ID HERE> --set-secrets=SECRET_1=secret_1_name:latest,SECRET_2=secret_2_name:latest,SECRET_3=secret_3_name:latest,SECRET_4=secret_4_name:latest,SECRET_5=secret_5_name:latest --security-level secure-always --entry-point <ENTRY FUNCTION NAME> --max-instances 10 --service-account <SERVICE ACCOUNT NAME HERE>@<PROJECT ID HERE>.iam.gserviceaccount.com --source path/to/dir/with/main/py/
P.S。不要忘记将 requirements.txt 与 main.py
根据错误消息,您必须分配角色 roles/cloudfunctions.developer,它提供权限 cloudfunctions.functions.sourceCodeSet。