Learn how to deploy a service in Cloud Run for Anthos and then create and send events to that service from Cloud Audit Logs.
Before you begin
To complete this task, you must have an events broker and know in which namespace it's running. Learn how to configure Events for Cloud Run for Anthos and create an events broker.
If you have an events broker running, you can view the Kubernetes namespace by running:
kubectl get brokers -n NAMESPACE
Deploying a Cloud Run for Anthos event receiver service
Deploy a Cloud Run for Anthos service that receives events from the event broker.
Clone the repository:
Python
git clone https://github.com/GoogleCloudPlatform/python-docs-samples.git cd python-docs-samples/eventarc/audit-storage
Java
git clone https://github.com/GoogleCloudPlatform/java-docs-samples.git cd java-docs-samples/eventarc/audit-storage
Go
git clone https://github.com/GoogleCloudPlatform/golang-samples.git cd golang-samples/eventarc/audit_storage
Node.js
git clone https://github.com/GoogleCloudPlatform/nodejs-docs-samples.git cd nodejs-docs-samples/eventarc/audit-storage
C#
git clone https://github.com/GoogleCloudPlatform/dotnet-docs-samples.git cd dotnet-docs-samples/eventarc/audit-storage
Build the container and upload it to Cloud Build:
gcloud builds submit \ --tag gcr.io/$(gcloud config get-value project)/CLOUD_RUN_CONTAINER_NAME
where CLOUD_RUN_CONTAINER_NAME is the filename of your container.
Deploy the container image to Cloud Run for Anthos:
gcloud run deploy CLOUD_RUN_SERVICE_NAME \ --namespace=NAMESPACE \ --image gcr.io/$(gcloud config get-value project)/CLOUD_RUN_CONTAINER_NAME
where NAMESPACE is the same namespace as your events broker.
When you see the service URL, it has been successfully deployed.
Creating a trigger for Cloud Audit Logs
Create a trigger in the same namespace as your events broker:
gcloud beta events triggers create TRIGGER_NAME \ --namespace NAMESPACE \ --target-service=CLOUD_RUN_SERVICE_NAME \ --type=google.cloud.audit.log.v1.written \ --parameters serviceName=pubsub.googleapis.com \ --parameters methodName=google.pubsub.v1.Publisher.CreateTopic
In this example, the trigger filters Cloud Audit Logs entries that have the
methodName
entries equal togoogle.pubsub.v1.Publisher.CreateTopic
. For more filtering options, see AuditLog formatting.After 60 seconds, verify that the trigger is working:
gcloud beta events triggers list \ --target-service CLOUD_RUN_SERVICE_NAME \ --namespace NAMESPACE
where NAMESPACE is the same namespace as your events broker.
The output is similar to the following:
TRIGGER EVENT TYPE TARGET trigger-name google.cloud.audit.log.v1.written cloud-run-service
Generating an event
Generate an event by creating a Pub/Sub topic:
gcloud pubsub topics create TOPIC_NAME
Check that the event was received by the Cloud Run for Anthos service:
kubectl logs \ --selector serving.knative.dev/service=CLOUD_RUN_SERVICE_NAME \ -c user-container \ -n NAMESPACE \ --tail=200
where NAMESPACE is the same namespace as your events broker.
The output is similar to the following:
[...] [2020-09-10 18:51:28 +0000] [1] [INFO] Starting gunicorn 20.0.4 [2020-09-10 18:51:28 +0000] [1] [INFO] Listening at: http://0.0.0.0:8080 (1) [2020-09-10 18:51:28 +0000] [1] [INFO] Using worker: threads [2020-09-10 18:51:28 +0000] [7] [INFO] Booting worker with pid: 7 GCS CloudEvent type: pubsub.googleapis.com/projects/PROJECT_NAME/topics/to-be-deleted GCS CloudEvent type: pubsub.googleapis.com/projects/PROJECT_NAME/topics/to-be-deleted2 [...]
Clean up
Delete the resources created in this tutorial to avoid recurring charges.
To delete the trigger, type:
gcloud beta events triggers delete TRIGGER_NAME \ --namespace NAMESPACE
where NAMESPACE is the same namespace as your events broker.
Delete the Pub/Sub topic:
gcloud pubsub topics delete TOPIC_NAME