教程：调试将事件路由到 Cloud Run

创建 Artifact Registry 标准制品库

创建 Artifact Registry 标准制品库以存储您的容器映像：

gcloud artifacts repositories create REPOSITORY \
    --repository-format=docker \
    --location=$REGION

将 REPOSITORY 替换为制品库的唯一名称。

创建 Cloud Storage 存储桶

在两个区域中各创建一个 Cloud Storage 存储桶作为 Cloud Run 服务的事件来源：

1. 在 us-east1 中创建一个存储桶：

   export BUCKET1="troubleshoot-bucket1-PROJECT_ID"
   gsutil mb -l us-east1 gs://${BUCKET1}

2. 在 us-west1 中创建一个存储桶：

   export BUCKET2="troubleshoot-bucket2-PROJECT_ID"
   gsutil mb -l us-west1 gs://${BUCKET2}

创建事件来源后，在 Cloud Run 上部署事件接收器服务。

部署事件接收器

部署接收和记录事件的 Cloud Run 服务。

1. 通过克隆 GitHub 代码库检索代码示例：

   Go

   git clone https://github.com/GoogleCloudPlatform/golang-samples.git
   cd golang-samples/eventarc/audit_storage
   

   Java

   git clone https://github.com/GoogleCloudPlatform/java-docs-samples.git
   cd java-docs-samples/eventarc/audit-storage
   

   .NET

   git clone https://github.com/GoogleCloudPlatform/dotnet-docs-samples.git
   cd dotnet-docs-samples/eventarc/audit-storage
   

   Node.js

   git clone https://github.com/GoogleCloudPlatform/nodejs-docs-samples.git
   cd nodejs-docs-samples/eventarc/audit-storage
   

   Python

   git clone https://github.com/GoogleCloudPlatform/python-docs-samples.git
   cd python-docs-samples/eventarc/audit-storage
   

2. 查看本教程的代码，其中包含以下内容：

   • 事件处理脚本，用于接收传入事件作为 HTTP POST 请求中的 CloudEvent：

     Go

     
     // Processes CloudEvents containing Cloud Audit Logs for Cloud Storage
     package main
     
     import (
     	"fmt"
     	"log"
     	"net/http"
     	"os"
     
     	cloudevent "github.com/cloudevents/sdk-go/v2"
     )
     
     // HelloEventsStorage receives and processes a Cloud Audit Log event with Cloud Storage data.
     func HelloEventsStorage(w http.ResponseWriter, r *http.Request) {
     	if r.Method != http.MethodPost {
     		http.Error(w, "Expected HTTP POST request with CloudEvent payload", http.StatusMethodNotAllowed)
     		return
     	}
     
     	event, err := cloudevent.NewEventFromHTTPRequest(r)
     	if err != nil {
     		log.Printf("cloudevent.NewEventFromHTTPRequest: %v", err)
     		http.Error(w, "Failed to create CloudEvent from request.", http.StatusBadRequest)
     		return
     	}
     	s := fmt.Sprintf("Detected change in Cloud Storage bucket: %s", event.Subject())
     	fmt.Fprintln(w, s)
     }
     

     Java

     import io.cloudevents.CloudEvent;
     import io.cloudevents.rw.CloudEventRWException;
     import io.cloudevents.spring.http.CloudEventHttpUtils;
     import org.springframework.http.HttpHeaders;
     import org.springframework.http.HttpStatus;
     import org.springframework.http.ResponseEntity;
     import org.springframework.web.bind.annotation.RequestBody;
     import org.springframework.web.bind.annotation.RequestHeader;
     import org.springframework.web.bind.annotation.RequestMapping;
     import org.springframework.web.bind.annotation.RequestMethod;
     import org.springframework.web.bind.annotation.RestController;
     
     @RestController
     public class EventController {
     
       @RequestMapping(value = "/", method = RequestMethod.POST, consumes = "application/json")
       public ResponseEntity<String> receiveMessage(
           @RequestBody String body, @RequestHeader HttpHeaders headers) {
         CloudEvent event;
         try {
           event =
               CloudEventHttpUtils.fromHttp(headers)
                   .withData(headers.getContentType().toString(), body.getBytes())
                   .build();
         } catch (CloudEventRWException e) {
           return new ResponseEntity<>(e.getMessage(), HttpStatus.BAD_REQUEST);
         }
     
         String ceSubject = event.getSubject();
         String msg = "Detected change in Cloud Storage bucket: " + ceSubject;
         System.out.println(msg);
         return new ResponseEntity<>(msg, HttpStatus.OK);
       }
     }

     .NET

     
     using Microsoft.AspNetCore.Builder;
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.AspNetCore.Http;
     using Microsoft.Extensions.DependencyInjection;
     using Microsoft.Extensions.Hosting;
     using Microsoft.Extensions.Logging;
     
     public class Startup
     {
         public void ConfigureServices(IServiceCollection services)
         {
         }
     
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILogger<Startup> logger)
         {
             if (env.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
             }
     
             logger.LogInformation("Service is starting...");
     
             app.UseRouting();
     
             app.UseEndpoints(endpoints =>
             {
                 endpoints.MapPost("/", async context =>
                 {
                     logger.LogInformation("Handling HTTP POST");
     
                     var ceSubject = context.Request.Headers["ce-subject"];
                     logger.LogInformation($"ce-subject: {ceSubject}");
     
                     if (string.IsNullOrEmpty(ceSubject))
                     {
                         context.Response.StatusCode = 400;
                         await context.Response.WriteAsync("Bad Request: expected header Ce-Subject");
                         return;
                     }
     
                     await context.Response.WriteAsync($"GCS CloudEvent type: {ceSubject}");
                 });
             });
         }
     }
     

     Node.js

     const express = require('express');
     const app = express();
     
     app.use(express.json());
     app.post('/', (req, res) => {
       if (!req.header('ce-subject')) {
         return res
           .status(400)
           .send('Bad Request: missing required header: ce-subject');
       }
     
       console.log(
         `Detected change in Cloud Storage bucket: ${req.header('ce-subject')}`
       );
       return res
         .status(200)
         .send(
           `Detected change in Cloud Storage bucket: ${req.header('ce-subject')}`
         );
     });
     
     module.exports = app;

     Python

     @app.route("/", methods=["POST"])
     def index():
         # Create a CloudEvent object from the incoming request
         event = from_http(request.headers, request.data)
         # Gets the GCS bucket name from the CloudEvent
         # Example: "storage.googleapis.com/projects/_/buckets/my-bucket"
         bucket = event.get("subject")
     
         print(f"Detected change in Cloud Storage bucket: {bucket}")
         return (f"Detected change in Cloud Storage bucket: {bucket}", 200)
     
     

   • 使用事件处理脚本的服务器：

     Go

     
     func main() {
     	http.HandleFunc("/", HelloEventsStorage)
     	// Determine port for HTTP service.
     	port := os.Getenv("PORT")
     	if port == "" {
     		port = "8080"
     	}
     	// Start HTTP server.
     	log.Printf("Listening on port %s", port)
     	if err := http.ListenAndServe(":"+port, nil); err != nil {
     		log.Fatal(err)
     	}
     }
     

     Java

     
     import org.springframework.boot.SpringApplication;
     import org.springframework.boot.autoconfigure.SpringBootApplication;
     
     @SpringBootApplication
     public class Application {
       public static void main(String[] args) {
         SpringApplication.run(Application.class, args);
       }
     }

     .NET

         public static void Main(string[] args)
         {
             CreateHostBuilder(args).Build().Run();
         }
         public static IHostBuilder CreateHostBuilder(string[] args)
         {
             var port = Environment.GetEnvironmentVariable("PORT") ?? "8080";
             var url = $"http://0.0.0.0:{port}";
     
             return Host.CreateDefaultBuilder(args)
                 .ConfigureWebHostDefaults(webBuilder =>
                 {
                     webBuilder.UseStartup<Startup>().UseUrls(url);
                 });
         }
     

     Node.js

     const app = require('./app.js');
     const PORT = parseInt(process.env.PORT) || 8080;
     
     app.listen(PORT, () =>
       console.log(`nodejs-events-storage listening on port ${PORT}`)
     );

     Python

     import os
     
     from cloudevents.http import from_http
     
     from flask import Flask, request
     
     app = Flask(__name__)
     if __name__ == "__main__":
         app.run(debug=True, host="0.0.0.0", port=int(os.environ.get("PORT", 8080)))

   • 用于定义服务的运营环境 Dockerfile。Dockerfile 的内容因语言而异。

     Go

     
     # Use the offical golang image to create a binary.
     # This is based on Debian and sets the GOPATH to /go.
     # https://hub.docker.com/_/golang
     FROM golang:1.21-bookworm as builder
     
     # Create and change to the app directory.
     WORKDIR /app
     
     # Retrieve application dependencies.
     # This allows the container build to reuse cached dependencies.
     # Expecting to copy go.mod and if present go.sum.
     COPY go.* ./
     RUN go mod download
     
     # Copy local code to the container image.
     COPY . ./
     
     # Build the binary.
     RUN go build -v -o server
     
     # Use the official Debian slim image for a lean production container.
     # https://hub.docker.com/_/debian
     # https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds
     FROM debian:bookworm-slim
     RUN set -x && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
         ca-certificates && \
         rm -rf /var/lib/apt/lists/*
     
     # Copy the binary to the production image from the builder stage.
     COPY --from=builder /app/server /server
     
     # Run the web service on container startup.
     CMD ["/server"]
     

     Java

     
     # Use the official maven image to create a build artifact.
     # https://hub.docker.com/_/maven
     FROM maven:3-eclipse-temurin-17-alpine as builder
     
     # Copy local code to the container image.
     WORKDIR /app
     COPY pom.xml .
     COPY src ./src
     
     # Build a release artifact.
     RUN mvn package -DskipTests
     
     # Use Eclipse Temurin for base image.
     # https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds
     FROM eclipse-temurin:17.0.10_7-jre-alpine
     
     # Copy the jar to the production image from the builder stage.
     COPY --from=builder /app/target/audit-storage-*.jar /audit-storage.jar
     
     # Run the web service on container startup.
     CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/audit-storage.jar"]
     

     .NET

     
     # Use Microsoft's official build .NET image.
     # https://hub.docker.com/_/microsoft-dotnet-core-sdk/
     FROM mcr.microsoft.com/dotnet/core/sdk:3.1-alpine AS build
     WORKDIR /app
     
     # Install production dependencies.
     # Copy csproj and restore as distinct layers.
     COPY *.csproj ./
     RUN dotnet restore
     
     # Copy local code to the container image.
     COPY . ./
     WORKDIR /app
     
     # Build a release artifact.
     RUN dotnet publish -c Release -o out
     
     # Use Microsoft's official runtime .NET image.
     # https://hub.docker.com/_/microsoft-dotnet-core-aspnet/
     FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-alpine AS runtime
     WORKDIR /app
     COPY --from=build /app/out ./
     
     # Run the web service on container startup.
     ENTRYPOINT ["dotnet", "AuditStorage.dll"]

     Node.js

     
     # Use the official lightweight Node.js image.
     # https://hub.docker.com/_/node
     FROM node:20-slim
     # Create and change to the app directory.
     WORKDIR /usr/src/app
     
     # Copy application dependency manifests to the container image.
     # A wildcard is used to ensure both package.json AND package-lock.json are copied.
     # Copying this separately prevents re-running npm install on every code change.
     COPY package*.json ./
     
     # Install dependencies.
     # if you need a deterministic and repeatable build create a
     # package-lock.json file and use npm ci:
     # RUN npm ci --omit=dev
     # if you need to include development dependencies during development
     # of your application, use:
     # RUN npm install --dev
     
     RUN npm install --omit=dev
     
     # Copy local code to the container image.
     COPY . .
     
     # Run the web service on container startup.
     CMD [ "npm", "start" ]
     

     Python

     
     # Use the official Python image.
     # https://hub.docker.com/_/python
     FROM python:3.11-slim
     
     # Allow statements and log messages to immediately appear in the Cloud Run logs
     ENV PYTHONUNBUFFERED True
     
     # Copy application dependency manifests to the container image.
     # Copying this separately prevents re-running pip install on every code change.
     COPY requirements.txt ./
     
     # Install production dependencies.
     RUN pip install -r requirements.txt
     
     # Copy local code to the container image.
     ENV APP_HOME /app
     WORKDIR $APP_HOME
     COPY . ./
     
     # Run the web service on container startup.
     # Use gunicorn webserver with one worker process and 8 threads.
     # For environments with multiple CPU cores, increase the number of workers
     # to be equal to the cores available.
     CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 --timeout 0 main:app

3. 使用 Cloud Build 构建容器映像并将映像上传到 Artifact Registry：

   export PROJECT_ID=$(gcloud config get-value project)
   export SERVICE_NAME=troubleshoot-service
   gcloud builds submit --tag $REGION-docker.pkg.dev/${PROJECT_ID}/REPOSITORY/${SERVICE_NAME}:v1

4. 将容器映像部署到 Cloud Run：

   gcloud run deploy ${SERVICE_NAME} \
       --image $REGION-docker.pkg.dev/${PROJECT_ID}/REPOSITORY/${SERVICE_NAME}:v1 \
       --allow-unauthenticated

   部署成功后，命令行会显示服务网址。

创建触发器

部署 Cloud Run 服务后，设置触发器以通过审核日志监听来自 Cloud Storage 的事件。

1. 创建 Eventarc 触发器以监听使用 Cloud Audit Logs 路由的 Cloud Storage 事件：

   gcloud eventarc triggers create troubleshoot-trigger \
       --destination-run-service=troubleshoot-service \
       --event-filters="type=google.cloud.audit.log.v1.written" \
       --event-filters="serviceName=storage.googleapis.com" \
       --event-filters="methodName=storage.objects.create" \
       --service-account=${PROJECT_NUMBER}-compute@developer.gserviceaccount.com
   

   这将创建一个名为 troubleshoot-trigger 的触发器。

2. 要确认 troubleshoot-trigger 已创建，请运行以下命令：

   gcloud eventarc triggers list
   

   输出应类似如下所示：

   NAME: troubleshoot-trigger
   TYPE: google.cloud.audit.log.v1.written
   DESTINATION: Cloud Run service: troubleshoot-service
   ACTIVE: By 20:03:37
   LOCATION: us-central1
   

生成并查看事件

确认您已成功部署服务，并且可以接收来自 Cloud Storage 的事件。

1. 创建一个文件并上传到 BUCKET1 存储桶：

    echo "Hello World" > random.txt
    gsutil cp random.txt gs://${BUCKET1}/random.txt
   

2. 监控日志以检查服务是否已收到事件。如需查看日志条目，请完成以下步骤：

   1. 过滤日志条目并以 JSON 格式返回输出：

      gcloud logging read "resource.labels.service_name=troubleshoot-service \
          AND textPayload:random.txt" \
          --format=json

   2. 查找类似如下的日志条目：

      "textPayload": "Detected change in Cloud Storage bucket: ..."
      

请注意，系统最初不会返回任何日志条目。这表示设置存在问题，您必须调查。

调查问题

完成调查服务未收到事件的原因的过程。

初始化时间

虽然触发器会立即创建，但触发器最多可能需要两分钟来传播和过滤事件。运行以下命令以确认触发器处于活跃状态：

gcloud eventarc triggers list

输出会指示触发器的状态。在以下示例中，troubleshoot-trigger 将在 14:16:56 之前变为活跃状态：

NAME                  TYPE                               DESTINATION_RUN_SERVICE  ACTIVE
troubleshoot-trigger  google.cloud.audit.log.v1.written  troubleshoot-service     By 14:16:56

触发器处于活跃状态后，再次将文件上传到存储桶。事件会写入 Cloud Run 服务日志。如果服务未收到事件，可能与事件的大小有关。

审核日志

在本教程中，Cloud Storage 事件使用 Cloud Audit Logs 进行路由并发送到 Cloud Run。确认已为 Cloud Storage 启用审核日志。

1. 在 Google Cloud 控制台中，进入审核日志页面。

   转到审核日志

2. 选中 Google Cloud Storage 复选框。
3. 确保已选择管理员读取、数据读取和数据写入日志类型。

启用 Cloud Audit Logs 后，再次将文件上传到存储桶并检查日志。如果服务仍未收到事件，这可能与触发器位置有关。

触发器位置

不同位置可能有多个资源，您必须过滤来自与 Cloud Run 目标位于同一区域的来源的事件。如需了解详情，请参阅 Eventarc 支持的位置和了解 Eventarc 位置。

在本教程中，您将 Cloud Run 服务部署到了 us-central1。由于您将 eventarc/location 设置为 us-central1，因此还在同一位置创建了触发器。

但是，您在 us-east1 和 us-west1 位置创建了两个 Cloud Storage 存储桶。如需从这些位置接收事件，您必须在这些位置创建 Eventarc 触发器。

创建位于 us-east1 的 Eventarc 触发器：

1. 确认现有触发器的位置：

   gcloud eventarc triggers describe troubleshoot-trigger
   

2. 将位置和区域设置为 us-east1：

   gcloud config set eventarc/location us-east1
   gcloud config set run/region us-east1
   

3. 通过构建容器映像并将其部署到 Cloud Run，再次部署事件接收器。

4. 创建位于 us-east1 的新触发器：

   gcloud eventarc triggers create troubleshoot-trigger-new \
     --destination-run-service=troubleshoot-service \
     --event-filters="type=google.cloud.audit.log.v1.written" \
     --event-filters="serviceName=storage.googleapis.com" \
     --event-filters="methodName=storage.objects.create" \
     --service-account=${PROJECT_NUMBER}-compute@developer.gserviceaccount.com
   

5. 确认触发器已创建：

   gcloud eventarc triggers list
   

   触发器最多可能需要两分钟来完成初始化，然后才能开始路由事件。

6. 如需确认触发器现已正确部署，请生成并查看事件。

您可能会遇到的其他问题

使用 Eventarc 时可能会遇到其他问题。

事件大小

您发送的事件不得超过事件大小的限制。

之前可传送事件的触发器停止工作

1. 验证来源正在生成事件。检查 Cloud Audit Logs 并确保受监控服务正在发出日志。如果记录了日志，但事件未被传送，请与支持团队联系。

2. 验证存在与触发器同名的 Pub/Sub 主题。 Eventarc 使用 Pub/Sub 作为其传输层，并且使用现有的 Pub/Sub 主题，或者自动为您创建主题并进行管理。

   1. 如需列出触发器，请参阅 gcloud eventarc triggers list。

   2. 如需列出 Pub/Sub 主题，请运行以下命令：

      gcloud pubsub topics list
      

   3. 验证 Pub/Sub 主题名称是否包含已创建的触发器的名称。例如：

      name: projects/PROJECT_ID/topics/eventarc-us-east1-troubleshoot-trigger-new-123

   如果缺少 Pub/Sub 主题，请再次为特定提供商、事件类型和 Cloud Run 目标位置创建触发器。

3. 验证是否已为服务配置触发器。

   1. 在 Google Cloud 控制台中，进入服务页面。

      进入 Service

   2. 点击服务的名称以打开其服务详情页面。

   3. 点击触发器标签页。

      系统应该会列出与服务关联的 Eventarc 触发器。

4. 使用 Pub/Sub 指标类型验证 Pub/Sub 主题和订阅的健康状况。

   • 您可以使用 subscription/dead_letter_message_count 指标监控转发的无法传送的消息。此指标显示 Pub/Sub 从订阅转发的无法传送的消息数量。

     如果消息未发布到主题，请检查 Cloud Audit Logs 并确保受监控服务正在发出日志。如果记录了日志，但事件未被传送，请与支持团队联系。

   • 您可以使用 subscription/push_request_count 指标监控推送订阅，并按 response_code 和 subcription_id 对指标进行分组。

     如果报告了推送错误，请检查 Cloud Run 服务日志。如果接收端点返回不正常状态代码，则表示 Cloud Run 代码未按预期工作，您必须与支持团队联系。

   如需了解详情，请参阅创建指标阈值提醒政策。