Receive events using Pub/Sub messages (gcloud CLI)
This quickstart shows you how to deploy an unauthenticated Cloud Run service that receives events using Pub/Sub.
In this quickstart, you:
Deploy an event receiver service to Cloud Run.
Create an Eventarc trigger.
Publish a message to a Pub/Sub topic to generate an event, and view it in the Cloud Run logs.
Before you begin
Security constraints defined by your organization might prevent you from completing the following steps. For troubleshooting information, see Develop applications in a constrained Google Cloud environment.
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Run, Cloud Logging, Pub/Sub, and Eventarc APIs:
gcloud services enable run.googleapis.com
logging.googleapis.com pubsub.googleapis.com eventarc.googleapis.com - Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
Create or select a Google Cloud project.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Run, Cloud Logging, Pub/Sub, and Eventarc APIs:
gcloud services enable run.googleapis.com
logging.googleapis.com pubsub.googleapis.com eventarc.googleapis.com - Update Google Cloud CLI components:
gcloud components update
- Sign in using your account:
gcloud auth login
- Set the configuration variables used in this quickstart:
gcloud config set run/region us-central1 gcloud config set run/platform managed gcloud config set eventarc/location us-central1
-
If you are the project creator, you are granted the basic Owner role (
roles/owner
). By default, this Identity and Access Management (IAM) role includes the permissions necessary for full access to most Google Cloud resources and you can skip this step.If you are not the project creator, required permissions must be granted on the project to the appropriate principal. For example, a principal can be a Google Account (for end users) or a service account (for applications and compute workloads). For more information, see the Roles and permissions page for your event destination.
Required permissions
To get the permissions that you need to complete this quickstart, ask your administrator to grant you the following IAM roles on your project:
-
Cloud Run Admin (
roles/run.admin
) -
Eventarc Admin (
roles/eventarc.admin
) -
Logs View Accessor (
roles/logging.viewAccessor
) -
Project IAM Admin (
roles/resourcemanager.projectIamAdmin
) -
Pub/Sub Publisher (
roles/pubsub.publisher
) -
Service Account Admin (
roles/iam.serviceAccountAdmin
) -
Service Account User (
roles/iam.serviceAccountUser
) -
Service Usage Admin (
roles/serviceusage.serviceUsageAdmin
)
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
-
Cloud Run Admin (
- If you enabled the Cloud Pub/Sub service agent on or before April
8, 2021, to support authenticated Pub/Sub push requests, grant
the Service
Account Token Creator role (
roles/iam.serviceAccountTokenCreator
) to the service agent. Otherwise, this role is granted by default:gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:service-PROJECT_NUMBER@gcp-sa-pubsub.iam.gserviceaccount.com \ --role=roles/iam.serviceAccountTokenCreator
Replace PROJECT_NUMBER
with your Google Cloud
project number. You can find your project number on the
Welcome
page of the Google Cloud console or by running the following command:
gcloud projects describe PROJECT_ID --format='value(projectNumber)'
Deploy an event receiver to Cloud Run
Deploy a Cloud Run service that will receive and log events using
a prebuilt image, us-docker.pkg.dev/cloudrun/container/hello
:
gcloud run deploy helloworld-events-pubsub-quickstart \
--image=us-docker.pkg.dev/cloudrun/container/hello \
--allow-unauthenticated
When you see the service URL, the deployment is complete.
Create an Eventarc trigger
The event trigger sends messages to the event receiver service deployed on Cloud Run when a message is published to the Pub/Sub topic.
Create a trigger to listen for Pub/Sub messages:
New Pub/Sub topic
gcloud eventarc triggers create events-pubsub-trigger \ --destination-run-service=helloworld-events-pubsub-quickstart \ --destination-run-region=us-central1 \ --event-filters="type=google.cloud.pubsub.topic.v1.messagePublished"
This creates a new Pub/Sub topic and a trigger for it called
events-pubsub-trigger
.Existing Pub/Sub topic
gcloud eventarc triggers create events-pubsub-trigger \ --destination-run-service=helloworld-events-pubsub-quickstart \ --destination-run-region=us-central1 \ --event-filters="type=google.cloud.pubsub.topic.v1.messagePublished" \ --transport-topic=projects/PROJECT_ID/topics/TOPIC_ID
Replace the following:
PROJECT_ID
: your Google Cloud project IDTOPIC_ID
: the ID of the existing Pub/Sub topic
This creates a trigger called
events-pubsub-trigger
for the existing Pub/Sub topic.Note that when creating an Eventarc trigger for the first time in a Google Cloud project, there might be a delay in provisioning the Eventarc service agent. This issue can usually be resolved by attempting to create the trigger again. For more information, see Permission denied errors.
Confirm that the trigger was successfully created:
gcloud eventarc triggers list --location=us-central1
The
events-pubsub-trigger
is listed with a destination that is the Cloud Run service,helloworld-events-pubsub-quickstart
.
Generate and view a Pub/Sub topic event
You can generate an Eventarc event by publishing a message to a Pub/Sub topic.
Find and set the Pub/Sub topic as an environment variable:
export RUN_TOPIC=$(gcloud eventarc triggers describe events-pubsub-trigger \ --format='value(transport.pubsub.topic)')
Publish a message to the Pub/Sub topic to generate an event:
gcloud pubsub topics publish $RUN_TOPIC --message "Hello World!"
The event is routed to the Cloud Run service, which logs the event message.
To view the event-related log entries created by your service, run the following command:
gcloud logging read 'jsonPayload.message: "Received event of type google.cloud.pubsub.topic.v1.messagePublished"'
Look for a log entry similar to:
jsonPayload: ... message: 'Received event of type google.cloud.pubsub.topic.v1.messagePublished. Event data: Hello World!'
Congratulations! You have successfully deployed an event receiver service to Cloud Run, created an Eventarc trigger, generated an event from Pub/Sub, and viewed it in the Cloud Run logs.
Clean up
When you finish the tasks that are described in this document, you can avoid continued billing by deleting the resources that you created.
You can:
-
This also deletes the associated Pub/Sub topic.
Alternatively, you can delete your Google Cloud project to avoid incurring charges. Deleting your Google Cloud project stops billing for all the resources used within that project.
Delete a Google Cloud project:
gcloud projects delete PROJECT_ID
If you plan to explore multiple tutorials and quickstarts, reusing projects can help you avoid exceeding project quota limits.