TechQA.

How to setup StorageNotification on GKE with Config Connector

834 views Asked by At

I'm using the Config Connector example for the StorageNotification but I keep getting the following error (take from kubectl describe)

storagenotification-controller Update call failed: error applying desired state: project: required field is not set

I have followed the Setting Config Connector's default namespace but no joy. The StorageNotification API spec doesn't have a field for "project". I thought it just had to be in the right namespace?

All the other resources seem to setup OK. Just the notification is not working. Here is my complete yaml

# Bucket Starts the chain of events
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
  labels:
    app: something-processing
  name: example-something
  namespace: ${GCP_PROJECT_ID}
---
# Pub/Sub topic that bucket events will publish to
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubTopic
metadata:
  name: my-pubsub-topic  
  labels:
    app: something-processing
  namespace: ${GCP_PROJECT_ID}
---
# Publisher IAM permissions
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
  name: my-pubsub-topic-iam
  namespace: ${GCP_PROJECT_ID}
  labels:
    app: something-processing
spec:
  resourceRef:
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    name: my-pubsub-topic
  bindings:
    - role: roles/pubsub.publisher
      members:
        - serviceAccount:service-${GCP_PROJECT_ID}@gs-project-accounts.iam.gserviceaccount.com  
---
# Trigger that connects the bucket to the pubsub topic
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageNotification
metadata:
  name: storage-notification
  namespace: ${GCP_PROJECT_ID}
  project: ${GCP_PROJECT_ID}
  labels:
    app: something-processing
spec:
  bucketRef:
    name: something
  payloadFormat: JSON_API_V1
  topicRef:
    name: my-pubsub-topic
  eventTypes:
    - "OBJECT_FINALIZE"
---
# subscription that gets events from the topic and PUSHes them 
# to the K8s Ingress endpoint
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSubscription
metadata:
  name: pubsub-subscription-topic
  namespace: ${GCP_PROJECT_ID}
  labels:
    app: something-processing
spec:
  pushConfig:
    # This should match the Ingress path
    pushEndpoint: https://example.zone/some-ingress-end-point/
  topicRef:
    name: my-pubsub-topic

Note: I'm using envsubt to replace the ${GCP_PROJECT_ID} with the project ID ;)

kubernetes google-cloud-platform google-kubernetes-engine gcp-config-connector
Original Q&A
1

There are 1 answers

1
Eric Bratter On

I was having the same issue and managed to resolve it by changing the topicRef.name to topicRef.external with the fully qualified topic name as expected in the REST API. My installation of the config connector was done following the Workload Identity scenario described in the documentation.

---
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageNotification
metadata:
  name: storage-notification
spec:
  bucketRef:
    name: ${BUCKET}
  payloadFormat: JSON_API_V1
  topicRef:
    external: "//pubsub.googleapis.com/projects/${PROJECT_ID}/topics/${TOPIC}"
  eventType:
    - "OBJECT_FINALIZE"

Related Questions in KUBERNETES

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-KUBERNETES-ENGINE

Related Questions in GCP-CONFIG-CONNECTOR

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions