通过Terraform创建GCP Pubsub

1 简介

Terraform是管理许多平台的基础设施的工具，如AWS、GCP和Azure。这篇文章将讲解如何通过Terraform来管理GCP Pub/Sub。

创建GCP项目请参考：初始化一个GCP项目并用gcloud访问操作

2 Terraform创建Pub/Sub

2.1 下载Terraform插件

我们需要安装GCP的Terraform插件来管理GCP资源：

# 设置插件目录 $ export TERRAFORM_PLUGIN=/Users/larry/Software/terraform/plugins # 创建目录 $ mkdir -p ${TERRAFORM_PLUGIN}/registry.terraform.io/hashicorp/google/4.0.0/darwin_amd64 $ cd ${TERRAFORM_PLUGIN}/registry.terraform.io/hashicorp/google/4.0.0/darwin_amd64 # 下载 $ wget https://releases.hashicorp.com/terraform-provider-google/4.0.0/terraform-provider-google_4.0.0_darwin_amd64.zip # 解压 $ unzip terraform-provider-google_4.0.0_darwin_amd64.zip 

2.2 准备Terraform代码

需要提供Terraform代码理管理Pub/Sub，更多细节请参考： Terrafrom GCP.

版本文件version.tf:

terraform {   required_version = "= 1.0.11"   required_providers {      google = {       source  = "hashicorp/google"       version = "= 4.0.0"     }   } } 

主文件main.tf:

provider "google" {   project     = "pkslow" }  resource "google_pubsub_topic" "pkslow-poc" {   name = "pkslow-poc" }  resource "google_pubsub_subscription" "pkslow-poc" {   name  = "pkslow-poc"   topic = google_pubsub_topic.pkslow-poc.name    labels = {     foo = "bar"   }    # 20 minutes   message_retention_duration = "1200s"   retain_acked_messages      = true    ack_deadline_seconds = 20    expiration_policy {     ttl = "300000.5s"   }   retry_policy {     minimum_backoff = "10s"   }    enable_message_ordering    = true } 

2.3 初始化和变更

指定插件目录初始化：

$ terraform init -plugin-dir=${TERRAFORM_PLUGIN} 

使变更生效，就会在GCP上创建对应的资源：

$ terraform apply -auto-approve 

如果没有发生错误，则意味着创建成功，我们检查一下：

$ gcloud pubsub topics list --- name: projects/pkslow/topics/pkslow-poc  $ gcloud pubsub subscriptions list --- ackDeadlineSeconds: 20 enableMessageOrdering: true expirationPolicy:   ttl: 300000.500s labels:   foo: bar messageRetentionDuration: 1200s name: projects/pkslow/subscriptions/pkslow-poc pushConfig: {} retainAckedMessages: true retryPolicy:   maximumBackoff: 600s   minimumBackoff: 10s topic: projects/pkslow/topics/pkslow-poc 

注意：我们并没有提供任何密码或密钥，那Terraform怎么可以直接操作我的GCP资源呢？因为它会根据环境变量GOOGLE_APPLICATION_CREDENTIALS来获取。

3 发送和接收消息

我们通过gcloud来发送消息到Pub/Sub上：

$ gcloud pubsub topics publish pkslow-poc --message="www.pkslow.com" messageIds: - '3491736520339885'  $ gcloud pubsub topics publish pkslow-poc --message="Larry Deng" messageIds: - '3491738650256958'  $ gcloud pubsub topics publish pkslow-poc --message="Hi, pkslower" messageIds: - '3491739306095970' 

从Pub/Sub拉取消息：

$ gcloud pubsub subscriptions pull pkslow-poc --auto-ack 

我们还能在GCP界面上监控对应的队列，十分方便：

4 代码

代码在 GitHub上： https://github.com/LarryDpk/pkslow-samples