我有一个应用程序,其中包括一个FlaskAPI服务器和一个工作器来处理来自PubSub的消息.在Kubernetes中,它们作为单独的容器运行在不同的pod 上.
我已经迁移到使用工作负载标识,以前我会挂载服务帐户的密钥文件并设置GOOGLE_APPLICATION_CREDENTIALS
.但是,在使用工作负载标识时,对PubSub的调用会抛出一个错误.
一个关键因素似乎是从gevent
升至monkey.patch_all()
.
以下是使用工作负载标识在容器上运行时的可重现示例:
from gevent import monkey
monkey.patch_all()
from google.cloud import pubsub_v1
client = pubsub_v1.SubscriberClient()
resp = client.pull(request={"subscription": "projects/abc/subscriptions/xyz", "max_messages": 1, "return_immediately": True})
这将导致:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/venv/lib/python3.8/site-packages/google/cloud/pubsub_v1/_gapic.py", line 40, in <lambda>
fx = lambda self, *a, **kw: wrapped_fx(self.api, *a, **kw) # noqa
File "/opt/venv/lib/python3.8/site-packages/google/pubsub_v1/services/subscriber/client.py", line 1131, in pull
response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
File "/opt/venv/lib/python3.8/site-packages/google/api_core/gapic_v1/method.py", line 154, in __call__
return wrapped_func(*args, **kwargs)
File "/opt/venv/lib/python3.8/site-packages/google/api_core/retry.py", line 283, in retry_wrapped_func
return retry_target(
File "/opt/venv/lib/python3.8/site-packages/google/api_core/retry.py", line 190, in retry_target
return target()
File "/opt/venv/lib/python3.8/site-packages/google/api_core/grpc_helpers.py", line 72, in error_remapped_callable
return callable_(*args, **kwargs)
File "/opt/venv/lib/python3.8/site-packages/grpc/_channel.py", line 944, in __call__
state, call, = self._blocking(request, timeout, metadata, credentials,
File "/opt/venv/lib/python3.8/site-packages/grpc/_channel.py", line 933, in _blocking
event = call.next_event()
File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 338, in grpc._cython.cygrpc.SegregatedCall.next_event
File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 169, in grpc._cython.cygrpc._next_call_event
File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 163, in grpc._cython.cygrpc._next_call_event
File "src/python/grpcio/grpc/_cython/_cygrpc/completion_queue.pyx.pxi", line 63, in grpc._cython.cygrpc._latent_event
File "src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi", line 62, in grpc._cython.cygrpc._get_metadata
RuntimeError: cannot exit context: thread state references a different context object
您知道为什么在使用工作负载标识而不是密钥文件时,gevent
中的monkey.patch_all()
会 destruct 这一点吗?另外,我怎么才能解决这个问题而又能保留monkey.patch_all()
美元呢?