Python 使用 gevent monkey patching 时 Workload Identity 停止工作

我有一个应用程序，其中包括一个FlaskAPI服务器和一个工作器来处理来自PubSub的消息.在Kubernetes中，它们作为单独的容器运行在不同的pod 上.

我已经迁移到使用工作负载标识，以前我会挂载服务帐户的密钥文件并设置GOOGLE_APPLICATION_CREDENTIALS.但是，在使用工作负载标识时，对PubSub的调用会抛出一个错误.

一个关键因素似乎是从gevent升至monkey.patch_all().

以下是使用工作负载标识在容器上运行时的可重现示例:

from gevent import monkey
monkey.patch_all()

from google.cloud import pubsub_v1
client = pubsub_v1.SubscriberClient()
resp = client.pull(request={"subscription": "projects/abc/subscriptions/xyz", "max_messages": 1, "return_immediately": True})

这将导致:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/venv/lib/python3.8/site-packages/google/cloud/pubsub_v1/_gapic.py", line 40, in <lambda>
    fx = lambda self, *a, **kw: wrapped_fx(self.api, *a, **kw)  # noqa
  File "/opt/venv/lib/python3.8/site-packages/google/pubsub_v1/services/subscriber/client.py", line 1131, in pull
    response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
  File "/opt/venv/lib/python3.8/site-packages/google/api_core/gapic_v1/method.py", line 154, in __call__
    return wrapped_func(*args, **kwargs)
  File "/opt/venv/lib/python3.8/site-packages/google/api_core/retry.py", line 283, in retry_wrapped_func
    return retry_target(
  File "/opt/venv/lib/python3.8/site-packages/google/api_core/retry.py", line 190, in retry_target
    return target()
  File "/opt/venv/lib/python3.8/site-packages/google/api_core/grpc_helpers.py", line 72, in error_remapped_callable
    return callable_(*args, **kwargs)
  File "/opt/venv/lib/python3.8/site-packages/grpc/_channel.py", line 944, in __call__
    state, call, = self._blocking(request, timeout, metadata, credentials,
  File "/opt/venv/lib/python3.8/site-packages/grpc/_channel.py", line 933, in _blocking
    event = call.next_event()
  File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 338, in grpc._cython.cygrpc.SegregatedCall.next_event
  File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 169, in grpc._cython.cygrpc._next_call_event
  File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 163, in grpc._cython.cygrpc._next_call_event
  File "src/python/grpcio/grpc/_cython/_cygrpc/completion_queue.pyx.pxi", line 63, in grpc._cython.cygrpc._latent_event
  File "src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi", line 62, in grpc._cython.cygrpc._get_metadata
RuntimeError: cannot exit context: thread state references a different context object

您知道为什么在使用工作负载标识而不是密钥文件时，gevent中的monkey.patch_all()会 destruct 这一点吗？另外，我怎么才能解决这个问题而又能保留monkey.patch_all()美元呢？