我有一个应用程序,其中包括一个 Flask API 服务器和一个 worker 来处理来自 PubSub 的消息。它们作为单独的容器在 Kubernetes 中的单独 pod 上运行。
我已经迁移到使用 Workload Identity,之前我会挂载服务帐户的密钥文件并设置
GOOGLE_APPLICATION_CREDENTIALS
。但是,在使用 Workload Identity 时调用 PubSub 会引发错误。
一个关键因素似乎是
monkey.patch_all()
对 gevent
的呼叫。
以下是使用 Workload Identity 在容器上运行时的可重现示例:
from gevent import monkey
monkey.patch_all()
from google.cloud import pubsub_v1
client = pubsub_v1.SubscriberClient()
resp = client.pull(request={"subscription": "projects/abc/subscriptions/xyz", "max_messages": 1, "return_immediately": True})
结果是:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/venv/lib/python3.8/site-packages/google/cloud/pubsub_v1/_gapic.py", line 40, in <lambda>
fx = lambda self, *a, **kw: wrapped_fx(self.api, *a, **kw) # noqa
File "/opt/venv/lib/python3.8/site-packages/google/pubsub_v1/services/subscriber/client.py", line 1131, in pull
response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
File "/opt/venv/lib/python3.8/site-packages/google/api_core/gapic_v1/method.py", line 154, in __call__
return wrapped_func(*args, **kwargs)
File "/opt/venv/lib/python3.8/site-packages/google/api_core/retry.py", line 283, in retry_wrapped_func
return retry_target(
File "/opt/venv/lib/python3.8/site-packages/google/api_core/retry.py", line 190, in retry_target
return target()
File "/opt/venv/lib/python3.8/site-packages/google/api_core/grpc_helpers.py", line 72, in error_remapped_callable
return callable_(*args, **kwargs)
File "/opt/venv/lib/python3.8/site-packages/grpc/_channel.py", line 944, in __call__
state, call, = self._blocking(request, timeout, metadata, credentials,
File "/opt/venv/lib/python3.8/site-packages/grpc/_channel.py", line 933, in _blocking
event = call.next_event()
File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 338, in grpc._cython.cygrpc.SegregatedCall.next_event
File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 169, in grpc._cython.cygrpc._next_call_event
File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 163, in grpc._cython.cygrpc._next_call_event
File "src/python/grpcio/grpc/_cython/_cygrpc/completion_queue.pyx.pxi", line 63, in grpc._cython.cygrpc._latent_event
File "src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi", line 62, in grpc._cython.cygrpc._get_metadata
RuntimeError: cannot exit context: thread state references a different context object
知道为什么
monkey.patch_all()
中的 gevent
在使用 Workload Identity 而不是密钥文件时会破坏这个吗?另外我怎么能解决这个问题但保留monkey.patch_all()
?