Workload Identity 在使用 gevent monkey patching 时停止工作

问题描述 投票:0回答:0

我有一个应用程序,其中包括一个 Flask API 服务器和一个 worker 来处理来自 PubSub 的消息。它们作为单独的容器在 Kubernetes 中的单独 pod 上运行。

我已经迁移到使用 Workload Identity,之前我会挂载服务帐户的密钥文件并设置 

GOOGLE_APPLICATION_CREDENTIALS
。但是,在使用 Workload Identity 时调用 PubSub 会引发错误。

一个关键因素似乎是 

monkey.patch_all()
gevent
的呼叫。

以下是使用 Workload Identity 在容器上运行时的可重现示例:

from gevent import monkey
monkey.patch_all()

from google.cloud import pubsub_v1
client = pubsub_v1.SubscriberClient()
resp = client.pull(request={"subscription": "projects/abc/subscriptions/xyz", "max_messages": 1, "return_immediately": True})

结果是:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/venv/lib/python3.8/site-packages/google/cloud/pubsub_v1/_gapic.py", line 40, in <lambda>
    fx = lambda self, *a, **kw: wrapped_fx(self.api, *a, **kw)  # noqa
  File "/opt/venv/lib/python3.8/site-packages/google/pubsub_v1/services/subscriber/client.py", line 1131, in pull
    response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
  File "/opt/venv/lib/python3.8/site-packages/google/api_core/gapic_v1/method.py", line 154, in __call__
    return wrapped_func(*args, **kwargs)
  File "/opt/venv/lib/python3.8/site-packages/google/api_core/retry.py", line 283, in retry_wrapped_func
    return retry_target(
  File "/opt/venv/lib/python3.8/site-packages/google/api_core/retry.py", line 190, in retry_target
    return target()
  File "/opt/venv/lib/python3.8/site-packages/google/api_core/grpc_helpers.py", line 72, in error_remapped_callable
    return callable_(*args, **kwargs)
  File "/opt/venv/lib/python3.8/site-packages/grpc/_channel.py", line 944, in __call__
    state, call, = self._blocking(request, timeout, metadata, credentials,
  File "/opt/venv/lib/python3.8/site-packages/grpc/_channel.py", line 933, in _blocking
    event = call.next_event()
  File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 338, in grpc._cython.cygrpc.SegregatedCall.next_event
  File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 169, in grpc._cython.cygrpc._next_call_event
  File "src/python/grpcio/grpc/_cython/_cygrpc/channel.pyx.pxi", line 163, in grpc._cython.cygrpc._next_call_event
  File "src/python/grpcio/grpc/_cython/_cygrpc/completion_queue.pyx.pxi", line 63, in grpc._cython.cygrpc._latent_event
  File "src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi", line 62, in grpc._cython.cygrpc._get_metadata
RuntimeError: cannot exit context: thread state references a different context object

知道为什么 

monkey.patch_all()
中的 
gevent
在使用 Workload Identity 而不是密钥文件时会破坏这个吗?另外我怎么能解决这个问题但保留
monkey.patch_all()

python google-cloud-platform google-cloud-pubsub gevent workload-identity
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.