如何验证Google Cloud Endpoints服务URL的所有权? [英] How to verify ownership of Google Cloud Endpoints service URL?
问题描述
我已经设置了Google Cloud Endpoints项目,并且可以调用http/https请求.端点给了我可以使用的MY_API.endpoints.MY_PROJECT.cloud.goog域名.我正在使用具有HTTP/JSON到gRPC转码功能的gRPC Cloud端点.
I already set up Google Cloud Endpoints project and can invoke http/https requests. Endpoints gives me MY_API.endpoints.MY_PROJECT.cloud.goog domain name that I can use. I'm using gRPC Cloud Endpoints with HTTP/JSON to gRPC transcoding feature.
它已部署在Google Kubernetes Engine上(末尾附有部署yaml脚本).
It is deployed on Google Kubernetes Engine (deployment yaml script attached at the end).
当我尝试使用该URL创建推送订阅时,出现下一个错误:
When I'm trying to create push subscription with that URL I getting next error:
提供的HTTP URL未在订阅的父级中注册 项目(url ="https://MY_API.endpoints.MY_PROJECT.cloud.goog/v1/path",project_id ="PROJECT_ID").
"The supplied HTTP URL is not registered in the subscription's parent project (url="https://MY_API.endpoints.MY_PROJECT.cloud.goog/v1/path", project_id="PROJECT_ID").
我的gcloud电话:
My gcloud call:
gcloud pubsub subscriptions create SUB_NAME --topic=projects/MY_PROJECT/topics/MY_TOPIC --push-endpoint="https://MY_API.endpoints.MY_PROJECT.cloud.goog/v1/path"
我尝试使用该DNS名称创建Cloud DNS公共区域并设置相应的记录.但是我仍然无法在Google Search Console中验证所有权.
I tried to create Cloud DNS public zone with that DNS name and set corresponding records. But I still can't verify ownership in Google Search Console.
问题是如何为MY_API.endpoints.MY_PROJECT.cloud.goog域设置DNS TXT记录以验证所有权?或者如何通过其他方式将Pubsub推送订阅与Cloud Endpoints gRPC一起使用?
The question is how can I set DNS TXT record for MY_API.endpoints.MY_PROJECT.cloud.goog domain to verify ownership? Or how to use Pubsub push subscription with Cloud Endpoints gRPC in other way?
如果我能够更改转换为HTTP的gRPC响应的元数据或标头,则可以验证域的所有权.但我怀疑是否有办法.
I could verify ownership of domain if I have ability to change meta or headers of gRPC responses converted to HTTP. But I doubt if there is a way.
我用于部署的Kubernetes脚本(如果有帮助的话).
Kubernetes script I used for deployment (if it would be helpful).
apiVersion: v1
kind: Service
metadata:
name: GKE_SERVICE_NAME
spec:
ports:
# Port that accepts gRPC and JSON/HTTP2 requests over HTTP.
- port: 80
targetPort: 9000
protocol: TCP
name: http2
selector:
app: GKE_SERVICE_NAME
type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: GKE_SERVICE_NAME
spec:
replicas: 1
template:
metadata:
labels:
app: GKE_SERVICE_NAME
spec:
containers:
- name: esp
image: gcr.io/endpoints-release/endpoints-runtime:1
args: [
"--http2_port=9000",
"--service=MY_API.endpoints.MY_PROJECT.cloud.goog",
"--rollout_strategy=managed",
"--backend=grpc://127.0.0.1:50051"
]
ports:
- containerPort: 9000
- name: MY_CONTAINER_NAME
image: gcr.io/MY_PROJECT/IMAGE_NAME:v1
ports:
- containerPort: 50051
推荐答案
最终,您的目标是让Cloud Pub/Sub推送到GKE上的容器中.有几种方法可以做到这一点
Ultimately, your goal is to get Cloud Pub/Sub pushing to your container on GKE. There are a couple ways to do this
- 域名所有权验证,您已经发现:
- 您可以尝试使用DNS进行操作,并且有一个为cloud.goog域配置DNS的指南.
- 您可以尝试使用 OpenAPI格式提供响应JSON.
- 您是否尝试过将Cloud Pub/Sub订阅和cloud.goog域放在同一项目中?在这种情况下,它可能已经被视为经过验证的域.
- Domain ownership validation, as you've discovered:
- You can try to do it with DNS, and there's a guide for configuring DNS for a cloud.goog domain.
- You can try to do it with one of the non-DNS alternatives, which includes methods such as hosting certain kinds of HTML or Javascript snippets from the domain. This can be tricky, though, as I don't know how to make Cloud Endpoints serve static HTML or Javascript content. It serves responses in OpenAPI format, which is essentially JSON.
- Have you tried putting the Cloud Pub/Sub subscription and the cloud.goog domain in the same project? It might already be considered a verified domain in that case.
这篇关于如何验证Google Cloud Endpoints服务URL的所有权?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!