Eventarc and GKE Services : How does it work?
When it comes to building modern applications in the cloud, the choice of tools is crucial.
There are several popular options, such as Pub/Sub — Eventarc -Cloud Run — cloud functions, all of which offer advanced features for managing microservices. However, there is an alternative that many developers are still unaware of: Eventarc and GKE.
This unique combination of Google Cloud services can offer a powerful alternative to using Eventarc with Cloud Run. In this article, we’ll explore why Eventarc and GKE may be a wise choice for developers looking to create modern, high-availability and scalable cloud architectures.
Together, we’ll look at how to create a trigger via the Google cloud Eventarc service by trapping object creation in cloud storage via Audit logs, then transfer the event directly to a ClusterIP-like service in a GKE cluster.
If you need to manage a large workload, for example, using GKE can be a good solution.
What is Eventarc ?
Eventarc is a fully managed event management service from Google Cloud, designed to work with environments such as Google Kubernetes Engine (GKE). It offers a simple interface for reliably creating, processing and routing events, using triggers to activate functions in response to these events.
Eventarc is integrated with several GCP services ( cloud run , kubernetes , cloud functions, workflows), enabling developers to easily build event workflows for their applications, without having to manage the underlying infrastructure.
Eventarc also supports the CloudEvents format, enabling Eventarc-generated events to be consumed by other services and platforms, even outside the GCP ecosystem.
Eventarc and kubernetes
This architecture example enables you to trigger calls to your various services based on events via Audit logs, and in our example we filter on the event storage.objects.create.
All you need is for your various APIs to be able to consume and process Cloudevents-type events.
What are Audit Logs
By enabling Cloud Audit Logs for the Cloud Storage API, you’ll have a detailed log of all operations performed on buckets, making it easier to accurately detect the various actions performed on different Buckets.
In our case, this will enable us to detect the creation or reading of objects, for example.
GKE services and Eventarc
We’re going to focus on Eventarc’s ability to publish our event to a ClusterIP-type service in our GKE cluster.
It’s sometimes useful to run a process in GKE, for example, if your processes consume a lot of resources, or if you want to have more control over your workloads than with Cloud Run.
To do this, we’re going to use Eventarc’s ability to trigger an event based on Google Cloud audit logs, and create an Eventarc trigger with my kubernetes service as the destination.
With this in mind, we’d like to call the event-test service when an object is created in a cloud storage bucket and send it the event.
Below you’ll find an example of how to configure my kubernetes service to send storage.objects.create events.
GKE services and Eventarc : Behind the scene
In order to deploy a trigger to GKE, you’ll need to activate Workload identity within your cluster.
From a technical point of view, when you create a trigger via Eventarc, Eventarc will create a Pub/Sub topic where all events corresponding to the trigger configuration will be returned.
Google will deploy within your GKE cluster a deployment named event-forwarder in a dedicated namespace that will continuously listen to the events present in the Pub/Sub topic and transfer them to your Kubernetes service.
Google will automatically configure workload identity between your Google service account provided during trigger creation and the Kubernetes service account created for its operation.
Conclusion
This architecture is very simple and is intended to show you an alternative that may be useful in certain cases.
