How to verify ownership of Google Cloud Endpoints service URL?

6/4/2019

I already set up Google Cloud Endpoints project and can invoke http/https requests. Endpoints gives me MY_API.endpoints.MY_PROJECT.cloud.goog domain name that I can use. I'm using gRPC Cloud Endpoints with HTTP/JSON to gRPC transcoding feature.

It is deployed on Google Kubernetes Engine (deployment yaml script attached at the end).

When I'm trying to create push subscription with that URL I getting next error:

"The supplied HTTP URL is not registered in the subscription's parent project (url="https://MY_API.endpoints.MY_PROJECT.cloud.goog/v1/path", project_id="PROJECT_ID").

My gcloud call:

gcloud pubsub subscriptions create SUB_NAME --topic=projects/MY_PROJECT/topics/MY_TOPIC --push-endpoint="https://MY_API.endpoints.MY_PROJECT.cloud.goog/v1/path"

I tried to create Cloud DNS public zone with that DNS name and set corresponding records. But I still can't verify ownership in Google Search Console.

The question is how can I set DNS TXT record for MY_API.endpoints.MY_PROJECT.cloud.goog domain to verify ownership? Or how to use Pubsub push subscription with Cloud Endpoints gRPC in other way?

I could verify ownership of domain if I have ability to change meta or headers of gRPC responses converted to HTTP. But I doubt if there is a way.


Kubernetes script I used for deployment (if it would be helpful).

apiVersion: v1
kind: Service
metadata:
  name: GKE_SERVICE_NAME
spec:
  ports:
  # Port that accepts gRPC and JSON/HTTP2 requests over HTTP.
  - port: 80
    targetPort: 9000
    protocol: TCP
    name: http2
  selector:
    app: GKE_SERVICE_NAME
  type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: GKE_SERVICE_NAME
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: GKE_SERVICE_NAME
    spec:
      containers:
      - name: esp
        image: gcr.io/endpoints-release/endpoints-runtime:1
        args: [
          "--http2_port=9000",
          "--service=MY_API.endpoints.MY_PROJECT.cloud.goog",
          "--rollout_strategy=managed",
          "--backend=grpc://127.0.0.1:50051"
        ]
        ports:
          - containerPort: 9000
      - name: MY_CONTAINER_NAME
        image: gcr.io/MY_PROJECT/IMAGE_NAME:v1
        ports:
          - containerPort: 50051
-- Sat
google-cloud-endpoints
google-cloud-platform
google-cloud-pubsub
google-kubernetes-engine
google-search-console

1 Answer

7/10/2019

Ultimately, your goal is to get Cloud Pub/Sub pushing to your container on GKE. There are a couple ways to do this

  • Domain ownership validation, as you've discovered:
    • You can try to do it with DNS, and there's a guide for configuring DNS for a cloud.goog domain.
    • You can try to do it with one of the non-DNS alternatives, which includes methods such as hosting certain kinds of HTML or Javascript snippets from the domain. This can be tricky, though, as I don't know how to make Cloud Endpoints serve static HTML or Javascript content. It serves responses in OpenAPI format, which is essentially JSON.
    • Have you tried putting the Cloud Pub/Sub subscription and the cloud.goog domain in the same project? It might already be considered a verified domain in that case.
  • Since you are already using Google Kubernetes Engine, use either Cloud Run, or Cloud Run on top of Google Kubernetes Engine. There is a difference between Cloud Run and Cloud Run on GKE, but both will run your Kubernetes containers. Push endpoints on Cloud Run don't require domain ownership validation (I'm not sure if this also covers Cloud Run on GKE). You may get other interesting benefits as well, as Cloud Run is essentially designed to address the very use case of serving a push endpoint from a container. For example, it will do autoscaling and monitoring for you.
-- Jason Ganetsky
Source: StackOverflow