Currently I'm deploying a CI/CD pipeline for a staging enviroment. The problem is, when it comes to execute the trigger and build the last version pushed to the "watched branch", Cloud Build gives me the following error (right after the Docker images were successfully built):
Uploading tarball of [.] to [gs://5ab97cc8958b4855a3ca3ad7b7366eae_clouddeploy/source/1676901197.104051-8c8d678cc4994b5ba0dcc1ffbe30e4a4.tgz]
- '@type': type.googleapis.com/google.rpc.ErrorInfo
domain: clouddeploy.googleapis.com
metadata:
serviceAccount: my-account@my-project.iam.gserviceaccount.com
reason: ACTAS_PERMISSION_DENIED
Googling the message error, I thought the problem was in the service account's permissions, i.e., one of its roles should have the iam.serviceAccounts.actAs permission. Then I granted to the account the Cloud Deploy Service Agent, which has it; but it didn't worked. I even tried using an account with several Admin roles (such as Cloud Deploy Admin and Service Account Admin), but didn't worked as well. I also tried by removing the serviceAccount parameter from clouddeploy.yaml.
Is there some step I missed?
* Here's the current Cloud Deploy file:
apiVersion: deploy.cloud.google.com/v1
kind: DeliveryPipeline
metadata:
name: staging-pipeline
description: main application pipeline
serialPipeline:
stages:
- targetId: staging
---
# Staging cluster
apiVersion: deploy.cloud.google.com/v1
kind: Target
metadata:
name: staging
description: staging cluster
gke:
cluster: projects/$PROJECT_ID/locations/us-central1-c/clusters/staging-cluster
executionConfigs:
- defaultPool:
serviceAccount: my-account@my-project.iam.gserviceaccount.com
usages:
- RENDER
- DEPLOY
LinkedIn
Twitter
