Hi all
I try to run Cloud deploy on existing project where also run cloud build and I have the error
targetRenders:
qsdev:
failureCause: CLOUD_BUILD_UNAVAILABLE
renderingState: FAILED
I try to use this article https://cloud.google.com/deploy/docs/deploy-app-gke?hl=en_US
when I try to run a build on a new empty project everything works as expected.
I understand that the problem is with the permissions but can’t find where exactly.
I use this help https://cloud.google.com/deploy/docs/cloud-deploy-service-account#required_permissions
what could be the problem?
As shown in the FailureCause documentation, this error is caused by insufficient permissions.
- CLOUD_BUILD_UNAVAILABLE
- Cloud Build is not available, either because it is not enabled or because Google Cloud Deploy has insufficient permissions. See Required permission.
In the required permission documentation, it shows some troubleshoot steps to follow in order to ensure that the correct permissions are set:
- The service account used for rendering configurations must have sufficient permissions to access the Cloud Storage bucket where your Google Cloud Deploy resources are stored (delivery pipelines, releases, rollouts).
The roleroles/clouddeploy.jobRunner
includes all permissions the render service account (privatePool
ordefaultPool
) needs.- The service account used for deploying must have sufficient permissions to deploy to the target cluster, and permission to access the Cloud Storage bucket.
Note: If you use a custom Cloud Storage bucket, you can put it anywhere. (It doesn't need to be in the same region, for example, as the delivery pipeline.)- The service account that calls Google Cloud Deploy to create a release must have the
clouddeploy.releaser role
. It must also have theiam.serviceAccount.actAs
permission to use the service account that renders manifests (for example through theroles/iam.serviceAccountUser
role).- The service account that calls Google Cloud Deploy to promote a release or create a rollout must have the
iam.serviceAccount.actAs
permission to use the service account that deploys to targets.