This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

failureCause: CLOUD_BUILD_UNAVAILABLE

Posted on 10-12-2022 01:48 AM
vovabuh
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi all
I try to run Cloud deploy on existing project where also run cloud build and I have the error

 

targetRenders:
  qsdev:
    failureCause: CLOUD_BUILD_UNAVAILABLE
    renderingState: FAILED

 

I try to use this article https://cloud.google.com/deploy/docs/deploy-app-gke?hl=en_US 
when I try to run a build on a new empty project everything works as expected.
I understand that the problem is with the permissions but can’t find where exactly.
I use this help https://cloud.google.com/deploy/docs/cloud-deploy-service-account#required_permissions
what could be the problem?

0 1 128
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
cristianrm
Staff
Reply posted on --/--/---- --:-- AM

As shown in the FailureCause documentation, this error is caused by insufficient permissions.

CLOUD_BUILD_UNAVAILABLE
Cloud Build is not available, either because it is not enabled or because Google Cloud Deploy has insufficient permissions. See Required permission.

In the required permission documentation, it shows some troubleshoot steps to follow in order to ensure that the correct permissions are set:

  • The service account used for rendering configurations must have sufficient permissions to access the Cloud Storage bucket where your Google Cloud Deploy resources are stored (delivery pipelines, releases, rollouts).
    The role roles/clouddeploy.jobRunner includes all permissions the render service account (privatePool or defaultPool) needs.
  • The service account used for deploying must have sufficient permissions to deploy to the target cluster, and permission to access the Cloud Storage bucket.
    Note: If you use a custom Cloud Storage bucket, you can put it anywhere. (It doesn't need to be in the same region, for example, as the delivery pipeline.)
  • The service account that calls Google Cloud Deploy to create a release must have the clouddeploy.releaser role. It must also have the iam.serviceAccount.actAs permission to use the service account that renders manifests (for example through the roles/iam.serviceAccountUser role).
  • The service account that calls Google Cloud Deploy to promote a release or create a rollout must have the iam.serviceAccount.actAs permission to use the service account that deploys to targets.
0 Likes
Top Solution Authors
View all