I am following the GCP Quickstart Deploy an app in a container image to a GKE cluster, and I’m at the cloud build step, executing this command:
gcloud builds submit --tag us-central1-docker.pkg.dev/PROJECT_ID/hello-repo/helloworld-gke .
I have put my real project id in.
After some trial and error, i.e. getting one permissions error, adding the permission, and trying again, the build and push seems to go fine. The gcloud output shows this:
Pushing us-central1-docker.pkg.dev/gke-dotnet-api-1/hello-repo/helloworld-gke
But the gcloud output goes on to say:
INFO: The service account running this build [ACCOUNT_ID redacted] does not have permission to write logs to Cloud Logging. To fix this, grant the Logs Writer (roles/logging.logWriter) role to the service account.
I had this problem earlier and added the Logs Writer, Logs Viewer, and Logs View Accessor roles to the account:
What do I have to do to get cloud build to recognize the Log Writer role I have granted?
2 Likes
Confirming this shows up in the Cloud Build UI as well and appeared recently without any changes to my IAM:
The service account running this build projects/PROJECT_ID/serviceAccounts/NAME@PROJECT_ID.iam.gserviceaccount.com does not have permission to write logs to Cloud Logging. To fix this, grant the Logs Writer (roles/logging.logWriter) role to the service account.
My service account has the right role setup, and I can see that build logs are indeed being written to Cloud Logging despite this message.
1 Like
@bradykelly this is no longer happening for my builds. Google must have fixed.
@bradykelly I am experiencing this same issue inside a github actions workflow. the workflow successfully builds the container image and uploads to Artifact Registry, but because the gcloud command fails due to a logging permissions error and my CD pipeline breaks even though presumeably everything should be good to go for deploying the container service. Even with several logging related permissions set, same error! Did this just resolve for you on its own? it obviously has not been fixed at the root source by Google if I’m having same issue now..
