Below is the log output when doing the deployment to the cluster from the cloud build.
I understood it was a issue with authentication since I tried my deployment, and generated it before in the cluster itself (thanks to the CKAD course).
Since I have not set up the gloud console, I could not simply run the below command, and the same line appear in the course video: “Deploy and validate our application on GKE”.
Applying deployment.
Getting access to cluster "gcp-devops-training" in "europe-north1-a".
> You may need to grant permission to access to the cluster:
gcloud projects add-iam-policy-binding glowing-box-401614 --member=serviceAccount:[email protected] --role=roles/container.developer
Error: failed to apply deployment: failed to get access to cluster: failed to authorize access: command to get cluster credentials failed: Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission(s) for "projects/glowing-box-401614/zones/europe-north1-a/clusters/gcp-devops-training".
exit status 1
So was unsure if it was needed but then i stumble on this thread:
If your cloud build agent faced the permission issue while deploying the new version to the Cloud Run service, go to the IAM dashboard, look for @cloudbuild.gserviceaccount.com (auto-generated by GCP), and grant appropriate permission.
In the end, I have solved the issue and learnt a bit more. But would be nice to have an extra video about it, to be sure that we follow the “least privilege principle”