I'm getting a permission error when trying to deploy an image to cloud run:
gcloud beta run deploy endpoints_proxy \
--image="gcr.io/endpoints-release/endpoints-runtime-serverless:1.30.0" \
--allow-unauthenticated
This is the error:
ERROR: (gcloud.beta.run.deploy) User [email-goes-here] does not have permission to access namespace [project-id-goes-here] (or it may not exist): Cloud Run does not have permission to get access tokens for the default compute service account, [email protected]. Please give Google Cloud Run Service Agent the permission iam.serviceAccounts.getAccessToken on the default compute service account.
My account has owner and editor permissions, I even tried attaching the Cloud Run Service Agent role.
I also tried adding these roles to the "default compute service account" listed in the error, didn't work.
In the Google Cloud console, go to the Manage resources page. Select all the resources for which you want to grant permissions. If the info panel is not visible, click Show info panel. Then, click Permissions.
The error message is very misleading, the error occurs because the Cloud Run Service Agent was missing.
After creating the following service account:
Name: service-<account-id>@serverless-robot-prod.iam.gserviceaccount.com
Role: Google Cloud Run Service Agent
The problem got solved. Looks like Cloud Run needs this service account to work, so don't ever delete it :)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With