How to "create" a new Cloud Run service (not deploying a container to an existing one)

0
votes

I have this cloudbuild.yaml

  - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    entrypoint: gcloud
    args:
      - 'alpha'
      - 'run'
      - 'deploy'
      - 'backend'
      - '--image=eu.gcr.io/$PROJECT_ID/backend:$BUILD_ID'
      - '--concurrency=10'
      - '--cpu=1'
      - '--memory=512Mi'
      - '--region=europe-west4'
      - '--min-instances=1'
      - '--max-instances=2'
      - '--platform=managed'
      - '--port=8080'
      - '--timeout=3000'
      - '--ingress=internal'
      - '--vpc-connector=cloud-run'
      - '--vpc-egress=private-ranges-only'
      - '--set-cloudsql-instances=foo:europe-west4:bar'

It works fine if I beforehand created a service via the Cloud Run Console (Web UI). But what I want is to initially create a service with name xy if it does not exist already.

Because otherwhise my CI Pipeline shows this error:

Step #2: ERROR: (gcloud.alpha.run.deploy) PERMISSION_DENIED: Permission 'run.services.get' denied on resource 'namespaces/***/services/backend' (or resource may not exist).

Which is correct. services/backend does not exist. But I want to create it if it does not exist and simply update it's container image in the future. I read through the whole gcloud API documentation regarding run but could not find anything. It seems that it's been left out on purpose?

1
google-cloud-run
Hi @xetra11 I was able to build successfully with the cloudbuild.yaml file you have provided. did you add cloud run admin permission role to the cloud build account ? If not please add and rerun the cloud build. - Sri
@Sri the deployment does work with that .yaml file but only if the service has been created once manually via the GCP Console UI - xetra11
I am getting above error when i remove cloud run admin permission in the cloudbuild IAM but when i add cloud run admin role to the cloudbuild IAM it was able to create new cloud run service and if service exists it was able to deploy new image to that cloud run service and try removing 'alpha' in the .yaml file. - Sri
@Sri comment is the right one. You have permission to create a service, and others to create a revision in an existing service. Sri, post this comment as answer, it's a good point! - guillaume blaquiere

1 Answers

1
votes

I am getting above error when i remove cloud run admin permission in the cloudbuild IAM but when i add the Cloud Run admin role to the cloudbuild IAM it was able to create a new Cloud Run service and if service exists it was able to deploy new image to that Cloud Run service.

Also,try removing 'alpha' in the .yaml file.