You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/deploy/gke.md
+13-4Lines changed: 13 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -315,15 +315,24 @@ Before you begin, ensure you have the following set up:
315
315
316
316
1.**A running GKE cluster:** You need an active Kubernetes cluster on Google Cloud.
317
317
318
-
2.**`gcloud` CLI:** The Google Cloud CLI must be installed, authenticated, and configured to use your target project. Run `gcloud auth login` and `gcloud config set project [YOUR_PROJECT_ID]`.
318
+
2.**Required CLIs:**
319
+
***`gcloud` CLI:** The Google Cloud CLI must be installed, authenticated, and configured to use your target project. Run `gcloud auth login` and `gcloud config set project [YOUR_PROJECT_ID]`.
320
+
***kubectl:** The Kubernetes CLI must be installed to deploy the application to your cluster.
319
321
320
-
3.**Required IAM Permissions:** The user or service account running the command needs, at a minimum, the following roles:
322
+
3.**Enabled Google Cloud APIs:** Make sure the following APIs are enabled in your Google Cloud project:
323
+
* Kubernetes Engine API (`container.googleapis.com`)
324
+
* Cloud Build API (`cloudbuild.googleapis.com`)
325
+
* Container Registry API (`containerregistry.googleapis.com`)
326
+
327
+
4.**Required IAM Permissions:** The user or Compute Engine default service account running the command needs, at a minimum, the following roles:
321
328
322
329
***Kubernetes Engine Developer** (`roles/container.developer`): To interact with the GKE cluster.
323
330
324
-
***Artifact Registry Writer** (`roles/artifactregistry.writer`): To push the agent's container image.
331
+
***Storage Object Viewer** (`roles/storage.objectViewer`): To allow Cloud Build to download the source code from the Cloud Storage bucket where gcloud builds submit uploads it.
332
+
333
+
***Artifact Registry Create on Push Writer** (`roles/artifactregistry.createOnPushWriter`): To allow Cloud Build to push the built container image to Artifact Registry. This role also permits the on-the-fly creation of the special gcr.io repository within Artifact Registry if needed on the first push.
325
334
326
-
4.**Docker:** The Docker daemon must be running on your local machine to build the container image.
335
+
***Logs Writer** (`roles/logging.logWriter`): To allow Cloud Build to write build logs to Cloud Logging.
0 commit comments