Skip to content

docs: updated prereqs documentation for Agent deployment on GKE #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: updated prereqs documentation for Agent deployment on GKE #512

wants to merge 1 commit into from

Conversation

vicentefb
Copy link
Contributor

  • Based on this comment, updated prereqs section for agent deployment on GKE documentation

@vicentefb vicentefb mentioned this pull request Jul 15, 2025
Merged
eliaslevy
eliaslevy reviewed Jul 16, 2025
View reviewed changes
docs/deploy/gke.md Outdated
* **Artifact Registry Writer** (`roles/artifactregistry.writer`): To push the agent's container image.
* **Cloud Build Editor** (`roles/cloudbuild.builds.editor`): To interact with CloudBuild.

* The Cloud Build service account (which looks like `[PROJECT_NUMBER]@cloudbuild.gserviceaccount.com`) must have the Storage Admin (`roles/storage.admin`) role to push the built container image to Google Container Registry.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GCR is deprecated. Artifact Registry is what everyone should be using now.

Copy link
Contributor Author

@vicentefb vicentefb Jul 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, i've tested the adk command in a new project with bare minimum permissions and this is the list of the needed ones:

  • roles/artifactregistry.createOnPushWriter: To push the built container image to Artifact Registry AND to automatically create the gcr.io repository within Artifact Registry the very first time an image is pushed to a gcr.io path in the project

  • roles/logging.logWriter: To allow the Cloud Build job to send its logs to Cloud Logging. (NOTE: this doesn't necessarily stop the adk command from running successfully but it will show an INFO message about not having permission to write logs to CloudLogging)

  • roles/storage.objectViewer: To allow the Cloud Build job to read the source code bundle that gcloud builds submit uploads to the project's Cloud Storage bucket

@eliaslevy
Copy link

To ensure the instructions are correct, please exercise the steps from scratch in a new GCB project.

@vicentefb vicentefb force-pushed the UpdateGkeAgentDeployPreReqsDocumentation branch from fb21134 to 15b18f1 Compare July 18, 2025 19:13
@vicentefb vicentefb requested review from eliaslevy and moficodes July 18, 2025 19:14
@vicentefb
docs: updated prereqs documentation for Agent deployment on GKE
f920afa 
updated iam permissions

removed coming soon
@vicentefb vicentefb force-pushed the UpdateGkeAgentDeployPreReqsDocumentation branch from e1abea3 to f920afa Compare July 21, 2025 21:22
@vicentefb
Copy link
Contributor Author

vicentefb commented Jul 24, 2025
edited
Loading

ping @moficodes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moficodes moficodes Awaiting requested review from moficodes

1 more reviewer

@eliaslevy eliaslevy eliaslevy approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vicentefb @eliaslevy @moficodes