I’m trying to push my Docker images to GCP Artifact Registry and eventually deploy to GKE. Authenticating is going successfully, however, the ‘get credentials’ step keeps giving me this error:
Error: google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s) for "projects/***/locations/***/clusters/***".
I have given my IAM user the following roles:
- Container Analysis Admin
- Editor
- Kubernetes Engine Admin
- Kubernetes Engine Cluster Admin
- Kubernetes Engine Cluster Viewer
- Kubernetes Engine Developer
- Storage Admin
My GitHub workflow yaml file:
name: Deploy to GKE
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Google Cloud CLI and SDK
uses: google-github-actions/[email protected]
with:
service_account_key: ${{ secrets.GCP_SA_KEY }}
project_id: ${{ secrets.GCP_PROJECT }}
- name: Configure Docker
run: |
gcloud --quiet auth configure-docker
- name: Authenticate to GCP
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Get credentials
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: ${{ secrets.GKE_CLUSTER }}
location: ${{ secrets.GKE_ZONE }}
- name: Build and push Docker images
run: |
docker build -t ${{ secrets.GKE_ZONE }}-docker.pkg.dev/${{secrets.GCP_PROJECT}}/reponame/apigateway:latest ./ApiGateway
docker build -t ${{ secrets.GKE_ZONE }}-docker.pkg.dev/${{secrets.GCP_PROJECT}}/reponame/likeservice:latest ./LikeService
and so on...
name: Apply Kubernetes manifests
run: |
kubectl apply -f K8S/mongo-config.yaml
kubectl apply -f K8S/mongo-secret.yaml
kubectl apply -f K8S/mongo-pv-storage.yaml
and so on...
The GitHub Secrets have been added to the repository.
How can this issue be solved?