In order to deploy via Cloud Build located in project MANAGEMENT to CloudRun located in project STAGING,PROD you will need:
-
In project MANAGEMENT, get email of account for
[email protected]
-
In project STAGING and PROD add this account as princial into IAM and add Roles:
IAM Role Name IAM Role Permission Cloud Run Admin roles/run.admin
Service Account User roles/iam.serviceAccountUser
In order to CloudRun located in project STAGING and PROD to PULL docker images from Artifact Registry located in project MANAGEMENT you will need:
- In project STAGING and PROD get email of account
[email protected]
- In project MANAGEMENT in permissions of Artifact Registry Repository, add princial from Step-1 with the following role:
- Artifact Registry Reader -
roles/artifactregistry.reader
- Artifact Registry Reader -
In order to CloudBuild located in project MANAGEMENT to PUSH docker images to Artifact Registry located in project MANAGEMENT you will need:
- In project MANAGEMENT get email of account
[email protected]
- In project MANAGEMENT in permissions of Artifact Registry Repository, add princial from Step-1 with the following role:
- Artifact Registry Writer -
roles/artifactregistry.writer
- Artifact Registry Writer -