Closed russellpwirtz closed 1 year ago
Thanks for reporting @russellpwirtz. I tried to deploy on a new project under no organizatoin and as the owner of the project and it worked for me without adding that role:
gcloud functions deploy $SERVICE_NAME \
--gen2 \
--allow-unauthenticated \
--runtime dotnet3 \
--trigger-http \
--region=$REGION \
--entry-point Filter.Function \
--set-build-env-vars GOOGLE_BUILDABLE=image-v3/filter/csharp
Preparing function...done.
X Deploying function...
[Build] Logs are available at [https://console.cloud.google.com/cloud-build
/builds;region=us-central1/8bc52402-3424-465a-8cb9-9adb2c94b4a1?project=84249
832105]
✓ [Service]
. [ArtifactRegistry]
. [Healthcheck]
. [Triggercheck]
Completed with warnings:
[WARNING] Not deleting folder: /workspace/bin
You can view your function in the Cloud Console here: https://console.cloud.google.com/functions/details/us-central1/filter?project=image-processing-wed
buildConfig:
build: projects/84249832105/locations/us-central1/builds/8bc52402-3424-465a-8cb9-9adb2c94b4a1
entryPoint: Filter.Function
environmentVariables:
GOOGLE_BUILDABLE: image-v3/filter/csharp
runtime: dotnet3
source:
storageSource:
bucket: gcf-v2-sources-84249832105-us-central1
object: filter/function-source.zip
sourceProvenance:
resolvedStorageSource:
bucket: gcf-v2-sources-84249832105-us-central1
generation: '1668599683669204'
object: filter/function-source.zip
environment: GEN_2
labels:
deployment-tool: cli-gcloud
name: projects/image-processing-wed/locations/us-central1/functions/filter
serviceConfig:
allTrafficOnLatestRevision: true
availableMemory: 256M
ingressSettings: ALLOW_ALL
maxInstanceCount: 100
revision: filter-00001-loh
service: projects/image-processing-wed/locations/us-central1/services/filter
serviceAccountEmail: 84249832105-compute@developer.gserviceaccount.com
timeoutSeconds: 60
uri: https://filter-tibqghsvsq-uc.a.run.app
state: ACTIVE
updateTime: '2022-11-16T11:56:35.319285198Z'
Please let me know which might be different in your case?
@meteatamel Ah it's possible my existing setup caused this if you're seeing no issues on a fresh deploy.
Here are the logs FWIW: (base) russ@Russs-MacBook-Pro processing-pipelines % SERVICE_NAME=filter
% gcloud functions deploy $SERVICE_NAME \
--gen2 \
--allow-unauthenticated \
--runtime dotnet3 \
--trigger-http \
--region=$REGION \
--entry-point Filter.Function \
--set-build-env-vars GOOGLE_BUILDABLE=image-v3/filter/csharp
Preparing function...done.
X Deploying function...
. [Build]
✓ [Service]
. [ArtifactRegistry]
. [Healthcheck]
. [Triggercheck]
Failed.
ERROR: (gcloud.functions.deploy) OperationError: code=7, message=Unable to retrieve the repository metadata for projects/eventarc-samples-01/locations/us-central1/repositories/gcf-artifacts. Ensure that the Cloud Functions service account has 'artifactregistry.repositories.list' and 'artifactregistry.repositories.get' permissions. You can add the permissions by granting the role 'roles/artifactregistry.reader'.
% gcloud projects add-iam-policy-binding eventarc-samples-01 \ --member=serviceAccount:[redacted]@cloudbuild.gserviceaccount.com --role=roles/artifactregistry.reader
Updated IAM policy for project [eventarc-samples-01].
% SERVICE_NAME=filter
gcloud functions deploy $SERVICE_NAME \
--gen2 \
--allow-unauthenticated \
--runtime dotnet3 \
--trigger-http \
--region=$REGION \
--entry-point Filter.Function \
--set-build-env-vars GOOGLE_BUILDABLE=image-v3/filter/csharp
Preparing function...done.
X Updating function (may take a while)...
[Build] Logs are available at [https://console.cloud.google.com/cloud-build/builds;region=us-central1/[redacted]
[Service]
. [ArtifactRegistry]
. [Healthcheck]
. [Triggercheck]
Completed with warnings:
[WARNING] Not deleting folder: /workspace/bin
In the
image-v3
sample, the flow looks to be broken because of a missing step to add an IAM role.Prior to the step "Deploy filter service" it looks like a role needs to be added to the service account. This command seemed to fix it for me: