Open JorgeSivil opened 3 years ago
For whoever is having this problem, follow this guide:
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
You need to create a service account, bind it to the deployment (https://stackoverflow.com/questions/44505461/how-to-configure-a-non-default-serviceaccount-on-a-deployment) and assign the service account the role "Logging Admin"
Probably this should be added to the guide.
Environment details
Steps to reproduce
Code example
According to the docs in the readme, everything should work flawlessly. However it doesn't. And there's no further details on troubleshooting. I spent two or three days searching for solutions, and couldn't find one. In particular, there's no GOOGLE_CLOUD_PROJECT environment variable set in my containers. I set those parameters manually nevertheless, but I get the permission denied message.
It looks that, at least for Kubernetes, Cloud Logging does not work out of the box using the API from within GKE.
I added roles to the default service account however nothing changed:
I tried sending the errors to stderr which is supposedly the norm. My text line would get recognized as jsonPayload however Cloud Logging will ignore everything inside like '@type' and 'logName' for example. So in the end it doesn't work as one would thing it should, and errors are not sent to Error Reporting automatically due to this.
I had to come back to Cloud Logging API and tried re reading everything but didn't help. I'm so frustrated with documentation saying everywhere that things work out of the box but then they don't. I don't know what to do.