Describe the bug
Documentation for adk deploy gke missing Workload Identity IAM role binding. Need to add
gcloud projects add-iam-policy-binding projects/${GOOGLE_CLOUD_PROJECT} \
--role=roles/aiplatform.user \
--member=principal://iam.googleapis.com/projects/${GOOGLE_CLOUD_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${GOOGLE_CLOUD_PROJECT}.svc.id.goog/subject/ns/default/sa/default \
--condition=None
to the documentation
To Reproduce
Steps to reproduce the behavior:
- Run
adk deploy gke
- Follow the instructions for Verifying Your Deployment: https://google.github.io/adk-docs/deploy/gke/#option-2-automated-deployment-using-adk-deploy-gke
- See error:
Error: 403 PERMISSION_DENIED. {'error': {'code': 403, 'message': "Permission 'aiplatform.endpoints.predict' denied on resource '//aiplatform.googleapis.com/projects/.../locations/us-central1/publishers/google/models/gemini-2.5-flash' (or it may not exist).", 'status': 'PERMISSION_DENIED', 'details': [{'@type': 'type.googleapis.com/google.rpc.ErrorInfo', 'reason': 'IAM_PERMISSION_DENIED', 'domain': 'aiplatform.googleapis.com', 'metadata': {'resource': 'projects/.../locations/us-central1/publishers/google/models/gemini-2.5-flash', 'permission': 'aiplatform.endpoints.predict'}}]}}
Expected behavior
Should not see permission denied error.
Screenshots
Versions
- OS: n/a
- ADK version: n/a
- Python version: n/a
Additional context
Add any other context about the problem here.
Describe the bug
Documentation for
adk deploy gkemissing Workload Identity IAM role binding. Need to addto the documentation
To Reproduce
Steps to reproduce the behavior:
adk deploy gkeExpected behavior
Should not see permission denied error.
Screenshots
Versions
Additional context
Add any other context about the problem here.