How to "create" a new Cloud Run service (not deploying a container to an existing one)

Question

I have this cloudbuild.yaml

  - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    entrypoint: gcloud
    args:
      - 'alpha'
      - 'run'
      - 'deploy'
      - 'backend'
      - '--image=eu.gcr.io/$PROJECT_ID/backend:$BUILD_ID'
      - '--concurrency=10'
      - '--cpu=1'
      - '--memory=512Mi'
      - '--region=europe-west4'
      - '--min-instances=1'
      - '--max-instances=2'
      - '--platform=managed'
      - '--port=8080'
      - '--timeout=3000'
      - '--ingress=internal'
      - '--vpc-connector=cloud-run'
      - '--vpc-egress=private-ranges-only'
      - '--set-cloudsql-instances=foo:europe-west4:bar'

It works fine if I beforehand created a service via the Cloud Run Console (Web UI). But what I want is to initially create a service with name xy if it does not exist already.

Because otherwhise my CI Pipeline shows this error:

Step #2: ERROR: (gcloud.alpha.run.deploy) PERMISSION_DENIED: Permission 'run.services.get' denied on resource 'namespaces/***/services/backend' (or resource may not exist).

Which is correct. services/backend does not exist. But I want to create it if it does not exist and simply update it's container image in the future. I read through the whole gcloud API documentation regarding run but could not find anything. It seems that it's been left out on purpose?

Answer 1

I am getting above error when i remove cloud run admin permission in the cloudbuild IAM but when i add the Cloud Run admin role to the cloudbuild IAM it was able to create a new Cloud Run service and if service exists it was able to deploy new image to that Cloud Run service.

Also,try removing 'alpha' in the .yaml file.