Stackdriver Error reporting for Ruby, running on GKE

1/3/2019

Which steps are required to collect errors from a Rails app running on GKE?

I have added the stackdriver gem to my Rails app and I have created a custom role with the errorreporting.errorEvents.create permission. That role is given to the Compute Engine default service account

I interpret the docs that one does not have to do the following setup when running on GKE:

# Add this to config/environments/*.rb
Rails.application.configure do |config|
  # Stackdriver Error Reporting specific parameters
  config.google_cloud.error_reporting.project_id = "YOUR-PROJECT-ID"
  config.google_cloud.error_reporting.keyfile    = "/path/to/service-account.json"
end

I manually created an exception

That gave me valuable information:

irb(main):001:0> Google::Cloud::ErrorReporting.report Exception.new(msg: "from console")
=> nil
irb(main):002:0> {:msg=>"from console"} (Exception)
Google::Cloud::PermissionDeniedError: 7:Stackdriver Error Reporting API has not been used in project NNNNN before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/clouderrorreporting.googleapis.com/overview?project=NNNN then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.

After enabling the API, then I get this error:

irb(main):004:0> {:msg=>"from console"} (Exception)
Google::Cloud::PermissionDeniedError: 7:User not authorized.

So, which permission do I have to give to which user to make this work? :-|

-- martins
google-cloud-stackdriver
google-iam
google-kubernetes-engine
ruby-on-rails
stackdriver

1 Answer

1/3/2019

This seems permission issue, so after installing and configuring google-cloud-ruby.

Then, you need to Enable the Stackdriver Error Reporting API.

Then you need to add the role "roles/errorreporting.writer" to the default compute service account.

gcloud container clusters create example-cluster-name --scopes https://www.googleapis.com/auth/cloud-platform

When you create the cluster you need to add --scope flag for platform see above an example:

-- Alioua
Source: StackOverflow