How to push images to GCR from Drone inside GKE?

I’m trying to build and push images to GCR using plugins/gcr. Created GCP service account with Storage Admin role, createad a json key for it, and saved the key via Drone UI, and then referred to it in the .drone.yml step, but no luck:

+ /usr/local/bin/docker tag b8bcda0a2f37a9d77dd2efea8ecc25c02810ddef eu.gcr.io/myproject/myimage:latest
+ /usr/local/bin/docker push eu.gcr.io/myproject/myimage:latest
The push refers to repository [eu.gcr.io/myproject/myimage]
03901b4a2ea8: Preparing
denied: Token exchange failed for project 'myproject. Caller does not have permission 'storage.buckets.get'. To configure permissions, follow instructions at: https://cloud.google.com/container-registry/docs/access-control

Here’s the publish-step from .drone.yml:

- name: publish
  image: plugins/gcr
  settings:
    repo: eu.gcr.io/myproject/myimage
    registry: eu.gcr.io
    tags: 
    - latest
    json_key:
      from_secret: service-account-key-name
  when:
    event: push
    branch: master

Any ideas?

It turns out the issue was not related to Drone but GCP. I had created multiple service accounts with same name but different roles, and it appears that GCP does some kind of caching which prevents overwriting previously created and deleted service accounts with different roles. Found the answer from here: https://stackoverflow.com/a/51879340/692785

So, the solution was to create a new service account with different name.