diff --git a/scripts/gke/deployment_manager_configs/cluster.jinja b/scripts/gke/deployment_manager_configs/cluster.jinja
index 6cb4b3c6a15..32b9324aece 100644
--- a/scripts/gke/deployment_manager_configs/cluster.jinja
+++ b/scripts/gke/deployment_manager_configs/cluster.jinja
@@ -177,6 +177,10 @@ resources:
           members:
             {# Deployment manager uses cloudservices account. #}
             - {{ 'serviceAccount:' + env['project_number'] + '@cloudservices.gserviceaccount.com' }}
+        {# Grant permissions needed to submit builds to Google Cloud Container Builder #}
+        - role: roles/cloudbuild.builds.editor
+          members:
+            - {{ 'serviceAccount:' + KF_USER_NAME + '@' + env['project'] + '.iam.gserviceaccount.com' }}
 
         {# Grant permissions needed to push the app to a cloud repository. #}
         - role: roles/source.admin
@@ -253,6 +257,11 @@ resources:
     policy: $(ref.get-iam-policy-delete)
     gcpIamPolicyPatch:
         remove:
+        {# Grant permissions needed to submit builds to Google Cloud Container Builder #}
+        - role: roles/cloudbuild.builds.editor
+          members:
+            - {{ 'serviceAccount:' + KF_USER_NAME + '@' + env['project'] + '.iam.gserviceaccount.com' }}
+
         {# Grant permissions needed to push the app to a cloud repository. #}
         - role: roles/source.admin
           members: