diff --git a/infra/gcp/ensure-staging-storage.sh b/infra/gcp/ensure-staging-storage.sh
index 022e2814638..0045a154c3c 100755
--- a/infra/gcp/ensure-staging-storage.sh
+++ b/infra/gcp/ensure-staging-storage.sh
@@ -189,6 +189,9 @@ function ensure_staging_gcs_bucket() {
 
     color 6 "Ensuring ${writers} can write to ${bucket} in project: ${project}"
     empower_group_to_write_gcs_bucket "${writers}" "${bucket}"
+
+    # Ensure logging is turned on
+    ensure_gcs_bucket_logging "${bucket}"
 }
 
 # Ensure a GCR repo is provisioned in the given staging project, with
@@ -205,6 +208,7 @@ function ensure_staging_gcr_repo() {
     fi
     local project="${1}"
     local writers="${2}"
+    local gcr_bucket="gs://artifacts.${1}.appspot.com"
 
     color 6 "Ensuring a GCR repo exists for project: ${project}"
     ensure_gcr_repo "${project}"
@@ -214,6 +218,9 @@ function ensure_staging_gcr_repo() {
 
     color 6 "Ensuring GCR admins can admin GCR for project: ${project}"
     empower_gcr_admins "${project}"
+    
+    color 6 "Ensuring logging on ${gcr_bucket} for GCR project: ${project}"
+    ensure_gcs_bucket_logging "${gcr_bucket}"
 }
 
 # Ensure GCB is setup for the given staging project, by ensuring the
diff --git a/infra/gcp/lib.sh b/infra/gcp/lib.sh
index d8818540354..de15cf0c6cb 100644
--- a/infra/gcp/lib.sh
+++ b/infra/gcp/lib.sh
@@ -52,6 +52,9 @@ trap 'cleanup_tmpdir' EXIT
 # Useful organization-wide constants
 #
 
+# Set up logs bucket
+export K8S_INFRA_GCSLOGS_BUCKET="gs://k8s-infra-artifacts-gcslogs"
+
 # The GCP org stuff needed to turn it all on.
 readonly GCP_ORG="758905017065" # kubernetes.io
 readonly GCP_BILLING="018801-93540E-22A20E"
diff --git a/infra/gcp/lib_gcs.sh b/infra/gcp/lib_gcs.sh
index e48317bc64e..f41752d409c 100644
--- a/infra/gcp/lib_gcs.sh
+++ b/infra/gcp/lib_gcs.sh
@@ -56,6 +56,28 @@ function ensure_public_gcs_bucket() {
     ensure_gcs_role_binding "${bucket}" "allUsers" "objectViewer"
 }
 
+# Set up logging
+# $1: The GCS bucket (e.g. gs://k8s-infra-foo)
+function ensure_gcs_bucket_logging() {
+    if [ $# != 1 ] || [ -z "$1" ]; then
+        echo "ensure_gcs_bucket_logging(bucket) requires 1 argument" >&2
+        return 1
+    fi
+    local bucket="$1"
+
+    local intent="${TMPDIR}/gcs-bucket-logging.intent.yaml"
+    local before="${TMPDIR}/gcs-bucket-logging.before.yaml"
+    local after="${TMPDIR}/gcs-bucket-logging.after.yaml"
+
+    echo "{\"logBucket\": \"${K8S_INFRA_GCSLOGS_BUCKET}\", \"logObjectPrefix\": \"$bucket\"}" > "${intent}"
+    gsutil logging get "${bucket}"> "${before}"
+    if ! diff "${intent}" "${before}"; then
+        gsutil logging set on -b "${K8S_INFRA_GCSLOGS_BUCKET}" -o "${bucket#gs://}" "${bucket}"
+        gsutil logging get on -b "${K8S_INFRA_GCSLOGS_BUCKET}" -o "${bucket#gs://}" "${bucket}" > "${after}"
+        diff_colorized "${before}" "${after}"
+    fi
+}
+
 # Ensure the bucket exists and is NOT world-accessible
 # $1: The GCP project
 # $2: The bucket (e.g. gs://bucket-name)