Google Cloud SDK (gcloud CLI)

August 8, 2021 / Computer & Software /

Installation options

gcloud CLI

gcloud init – initialize or reinitialize gcloud

See: https://cloud.google.com/sdk/docs/initializing

gcloud init

gcloud auth – manage credentials 

gcloud auth login – authorize gcloud to access Google Cloud Platform with Google user credentials

gcloud auth list – lists credentialed accounts

$ gcloud auth list
       Credentialed Accounts
ACTIVE  ACCOUNT
        name1@gmail.com
*       name2@gmail.com

To set the active account, run:
    $ gcloud config set account `ACCOUNT`

gcloud auth activate-service-account – authorize access to Google Cloud Platform with a service account

See: https://cloud.google.com/iam/docs/service-accounts

$ gcloud auth activate-service-account --key-file=/path/to/key-file.json
Activated service account credentials for: [my-project@my-project.iam.gserviceaccount.com]

$ gcloud auth list
       Credentialed Accounts
ACTIVE  ACCOUNT
        name1@gmail.com
        name2@gmail.com
*       my-project@my-project.iam.gserviceaccount.com

Configure

gcloud config – view and edit Cloud SDK properties

gcloud config list – list Cloud SDK properties for the currently active configuration

$ gcloud config list
[core]
account = my-project@my-project.iam.gserviceaccount.com
disable_usage_reporting = True
project = my-project

Your active configuration is: [my-account-my-project]

List all set and unset properties that match the arguments.

$ gcloud config list --all

Upgrade

gcloud components update

Cheat-Sheet

gcloud cheat-sheet – display gcloud cheat sheet

  Getting started
    Get going with the gcloud command-line tool

      ▪ gcloud init: Initialize, authorize, and configure the gcloud tool.
      ▪ gcloud version: Display version and installed components.
      ▪ gcloud components install: Install specific components.
      ▪ gcloud components update: Update your Cloud SDK to the latest
        version.
      ▪ gcloud config set project: Set a default Google Cloud project to work
        on.
      ▪ gcloud info: Display current gcloud tool environment details.


  Help
    Cloud SDK is happy to help

      ▪ gcloud help: Search the gcloud tool reference documents for specific
        terms.
      ▪ gcloud feedback: Provide feedback for the Cloud SDK team.
      ▪ gcloud topic: Supplementary help material for non-command topics like
        accessibility, filtering, and formatting.

  Personalization
    Make the Cloud SDK your own; personalize your configuration with properties

      ▪ gcloud config set: Define a property (like compute/zone) for the
        current configuration.
      ▪ gcloud config get-value: Fetch value of a Cloud SDK property.
      ▪ gcloud config list: Display all the properties for the current
        configuration.
      ▪ gcloud config configurations create: Create a new named
        configuration.
      ▪ gcloud config configurations list: Display a list of all available
        configurations.
      ▪ gcloud config configurations activate: Switch to an existing named
        configuration.

  Credentials
    Grant and revoke authorization to Cloud SDK

      ▪ gcloud auth login: Authorize Google Cloud access for the gcloud tool
        with Google user credentials and set current account as active.
      ▪ gcloud auth activate-service-account: Like gcloud auth login but with
        service account credentials.
      ▪ gcloud auth list: List all credentialed accounts.
      ▪ gcloud auth print-access-token: Display the current account's access
        token.
      ▪ gcloud auth revoke: Remove access credentials for an account.

  Projects
    Manage project access policies

      ▪ gcloud projects describe: Display metadata for a project (including
        its ID).
      ▪ gcloud projects add-iam-policy-binding: Add an IAM policy binding to
        a specified project.

  Identity & Access Management
    Configuring Cloud Identity & Access Management (IAM) preferences and
    service accounts

      ▪ gcloud iam list-grantable-roles: List IAM grantable roles for a
        resource.
      ▪ gcloud iam roles create: Create a custom role for a project or org.
      ▪ gcloud iam service-accounts create: Create a service account for a
        project.
      ▪ gcloud iam service-accounts add-iam-policy-binding: Add an IAM policy
        binding to a service account.
      ▪ gcloud iam service-accounts set-iam-policy: Replace existing IAM
        policy binding.
      ▪ gcloud iam service-accounts keys list: List a service account's keys.

  Docker & Google Kubernetes Engine (GKE)
    Manage containerized applications on Kubernetes

      ▪ gcloud auth configure-docker: Register the gcloud tool as a Docker
        credential helper.
      ▪ gcloud container clusters create: Create a cluster to run GKE
        containers.
      ▪ gcloud container clusters list: List clusters for running GKE
        containers.
      ▪ gcloud container clusters get-credentials: Update kubeconfig to get
        kubectl to use a GKE cluster.
      ▪ gcloud container images list-tags: List tag and digest metadata for a
        container image.

  Virtual Machines & Compute Engine
    Create, run, and manage VMs on Google infrastructure

      ▪ gcloud compute zones list: List Compute Engine zones.
      ▪ gcloud compute instances describe: Display a VM instance's details.
      ▪ gcloud compute instances list: List all VM instances in a project.
      ▪ gcloud compute disks snapshot: Create snapshot of persistent disks.
      ▪ gcloud compute snapshots describe: Display a snapshot's details.
      ▪ gcloud compute snapshots delete: Delete a snapshot.
      ▪ gcloud compute ssh: Connect to a VM instance by using SSH.

  Serverless & App Engine
    Build highly scalable applications on a fully managed serverless platform

      ▪ gcloud app deploy: Deploy your app's code and configuration to the
        App Engine server.
      ▪ gcloud app versions list: List all versions of all services deployed
        to the App Engine server.
      ▪ gcloud app browse: Open the current app in a web browser.
      ▪ gcloud app create: Create an App Engine app within your current
        project.
      ▪ gcloud app logs read: Display the latest App Engine app logs.

  Miscellaneous
    Commands that might come in handy

      ▪ gcloud kms decrypt: Decrypt ciphertext (to a plaintext file) using a
        Cloud Key Management Service (Cloud KMS) key.
      ▪ gcloud logging logs list: List your project's logs.
      ▪ gcloud sql backups describe: Display info about a Cloud SQL instance
        backup.
      ▪ gcloud sql export sql: Export data from a Cloud SQL instance to a SQL
        file.

EXAMPLES
    To view this cheat sheet, run:

        $ gcloud cheat-sheet

GCLOUD WIDE FLAGS
    These flags are available to all commands: --account, --billing-project,
    --configuration, --flags-file, --flatten, --format, --help,
    --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

Creating Service Account

  • Create Credentials
    • Select “Service Account” and create a service account

And add key to Service Account

$ gcloud auth activate-service-account --key-file=/path/to/key-file.json
Activated service account credentials for: [my-project@my-project.iam.gserviceaccount.com]

$ gcloud auth list
       Credentialed Accounts
ACTIVE  ACCOUNT
        name1@gmail.com
        name2@gmail.com
*       my-project@my-project.iam.gserviceaccount.com

Leave a Comment

Your email address will not be published. Required fields are marked *