There are many ways you can install Google Cloud CLI / SDK on Ubuntu today will look at how this can be doe using the Apt-get tool, this is also one of the easiest ways to install it. If you are using Google Cloud VM Instance the Google Cloud SDK is already installed by default.
Add the Cloud SDK distribution URI as a package source:
$ echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
$ sudo apt-get install apt-transport-https ca-certificates gnupg
Import the Google Cloud public key:
$ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
Update and install the Cloud SDK:
sudo apt-get update && sudo apt-get install google-cloud-sdk
This will only install the
Configuring Access to a GCP Project
Now after installing the Cloud SDK next step is to configure it’s credentials to that we can access / modify cloud resources within projects.
Personal account & gcloud init: gcloud init is an interactive way to configure the access. It will generate a link that you can copy paste into browser and it will ask you to login, after login a verification code will be generated.
Paste the verification that you get after successful google login, then it will ask for some google project related info like which project to use and default region.
After the gcloud init is finished you can run the following to verify which account project is being used.
$ gcloud auth list $ gcloud config list
Now you are authenticated you can run gcloud commands on the project.
Apart from running the gcloud init command and using your personal email to access the gcp resource it is recommended to use a service account with the command line SDK.
Configure GCP SDK Access using Service Accounts
Service Account: A service account is an authentication mechanism used in google cloud to authenticate between services for example compute instance needs to access storage buckets or cli / sdk needs to access the gcp resources. Service accounts don’t represent a person. you can create a GCP service account as follows.
Navigate to IAM & Admin > Service Accounts.
Click on Create Service Account, give it a name, id and description. Click CREATE
On the next screen attach a role to this service account, I have granted editor role you can limit it to your needs like Storage Admin or so.
Next screen Granting Users access to the Role this is optional and we don’t need so we can skip. Click DONE
This is just creating the Service Account next we need to create a key for it. It is the key that we will use to configure gcloud SDK.
Go to Service Accounts page locate the Service account that we created earlier, click on three dots and click Create key.
For Key type select JSON and Click CREATE it will download a json file on your local machine.
Once we have the key file we can run the following gcloud command to activate the service account credentials
gcloud auth activate-service-account --key-file /pah/to/keyfile.json // activate the service account credentials gcloud auth list // list all the credentials and active one is marked with *
And when you are working on multiple projects and you have to switch between multiple credentials/ service accounts you can use the following commands to switch b/w projects and accounts.
gcloud config set account < email or service account > gcloud config set project < id of gcp project >
With this you will be able to switch between accounts and projects and this method. Keep the json key file secure if you loose it you can create it by going back to the service account section in GCP web console and delete the old key. But remember to update the new key to all the cloud sdk devices where old key was being used.
Let me know if this worked for you or if there is any errors in the comment section.