Skip to content

Instantly share code, notes, and snippets.

@nakanod

nakanod/google-cloud-sdk-note.md

Last active December 12, 2023 16:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nakanod/ed20424a54dc4394ddc0a80701d77aab to your computer and use it in GitHub Desktop.
Save nakanod/ed20424a54dc4394ddc0a80701d77aab to your computer and use it in GitHub Desktop.
Download ZIP
Google Cloud SDK Note
Raw
google-cloud-sdk-note.md

create a bucket

gcloud storage buckets create --pap --location us-east1 gs://example-bucket-name

Delete storage objects.

gcloud storage rm --recursive gs://example-bucket/some/object

create a service account and its secret key

gcloud iam service-accounts create service-account-name --display-name=service-account-name
gcloud iam service-accounts keys create credentials.json --iam-account=service-account-name@your-project-id.iam.gserviceaccount.com

grant a storage permission to a service account

gcloud storage buckets add-iam-policy-binding gs://example-bucket-name --member=serviceAccount:service-account-name@your-project-id.iam.gserviceaccount.com --role=roles/storage.objectAdmin

prepare a yaml file for custom role

title: customRole
stage: GA
includedPermissions:
- dns.changes.get
- dns.managedZones.list
- dns.resourceRecordSets.list

create a custom role

gcloud iam roles create customRole --project your-project-id --file permissions.yaml

grant a custom role permission to a service account

gcloud projects add-iam-policy-binding your-project-id --member=serviceAccount:service-account-name@your-project-id.iam.gserviceaccount.com --role=projects/your-project-id/roles/customRole

create an Artifact Registry repository

gcloud artifacts repositories create repository_name --repository-format docker --location us-east1

Grant an Artifact Registry repository permission to a service account.

gcloud artifacts repositories add-iam-policy-binding repository-name --location us-east1 --member serviceAccount:service-account@project-id.iam.gserviceaccount.com --role roles/artifactregistry.repoAdmin

create a workload identity pool and add an OIDC provider

gcloud iam workload-identity-pools create workload-identity-pool-id --location global
gcloud iam workload-identity-pools providers create-oidc provider-id --location global --workload-identity-pool workload-identity-pool-id --issuer-uri "https://issuer.example.com/" --attribute-mapping "google.subject=assertion.sub"

To publish a Cloud Run service to the Internet.

gcloud run services add-iam-policy-binding my-service --region='us-east1' --member='allUsers' --role='roles/run.invoker'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment