"Google Cloud SDK is a set of tools that you can use to manage resources and applications hosted on Google Cloud Platform. These include the gcloud, gsutil, and bq command line tools. The gcloud command-line tool is downloaded along with the Cloud SDK" - https://cloud.google.com/sdk/docs/

gcloud CLI Examples

List google cloud projects

gcloud projects list

Switch to a different project

gcloud config set project "$project_name"

Grant a user permission to a docker registry

gsutil iam ch 'user:user@example.com:objectViewer' 'gs://artifacts.example.appspot.com/'

List google compute zones

gcloud compute zones list

List compute nodes

gcloud compute instances list

Delete a compute node

Sometimes autoscalers have a hard time scaling down, requiring manual termination of idle nodes.

gcloud compute instances delete "projects/$project_name/zones/us-central1-a/instances/$node_name"

List images available in Google Container Registry

gcloud container images list

Pull a docker container from Google Container Registry

gcloud docker -- pull gcr.io/project-id/hello-world

Control access to registries

"Container Registry uses a Cloud Storage bucket as the backend for serving container images. You can control who has access to your Container Registry images by adjusting permissions for the Cloud Storage bucket.

Caution: Container Registry only recognizes permissions set on the Cloud Storage bucket. Container Registry will ignore permissions set on individual objects within the Cloud Storage bucket.

You manage access control in Cloud Storage by using the GCP Console or the gsutil command-line tool. Refer to the gsutil acl and gsutil defacl documentation for more information." - https://cloud.google.com/container-registry/docs/access-control

Authenticate a private GCR registry in kubernetes

This is likely not copy/paste material, but the flow is generally correct.

PARTNER=other_company
PROJECT="our_company-$PARTNER"
USER=service-account-user-for-$PARTNER
EMAIL="$USER@$PROJECT.iam.gserviceaccount.com"
gcloud iam service-accounts create $USER
gcloud iam service-accounts keys create \
  --display-name "$USER" \
  --iam-account "$EMAIL" \
  key.json
gcloud projects add-iam-policy-binding "$PROJECT" \
  --member "serviceAccount:$EMAIL" \
  --role "roles/storage.objectAdmin"
done
kubectl create secret "docker-pull-$PROJECT" "$PROJECT" \
  --docker-server "https://gcr.io" \
  --docker-username _json_key \
  --docker-email "$EMAIL" \
  --docker-password "$(cat key.json)"

Then use the value of docker-pull-${PROJECT} as your ImagePullSecret.

Links