How to authenticate google cloud SDK on a docker Ubuntu image?

Question

I am a bit confused about how I can authenticate the gcloud sdk on a docker container. Right now, my docker file includes the following:

#Install the google          


        

Answer 1

You might consider using deb packages when setting up your docker container as it is done on docker hub.

That said you should NOT run gcloud init or gcloud auth application-default login or gcloud auth login... those are interactive commands which launch browser. To provide credentials to the container supply it with service account key file.

You can download one from cloud console: https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=YOUR_PROJECT or create it with gcloud command

gcloud iam service-accounts keys create

see reference guide.

Either way once you have the key file ADD it to your container and run

gcloud auth activate-service-account --key-file=MY_KEY_FILE.json

You should be now set, but if you want to use it as Application Default Credentials (ADC), that is in the context of other libraries and tools, you need to set the following environment variable to point to the key file:

export GOOGLE_APPLICATION_CREDENTIALS=/the/path/to/MY_KEY_FILE.json

One thing to point out here is that gcloud tool does not use ADC, so later if you change your account to something else, for example via

gcloud config set core/account my_other_login@gmail.com

other tools and libraries will continue using old account via ADC key file but gcloud will now use different account.

Answer 2

You can map your local Google SDK credentials into the image. [Source].

Begin by signing in using:

$ gcloud auth application-default login

Then add the following to your docker-compose.yaml:

volumes:
  - ~/.config/:/root/.config