如何在Docker Ubuntu映像上对Google Cloud SDK进行身份验证? [英] How to authenticate google cloud SDK on a docker Ubuntu image?

问题描述

我对如何在Docker容器上对gcloud sdk进行身份验证感到有些困惑.现在，我的docker文件包括以下内容:

I am a bit confused about how I can authenticate the gcloud sdk on a docker container. Right now, my docker file includes the following:

#Install the google SDK
RUN curl https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz > /tmp/google-cloud-sdk.tar.gz
RUN mkdir -p /usr/local/gcloud
RUN tar -C /usr/local/gcloud -xvf /tmp/google-cloud-sdk.tar.gz
RUN /usr/local/gcloud/google-cloud-sdk/install.sh
RUN /usr/local/gcloud/google-cloud-sdk/bin/gcloud init

但是，我对如何进行身份验证感到困惑?当我在计算机上运行gcloud auth application-default login时，它将在chrome中打开一个新选项卡，提示我登录.如果它在docker容器中的google chrome中打开一个新标签，该如何在docker容器中输入我的凭据?

However, I am confused how I would authenticate? When I run gcloud auth application-default login on my machine, it opens a new tab in chrome which prompts me to login. How would I input my credentials on the docker container if it opens a new tab in google chrome in the container?

推荐答案

您可以在设置Docker容器时考虑使用deb软件包，因为它是在

You might consider using deb packages when setting up your docker container as it is done on docker hub.

那表示您不应运行gcloud init或gcloud auth application-default login或gcloud auth login ...这些是启动浏览器的交互式命令.要向容器提供凭据，请向其提供服务帐户密钥文件.

That said you should NOT run gcloud init or gcloud auth application-default login or gcloud auth login... those are interactive commands which launch browser. To provide credentials to the container supply it with service account key file.

您可以从云控制台下载一个: https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=YOUR_PROJECT 或使用gcloud命令

You can download one from cloud console: https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=YOUR_PROJECT or create it with gcloud command

gcloud iam service-accounts keys create

请参见参考指南.

以两种方式将密钥文件添加到容器中并运行

Either way once you have the key file ADD it to your container and run

gcloud auth activate service-account --key-file=MY_KEY_FILE.json

现在应该进行设置，但是如果要在其他库和工具的上下文中将其用作应用程序默认凭据(ADC)，则需要设置以下环境变量以指向密钥文件:

You should be now set, but if you want to use it as Application Default Credentials (ADC), that is in the context of other libraries and tools, you need to set the following environment variable to point to the key file:

export GOOGLE_APPLICATION_CREDENTIALS=/path/to/MY_KEY_FILE.json

这里要指出的一件事是gcloud工具不使用ADC，因此以后如果您将帐户更改为其他名称，例如通过

One thing to point out here is that gcloud tool does not use ADC, so later if you change your account to something else, for example via

gcloud config set core/account my_other_login@gmail.com

其他工具和库将继续通过ADC密钥文件使用旧帐户，但gcloud现在将使用其他帐户.

other tools and libraries will continue using old account via ADC key file but gcloud will now use different account.

这篇关于如何在Docker Ubuntu映像上对Google Cloud SDK进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！