[A-00166]gcloud,gsutilコマンドまとめ

・[gcloud version]

用途：cloud sdkのバージョンを確認する

gcloud version

・[gcloud components update]

用途:cloud sdkの資材を最新化する

gcloud components update

・[gcloud config configurations list]

用途:現在アクティブな構成設定を確認する

gcloud config configurations list

MacBook-Pro:sample1$ gcloud config configurations list
NAME     IS_ACTIVE  ACCOUNT                 PROJECT              COMPUTE_DEFAULT_ZONE  COMPUTE_DEFAULT_REGION
default  True       xxxx@gmail.com  xxxx-399805  asia-northeast1-a     asia-northeast1

・[gcloud info]

用途:現在アクティブな詳細な構成設定を確認する

gcloud info

Google Cloud SDK [448.0.0]

Platform: [Mac OS X, x86_64] uname_result(system='Darwin'
......

・[gcloud auth list]

用途:現在アクティブなアカウント情報を表示する

gcloud auth list

MacBook-Pro:sample1$ gcloud auth list
    Credentialed Accounts
ACTIVE  ACCOUNT
*       xxxx@gmail.com

To set the active account, run:
    $ gcloud config set account `ACCOUNT`

・[gcloud auth print-access-token]

用途:現在アクティブなアカウントのアクセストークンを表示する

gcloud auth print-access-token

MacBook-Pro:sample1$ gcloud auth print-access-token
xxxxxxxx.a0AfB_byAQmNSda4QMaLx1LVByAyClujdB-tXhbMpqvkwMqHumwlxSsuFT0BxWBPkl0q

・[gcloud auth application-default]

用途:現在アクティブのアカウントのアプリケーション認証情報を構成する

gcloud auth application-default <some-command>

上記のコマンドを実行するとウェブブラウザでアカウント認証が開始されます。

・[gcloud projects describe]

用途:プロジェクトのメタデータ情報を取得する

gcloud projects describe <project-id>

MacBook-Pro:sample1$ gcloud projects describe xxxx-399805
createTime: '2023-09-22T05:12:50.712Z'
lifecycleState: ACTIVE
name: My Project 91106
projectId: xxxx-399805
projectNumber: 'xxxx61509'

・[gcloud projects create]

用途:プロジェクトを作成する

gcloud projects create <project-name>

MacBook-Pro:sample1 $ gcloud projects create gcloud-command-test-proj
Create in progress for [https://cloudresourcemanager.googleapis.com/v1/projects/gcloud-command-test-proj].
Waiting for [operations/cp.5742563581880368128] to finish...done.                                                                   
Enabling service [cloudapis.googleapis.com] on project [gcloud-command-test-proj]...
Operation "operations/acat.p2-812099394116-a7d57df0-bf7c-4bcd-ae00-09099ad1e5a6" finished successfully.

・[gcloud projects delete]

用途:プロジェクトを削除する

gcloud projects delete <project-id>

MacBook-Pro:sample1$ gcloud projects delete gcloud-command-test-proj
Your project will be deleted.

Do you want to continue (Y/n)?  Y

Deleted [https://cloudresourcemanager.googleapis.com/v1/projects/gcloud-command-test-proj].

You can undo this operation for a limited period by running the command below.
    $ gcloud projects undelete gcloud-command-test-proj

See https://cloud.google.com/resource-manager/docs/creating-managing-projects for information on shutting down projects.

・[gcloud projects get-iam-policy]

用途:プロジェクトのIAMポリシーを取得する

gcloud projects get-iam-policy <project-id>

MacBook-Pro:sample1$ gcloud projects get-iam-policy xxxx-399805
bindings:
- members:
  - serviceAccount:service-xxxx@gcp-sa-artifactregistry.iam.gserviceaccount.com
  role: roles/artifactregistry.serviceAgent
- members:
  - serviceAccount:xxxxx@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder

・[gcloud config list]

用途:Compute Engineの初期設定と現在アクティブなアカウント情報を取得する

gcloud config list

MacBook-Pro:sample1$ gcloud config list
[compute]
region = asia-northeast1
zone = asia-northeast1-a
[core]
account = xxxx@gmail.com
disable_usage_reporting = False
project = xxxx-399805

・[gcloud iam service-accounts create]

用途:サービスアカウントを作成する

gcloud iam service-accounts create <account-name> --display-name="<display-name>"

MacBook-Pro:sample1$ gcloud iam service-accounts create gcloud-commmand-test --display-name="This is for test"
Created service account [gcloud-commmand-test].

・[gcloud iam service-accounts list]

用途:サービスアカウントのリストを取得する

gcloud iam service-accounts list

MacBook-Pro:sample1$ gcloud iam service-accounts list
DISPLAY NAME                        EMAIL                                                             DISABLED
App Engine default service account  xxxx@appspot.gserviceaccount.com                   False

・[gcloud iam service-accounts delete]

用途:サービスアカウントを削除する

gcloud iam service-accounts delete

MacBook-Pro:sample1$ gcloud iam service-accounts delete gcloud-commmand-test@someproj399805.iam.gserviceaccount.com
You are about to delete service account [gcloud-commmand-test@someproj399805.iam.gserviceaccount.com]

Do you want to continue (Y/n)?  Y

deleted service account [gcloud-commmand-test@someproj399805.iam.gserviceaccount.com]

・[gcloud projects add-iam-policy-binding]

用途：サービスアカウントにロールを付与する

gcloud projects add-iam-policy-binding <project-id> --member="serviceAccount:<saccount-name>@<something>.iam.gserviceaccount.com" --role=<role>

MacBook-Pro:script$  gcloud projects add-iam-policy-binding xx-prj001 --member="serviceAccount:service-43753xxxx@gcp-sa-logging.iam.gserviceaccount.com" --role=roles/storage.objectCreator
Updated IAM policy for project [xx-prj001].
bindings:
- members:
~以下、省略

・[gcloud iam list-grantable-roles]

用途:特定のプロジェクトのIAMロールの一覧を取得する

gcloud iam list-grantable-roles //cloudresourcemanager.googleapis.com/projects/<project-id>

MacBook-Pro:sample1$ gcloud iam list-grantable-roles //cloudresourcemanager.googleapis.com/projects/xxxx-399805

---
description: Gives Cloud Workflows service account access to managed resources.
name: roles/workflows.serviceAgent
title: Cloud Workflows Service Agent
---
description: Gives the Workload Certificate service agent access to Cloud Platform
  resources.
name: roles/workloadcertificate.serviceAgent
title: Workload Certificate Service Agent
---
description: Gives Workload Manager Service Agent access to CAI export functions and
  Cloud Monitoring.
name: roles/workloadmanager.serviceAgent
title: Workload Manager Service Agent
---

・[gcloud iam roles create]

用途:カスタムIAMロールを作成する

gcloud iam roles create <some-info>

MacBook-Pro:sample1$ gcloud iam roles create TestCommander --project=xxxx399805 --title=TestCommander --description="This is test." --permissions=resourcemanager.projects.get,resourcemanager.projects.update
Created role [TestCommander].
description: This is test.
etag: BwYGbKF-Yp0=
includedPermissions:
- resourcemanager.projects.get
- resourcemanager.projects.update
name: projects/xxxx399805/roles/TestCommander
stage: ALPHA
title: TestCommander

・[gcloud iam roles delete]

用途:IAMロールを削除する

gcloud iam roles delete

(base) MacBook-Pro:sample1$ gcloud iam roles delete TestCommander --project=xxxx399805
deleted: true
description: This is test.
etag: BwYGbLDhrWg=
includedPermissions:
- resourcemanager.projects.get
- resourcemanager.projects.update
name: projects/xxxx399805/roles/TestCommander
title: TestCommander

・[gcloud services enable]

用途:Google CloudリソースにアクセスするAPIを有効化する

gcloud services enable <service-name>

MacBook-Pro:sample1$ gcloud services enable container.googleapis.com
Operation "operations/xxxx.p2-821949561509-xvvvvv-xxx" finished successfully.

・[gcloud components install kubectl]

用途:gcloud上で使用するGKEのkubernetes用コマンドコンポーネントをインストールする

gcloud components install kubectl

・[gcloud container clusters create-auto]

用途:GKEのAutoPilotクラスターを作成する

gcloud container clusters create-auto <cluster-name>

MacBook-Pro:sample1$ gcloud container clusters create-auto gcloud-test-cluster --location=asia-northea
st1
Note: The Pod address range limits the maximum size of the cluster. Please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to optimize IP address allocation.
Creating cluster gcloud-test-cluster in asia-northeast1... Cluster is being health-checked...⠹

NAME                 LOCATION         MASTER_VERSION  MASTER_IP     MACHINE_TYPE  NODE_VERSION    NUM_NODES  STATUS
gcloud-test-cluster  asia-northeast1  1.27.3-gke.100  34.84.132.63  e2-medium     1.27.3-gke.100  3          RUNNING

・[gcloud container clusters delete]

用途:GKEクラスターを削除する

gcloud container clusters delete <cluster-name> --location=<location-name>

MacBook-Pro:sample1$ gcloud container clusters delete gcloud-test-cluster --location=asia-northeast1
The following clusters will be deleted.
 - [gcloud-test-cluster] in [asia-northeast1]

Do you want to continue (Y/n)?  Y

Deleting cluster gcloud-test-cluster...⠛ 

・[gcloud compute networks create]

用途:VPCを作成する

gcloud compute networks create <vpc-name> --subnet-mode=<mode> --bgp-routing-mode=<mode> --mtu=<mtu-size>

MacBook-Pro:sample1$ gcloud compute networks create vpc1 --subnet-mode=auto --bgp-routing-mode=regiona
l --mtu=1300
Created [https://www.googleapis.com/compute/v1/projects/nifty-gasket-399805/global/networks/vpc1].
NAME  SUBNET_MODE  BGP_ROUTING_MODE  IPV4_RANGE  GATEWAY_IPV4
vpc1  AUTO         REGIONAL

Instances on this network will not be reachable until firewall rules
are created. As an example, you can allow all internal traffic between
instances as well as SSH, RDP, and ICMP by running:

$ gcloud compute firewall-rules create <FIREWALL_NAME> --network vpc1 --allow tcp,udp,icmp --source-ranges <IP_RANGE>
$ gcloud compute firewall-rules create <FIREWALL_NAME> --network vpc1 --allow tcp:22,tcp:3389,icmp

・[gcloud compute networks delete]

用途:VPCを削除する

gcloud compute networks delete <vpc-name>

MacBook-Pro:sample1$ gcloud compute networks delete vpc1
The following networks will be deleted:
 - [vpc1]

Do you want to continue (Y/n)?  Y

Deleted [https://www.googleapis.com/compute/v1/projects/nifty-gasket-399805/global/networks/vpc1].

・Appendix

公式ドキュメント

https://cloud.google.com/sdk/gcloud/reference

https://cloud.google.com/vpc/docs/create-modify-vpc-networks?hl=ja#gcloud

参考文献はこちら

https://dev.classmethod.jp/articles/google-cloud-kubernetes-tutorial/

https://qiita.com/hyj624117615/items/36fcdba4977a279499bd