gcloud auth application-default includes a sub-command gcloud auth application-default set-quota-project

Unlike the similar gcloud config set and gcloud config unset pair, there’s no unset-quota-project.

However, it’s straightforward to undo set-quota-project because it’s primary side-effect is to update ${HOME}/.config/gcloud/application_default_credentials.json]

gcloud auth application-default set-quota-project ${PROJECT} \
--log-http

Request:

uri: https://cloudresourcemanager.googleapis.com/v1/projects/{PROJECT}:testIamPermissions?alt=json
method: POST
== headers start ==
b'accept': b'application/json'
b'authorization': --- Token Redacted ---
b'content-type': b'application/json'
b'x-goog-user-project': b'{PROJECT}'
== headers end ==
== body start ==
{"permissions": ["serviceusage.services.use"]}
== body end ==

Response:

I’d forgotten about this feature but it’s a good way of protecting Google Cloud Platform (GCP) Projects against accidential (== user error) deletions.

Google documents it Protecting projects from accidental deletion

I’d forgotten that I’d applied it to a key project and then had to Google the above to recall how it works.

PROJECTs=$(gcloud projects list --format="value(projectId)")

for PROJECT in ${PROJECTS}
do
  gcloud alpha resource-manager liens list \
  --project=${PROJECT}
done

Simply:

gcloud container clusters create is a complex command. The --cluster-version flag, often combined with --release-channel in order to have Google maintain the master and node versions, take values that are provided by gcloud container get-server-config.

The available Kubernetes versions differs by region and by zone:

gcloud container get-server-config \
--project=${PROJECT} \
--zone=us-west2-c

Yields:

channels:
- channel: RAPID
  defaultVersion: 1.21.3-gke.2001
  validVersions:
  - 1.21.4-gke.301
  - 1.21.3-gke.2001

Whereas:

gcloud container get-server-config \
--project=${PROJECT} \
--region=us-west2

Yields

channels:
- channel: RAPID
  defaultVersion: 1.21.4-gke.301
  validVersions:
  - 1.21.4-gke.1801
  - 1.21.4-gke.301

I assume the divergence results from a controlled rollout of Kubernetes versions across regions and zones.

PROJECTS=$(\
  gcloud projects list \
  --format='csv[no-heading,terminator=","](projectId)') && \
PROJECTS="${PROJECTS%,}" && \  
echo ${PROJECTS}

From:

gcloud projects list
PROJECT_ID    NAME          PROJECT_NUMBER
foo           foo           1234567890123
bar           bar           1234567890123
baz           baz           1234567890123

To:

foo,bar,baz

Which you may find useful when you need to pass a list of Project IDs to some command-line flag.

Don’t forget to add appropriate ignore files…

• .dockerignore when using Docker
• .gitignore when using git
• .gcloudignore when using Google Cloud Platform

This week, I’ve been bitten twice in not using these.

They’re hidden files and so they’re more easy to forget unfortunately.

.dockerignore

docker build ...

Without .dockerignore

Sending build context to Docker daemon  229.9MB

Because, even though Rust’s cargo creates a useful .gitignore, it doesn’t create .dockerignore and, as you as you create ./target, you’re going to take up (likely uncessary) build context space: