Google Cloud SDK Installation and Usage
The Google Cloud SDK (gcloud CLI) is the primary tool for managing GCP resources from the command line, including Compute Engine instances, Cloud Storage buckets, and IAM permissions. This guide walks through installing the SDK on Linux, authenticating to your GCP project, and running practical gcloud commands for day-to-day cloud management.
Prerequisites
- Ubuntu/Debian or CentOS/Rocky Linux server
- A Google Cloud account with at least one project
- Python 3.8+ (included with most modern distributions)
- Sudo access
Installing the Google Cloud SDK
Ubuntu/Debian
# Add the Google Cloud SDK repository
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
sudo gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] \
https://packages.cloud.google.com/apt cloud-sdk main" | \
sudo tee /etc/apt/sources.list.d/google-cloud-sdk.list
sudo apt-get update && sudo apt-get install -y google-cloud-cli
CentOS/Rocky Linux
# Add the repository
sudo tee /etc/yum.repos.d/google-cloud-sdk.repo << 'EOF'
[google-cloud-cli]
name=Google Cloud CLI
baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
sudo dnf install -y google-cloud-cli
Verify Installation
gcloud version
# Google Cloud SDK 460.x.x
# bq 2.x.x
# core 2024.x.x
# gcloud-crc32c 1.x.x
# gsutil 5.x.x
Authentication and Project Setup
Interactive Login (for workstations with browser access)
gcloud auth login
# Opens a browser window — paste the URL on a local machine if needed
Service Account Authentication (for servers)
# Activate a service account key file
gcloud auth activate-service-account \
--key-file=/path/to/service-account-key.json
# Verify active account
gcloud auth list
Application Default Credentials (for applications)
gcloud auth application-default login
# Used by Google Cloud client libraries automatically
Project Configuration
# List available projects
gcloud projects list
# Set the active project
gcloud config set project my-project-id
# Verify current configuration
gcloud config list
Managing Compute Engine
# List all VM instances
gcloud compute instances list
# Create a VM instance
gcloud compute instances create my-vm \
--zone=us-central1-a \
--machine-type=e2-medium \
--image-family=ubuntu-2204-lts \
--image-project=ubuntu-os-cloud \
--boot-disk-size=20GB
# SSH into an instance
gcloud compute ssh my-vm --zone=us-central1-a
# Start and stop instances
gcloud compute instances start my-vm --zone=us-central1-a
gcloud compute instances stop my-vm --zone=us-central1-a
# Delete an instance
gcloud compute instances delete my-vm --zone=us-central1-a
# List available machine types
gcloud compute machine-types list --filter="zone:us-central1-a" --sort-by=name
# Open a firewall port
gcloud compute firewall-rules create allow-http \
--allow tcp:80 \
--target-tags http-server
Working with Cloud Storage
# List all buckets
gsutil ls
# Create a bucket
gsutil mb -l us-central1 gs://my-unique-bucket-name
# Upload files
gsutil cp /local/file.txt gs://my-bucket/
gsutil cp -r /local/directory/ gs://my-bucket/backup/
# Download files
gsutil cp gs://my-bucket/file.txt /local/restore/
# Sync directories
gsutil -m rsync -r /local/dir gs://my-bucket/dir
# List bucket contents
gsutil ls -lh gs://my-bucket/
# Make a file publicly accessible
gsutil acl ch -u AllUsers:R gs://my-bucket/public-file.txt
# Remove objects
gsutil rm gs://my-bucket/old-file.txt
gsutil rm -r gs://my-bucket/old-directory/
Using gcloud storage (newer interface):
gcloud storage ls gs://my-bucket/
gcloud storage cp /local/file.txt gs://my-bucket/
gcloud storage rsync /local/dir gs://my-bucket/dir
IAM and Service Accounts
# List service accounts
gcloud iam service-accounts list
# Create a service account
gcloud iam service-accounts create my-service-account \
--display-name="My Service Account"
# Grant a role to a service account
gcloud projects add-iam-policy-binding my-project-id \
--member="serviceAccount:[email protected]" \
--role="roles/storage.objectViewer"
# Create and download a key file
gcloud iam service-accounts keys create key.json \
--iam-account=my-service-account@my-project-id.iam.gserviceaccount.com
# List roles available in the project
gcloud iam roles list --project=my-project-id
Configuration Profiles
Named configurations let you switch between projects and accounts quickly.
# Create a new named configuration
gcloud config configurations create production
# Set properties for the configuration
gcloud config set project prod-project-id
gcloud config set compute/zone us-east1-b
gcloud config set account [email protected]
# List all configurations
gcloud config configurations list
# Activate a configuration
gcloud config configurations activate production
# Switch back to default
gcloud config configurations activate default
Troubleshooting
"Project not set" error
gcloud config set project YOUR_PROJECT_ID
Authentication errors with service accounts
# Verify the key file is valid
gcloud auth activate-service-account --key-file=key.json
gcloud auth list # Confirm active account
"Permission denied" on API calls
# Check if the required API is enabled
gcloud services list --enabled | grep compute
# Enable a service API
gcloud services enable compute.googleapis.com
gcloud services enable storage.googleapis.com
Rate limiting / quota errors
# Check project quotas
gcloud compute project-info describe --project=my-project-id
# Request quota increase via Cloud Console:
# https://console.cloud.google.com/iam-admin/quotas
Outdated SDK components
gcloud components update
gcloud components list # View installed components
Conclusion
The Google Cloud SDK gives you complete command-line control over GCP resources, from Compute Engine VMs to Cloud Storage and IAM. Using named configurations and service account authentication makes it straightforward to manage multiple GCP projects securely from a single Linux server.