Authenticate to Google Container Service With Script: Non-interactive gcloud auth login?

Question

I'm creating a jenkins job to deploy a container to GKE, and part of this script requires me to authenticate to the container service with:

"gcloud auth login"

However, this is an interactive operation that requires me to go and fetch a token in the browser:

 gcloud auth login
 Go to the following link in your browser:

(Which Jenkins clearly can't do, or at least not easily)

Is there a way to automate this step?

Answer 1

gcloud auth login command is used to obtain and activate user account credentials. While it is possible to use these, in non-interactive cases other users have access, instead you should use service account credentials.

To obtain service account credentials you can do one of the following:

1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=YOUR_PROJECT and make/download a key for one of the service accounts (or create new one), Or

2. Use gcloud to create a key:

    gcloud iam service-accounts list
   
    gcloud iam service-accounts keys create \
      MY_KEY_FILE.json
      --iam-account ONE_OF_ACCOUNTS_FROM_ABOVE_LIST
   

Once you have a key file just activate it as part of you script (or just once if it is always running on same machine.)

     gcloud auth activate-service-account --key-file=MY_KEY_FILE.json