not able to perform gcloud init inside dockerfile

Question

I have made a Dockerfile for deploying my node.js application into google container engine .It looks like as below

FROM node:0.12
COPY google-cloud-sdk /google-cloud-sdk
RUN /google-cloud-sdk/bin/gcloud init
COPY bpe /bpe
CMD cd /bpe;npm start

I should use gcloud init inside Dockerfile because my node.js application is using gcloud-node module for creating buckets in GCS . When i am using the above dockerfile and doing docker built it is failing with following errors

sudo docker build -t gcr.io/[PROJECT_ID]/test-node:v1 .

Sending build context to Docker daemon 489.3 MB
Sending build context to Docker daemon 
Step 0 : FROM node:0.12
 ---> 57ef47f6c658
Step 1 : COPY google-cloud-sdk /google-cloud-sdk
 ---> f102b82812f5
Removing intermediate container 4433b0f3627f
Step 2 : RUN /google-cloud-sdk/bin/gcloud init
 ---> Running in 21aead97cf65
Welcome! This command will take you through the configuration of gcloud.

Your current configuration has been set to: [default]

To continue, you must log in. Would you like to log in (Y/n)?  
Go to the following link in your browser:

    https://accounts.google.com/o/oauth2/auth?redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&prompt=select_account&response_type=code&client_id=32555940559.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute&access_type=offline


ERROR: There was a problem with web authentication.
ERROR: (gcloud.auth.login) invalid_grant
ERROR: (gcloud.init) Failed command: [auth login --force --brief] with exit code [1]

I done it working by hard coding the authentication key inside google-cloud-sdk source code.Please let me know the proper way to solve this issue .

Answer 1

gcloud init is a wrapper command which runs

gcloud config configurations create MY_CONFIG
gcloud config configurations activate MY_CONFIG
gcloud auth login
gcloud config set project MY_PROJECT

which allows user to choose configuration, login (via browser) and choose a project.

For your use case you probably do not want to use gcloud init, instead you should download service account key file from https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=MY_PROJECT, make it accessible inside docker container and activate it via

gcloud auth activate-service-account --key-file my_service_account.json
gcloud config set project MY_PROJECT

Answer 2

Better way to use gcs from container engine is give permission to cluster. For example, if you had created your VM with devstorage.read_only scope, trying to write to a bucket would fail, even if your service account has permission to write to the bucket. You would need devstorage.full_control or devstorage.read_write.

while creating cluster we can use following command

gcloud container clusters create catch-world \
        --num-nodes 1 \
        --machine-type n1-standard-1 \
        --scopes https://www.googleapis.com/auth/devstorage.full_control