neoakris · August 10, 2022 05:27
diff --git a/quick gcr.io SA.sh b/quick gcr.io SA.sh
 #!/bin/bash
 # A tutorial (learning optimized how to guide) of this same content with additional explanations is available here: 
 # https://gist.github.com/neoakris/bd53146a7a610253abdbc1234ffb357b

 # Set Input Vars (likely need to edit)
 export PROJECT=my-gcp-project
 export SA_SHORT_NAME=gcr-sa

 # Additional Input Vars (can skip editing)
 export SA_NAME=$SA_SHORT_NAME@$PROJECT.iam.gserviceaccount.com
 export SA_KEY_FILE=$HOME/Downloads/$SA_SHORT_NAME.auth.json

 #################################################################
 # Login as human account with rights to create SA
 gcloud auth login

 # Create SA
 gcloud iam service-accounts create $SA_SHORT_NAME --description="SA for GCR" --display-name="$SA_SHORT_NAME" --project=$PROJECT

 # Add Image Pull rights
 gcloud projects add-iam-policy-binding $PROJECT --member=serviceAccount:$SA_NAME --role=roles/containerregistry.ServiceAgent

 # Add Image Push rigths (might be over permissive, trying to test less permissions ran into annoying not supported errors)
 gcloud projects add-iam-policy-binding $PROJECT --member=serviceAccount:$SA_NAME --role=roles/storage.admin
 gcloud projects add-iam-policy-binding $PROJECT --member=serviceAccount:$SA_NAME --role=roles/storage.objectViewer

 ################################################################
 # Create SA Auth Key in Downloads Folder
 gcloud iam service-accounts keys create $SA_KEY_FILE --iam-account=$SA_NAME

 # Auth to gcr.io as the SA
 cat $SA_KEY_FILE | docker login -u _json_key --password-stdin https://gcr.io
	#!/bin/bash
	# A tutorial (learning optimized how to guide) of this same content with additional explanations is available here:
	# https://gist.github.com/neoakris/bd53146a7a610253abdbc1234ffb357b

	# Set Input Vars (likely need to edit)
	export PROJECT=my-gcp-project
	export SA_SHORT_NAME=gcr-sa

	# Additional Input Vars (can skip editing)
	export SA_NAME=$SA_SHORT_NAME@$PROJECT.iam.gserviceaccount.com
	export SA_KEY_FILE=$HOME/Downloads/$SA_SHORT_NAME.auth.json

	#################################################################
	# Login as human account with rights to create SA
	gcloud auth login

	# Create SA
	gcloud iam service-accounts create $SA_SHORT_NAME --description="SA for GCR" --display-name="$SA_SHORT_NAME" --project=$PROJECT

	# Add Image Pull rights
	gcloud projects add-iam-policy-binding $PROJECT --member=serviceAccount:$SA_NAME --role=roles/containerregistry.ServiceAgent

	# Add Image Push rigths (might be over permissive, trying to test less permissions ran into annoying not supported errors)
	gcloud projects add-iam-policy-binding $PROJECT --member=serviceAccount:$SA_NAME --role=roles/storage.admin
	gcloud projects add-iam-policy-binding $PROJECT --member=serviceAccount:$SA_NAME --role=roles/storage.objectViewer

	################################################################
	# Create SA Auth Key in Downloads Folder
	gcloud iam service-accounts keys create $SA_KEY_FILE --iam-account=$SA_NAME

	# Auth to gcr.io as the SA
	cat $SA_KEY_FILE \| docker login -u _json_key --password-stdin https://gcr.io