Introduction
This article provides a guide on how to install and configure the Google Cloud SDK (gcloud)
on a Mac, including how to authenticate, create projects, set regions and zones, and manage Google Cloud Storage (GCS) buckets and objects using gcloud and gsutil commands.
GCP Google Cloud SDK on Mac
Install gcloud
brew install --cask google-cloud-sdk
Check gcloud components
gcloud components list
gcloud auth login
gcloud auth login
When you run the command, a browser window will open and prompt you to log in to your Google account. After logging in, you will be asked to allow gcloud to access your account.
After you allow access, the command line will display a confirmation message indicating that you have successfully authenticated.
If you have no project, you can create one in the Google Cloud Console.
gcloud config set project [PROJECT_ID]
gcloud projects create springboot-web-20250617
gcloud config set project [PROJECT_ID]
gcloud config set project springboot-web-20250617
List all projects
gcloud projects list
Setting the region and zone (taiwan)
gcloud config set compute/region asia-east1
gcloud config set compute/zone asia-east1-b
To verify the current configuration, you can run:
gcloud config list
gcloud and gsutil commands
You can use the gcloud command to manage Google Cloud resources, and the gsutil command to manage Cloud Storage buckets and objects.
Difference between gsutil and gcloud
gsutil and gcloud are both tools in the Google Cloud SDK, but they serve different purposes:
- gsutil: Specifically designed for interacting with Google Cloud Storage (GCS), such as uploading, downloading, syncing, and managing buckets and objects. It has a simple syntax and is tailored for GCS operations.
- gcloud: The primary command-line tool for managing various Google Cloud Platform (GCP) resources (like VM instances, Kubernetes clusters, IAM, APIs, etc.). It can also interact with Storage, but its functionality is more simplified compared to gsutil.
- Why use gsutil instead of gcloud?
- gsutil supports more advanced GCS features (like
rsync, ACL management, parallel uploads, etc.). - When working with Storage, gsutil’s syntax is more intuitive and efficient.
- The official documentation recommends using gsutil for Storage-related tasks.
- gsutil supports more advanced GCS features (like
Create Cloud Storage and upload image
Bucket name must be globally unique and cannot be duplicated. Example: my-demo-bucket-20240617
gsutil mb gs://images-202506171415/
# If want to create and specify region
gsutil mb -l asia-east1 gs://images-202506171415/
Upload an image to the bucket
gsutil cp /path/to/your/image.jpg gs://images-202506171415/
To verify that the image has been uploaded successfully, you can list the contents of the bucket using the gsutil ls command. This will show you all the files in the specified bucket.
gsutil ls gs://images-202506171415/
To make the image publicly accessible, you can set the ACL (Access Control List) to allow all users to read the object. This is done using the gsutil acl ch command.
gsutil acl ch -u AllUsers:R gs://images-202506171415/C6B39448-EFB1-4FC1-9684-796B5938E884.jpg
Notice! Google Cloud has recommended using IAM policies (Uniform bucket-level access) to manage public permissions, which is better than setting ACLs on individual objects. However, setting ACLs on individual objects is still available, but Google may phase it out in the future. It is recommended to use IAM policies for better security and management.
View the public URL of the image like this:
https://storage.googleapis.com/images-202506171415/C6B39448-EFB1-4FC1-9684-796B5938E884.jpg
Remove the image from the bucket
gsutil rm gs://images-202506171415/C6B39448-EFB1-4FC1-9684-796B5938E884.jpg
Revome the bucket
gsutil rb gs://images-202506171415/
Why public image still show when remove the image?
When you remove an image from a Google Cloud Storage bucket, it does not immediately remove the public URL. The public URL may still show the image for a short period of time due to CDN caching.
curl -I https://storage.googleapis.com/images-202506171415/C6B39448-EFB1-4FC1-9684-796B5938E884.jpg
and you will see a response like this:
HTTP/2 200
x-guploader-uploadid: ABgVH88p-nJObq67o5B5dlNqP8NXKNoqarcfGC1otJ2jqopCB58j9CAEJp78rTallOnQeUWkLRqSG4E
x-goog-generation: 1750141191076255
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 469060
x-goog-hash: crc32c=wgeHWg==
x-goog-hash: md5=fXZef9gmaq8XnrlpKAbVjw==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 469060
server: UploadServer
date: Tue, 17 Jun 2025 06:28:22 GMT
expires: Tue, 17 Jun 2025 07:28:22 GMT
cache-control: public, max-age=3600
last-modified: Tue, 17 Jun 2025 06:19:51 GMT
etag: "7d765e7fd8266aaf179eb9692806d58f"
content-type: image/jpeg
age: 265
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
The cache-control: public, max-age=3600 header indicates that the content is cached for 1 hour (3600 seconds). This means that even if you delete the object from the bucket, the cached version may still be served for up to 1 hour.
To ensure that the public URL no longer serves the image, you can either wait for the cache to expire or you can force a cache invalidation by changing the object’s metadata or uploading a new version of the object.
To force remove the cached image on CDN, you can use the gsutil command to set the cache control metadata to a shorter duration or to no-cache.
gsutil setmeta -h "Cache-Control: no-cache" gs://images-202506171415/C6B39448-EFB1-4FC1-9684-796B5938E884.jpg