What are the ports to be opened for Google cloud SDK?

Question

I am supposed to install Google cloud SDK on a secured windows server where even port for http(80) and https(443) is not enabled.

What are the ports to be opened to work with gcloud, gsutil and bq commands?

Answer 1

I tested the behaviour in my machine, I expected to need merely port 443 because Google Cloud SDK is based on HTTPS Rest API calls.

For example you can check what is going on behind the scenes with the flag --log-http

gcloud compute instances list --log-http

• Therefore you need an egress rule allowing TCP:443 egress traffic.

With respect to the ingress traffic:

• if your firewall is smart enough to recognise that since you opened the connection it should let the traffic pass (most common scenario) and therefore you do not need any rule for the incoming.

• Otherwise you will need as well to allow TCP:443 incoming traffic.

Update

Therefore you will need to be able to open connection toward:

• accounts.google.com:443
• *.googleapis.com:443
• *:9000 for serialport in case you need this feature

Answer 2

Below error shows it is 443

app> gcloud storage cp C:\Test-file6.txt gs://dl-bugcket-dev/ ERROR: (gcloud.storage.cp) There was a problem refreshing your current auth tokens: HTTPSConnectionPool(host='sts.googleapis.com', port=443 ): Max retries exceeded with url: /v1/token (Caused by NewConnectionError.. .

If you run netstat -anb at same time you run any gcloud command which need remote connection, you will also see below entry for the app you are using. In my case PowerShell

[PowerShell.exe] TCP 142.174.184.157:63546 40.126.29.14: 443 SYN_SENT

Do not use any proxy to see above entry else gcloud will connect to proxy and you can't see actual port. you can do this by creating new config.

gcloud config configurations create no-proxy-config