Appearance
Google Cloud CLI (gcloud)
Comprehensive Google Cloud CLI commands and workflows for managing Google Cloud Platform services, including Compute Engine, Cloud Storage, and Kubernetes Engine.
Installation & Authentication
| Command | Description |
|---|---|
gcloud auth login | Login to Google Cloud |
gcloud auth application-default login | Login for application default credentials |
gcloud auth list | List authenticated accounts |
gcloud auth revoke | Revoke authentication |
gcloud config list | Show current configuration |
gcloud config set project PROJECT_ID | Set default project |
gcloud config set compute/region us-central1 | Set default region |
gcloud config set compute/zone us-central1-a | Set default zone |
Project Management
| Command | Description |
|---|---|
gcloud projects list | List all projects |
gcloud projects create PROJECT_ID | Create new project |
gcloud projects delete PROJECT_ID | Delete project |
gcloud projects describe PROJECT_ID | Show project details |
gcloud config get-value project | Get current project |
gcloud config configurations list | List configurations |
gcloud config configurations create CONFIG_NAME | Create configuration |
gcloud config configurations activate CONFIG_NAME | Activate configuration |
Compute Engine
Instance Management
| Command | Description |
|---|---|
gcloud compute instances list | List all instances |
gcloud compute instances create INSTANCE_NAME --machine-type=e2-medium --image-family=ubuntu-2004-lts --image-project=ubuntu-os-cloud | Create instance |
gcloud compute instances start INSTANCE_NAME | Start instance |
gcloud compute instances stop INSTANCE_NAME | Stop instance |
gcloud compute instances delete INSTANCE_NAME | Delete instance |
gcloud compute instances reset INSTANCE_NAME | Reset instance |
gcloud compute instances describe INSTANCE_NAME | Show instance details |
SSH and Remote Access
| Command | Description |
|---|---|
gcloud compute ssh INSTANCE_NAME | SSH into instance |
gcloud compute ssh INSTANCE_NAME --zone=ZONE | SSH with specific zone |
gcloud compute scp LOCAL_FILE INSTANCE_NAME:REMOTE_PATH | Copy file to instance |
gcloud compute scp INSTANCE_NAME:REMOTE_PATH LOCAL_FILE | Copy file from instance |
gcloud compute os-login ssh-keys add --key-file=KEY_FILE | Add SSH key |
Machine Types and Images
| Command | Description |
|---|---|
gcloud compute machine-types list | List machine types |
gcloud compute machine-types list --filter="zone:us-central1-a" | List machine types by zone |
gcloud compute images list | List all images |
gcloud compute images list --filter="family:ubuntu-2004-lts" | List images by family |
gcloud compute images create IMAGE_NAME --source-disk=DISK_NAME | Create custom image |
Disks
| Command | Description |
|---|---|
gcloud compute disks list | List all disks |
gcloud compute disks create DISK_NAME --size=100GB | Create disk |
gcloud compute disks delete DISK_NAME | Delete disk |
gcloud compute disks snapshot DISK_NAME --snapshot-names=SNAPSHOT_NAME | Create snapshot |
gcloud compute instances attach-disk INSTANCE_NAME --disk=DISK_NAME | Attach disk |
gcloud compute instances detach-disk INSTANCE_NAME --disk=DISK_NAME | Detach disk |
Cloud Storage
Bucket Operations
| Command | Description |
|---|---|
gsutil ls | List all buckets |
gsutil mb gs://BUCKET_NAME | Create bucket |
gsutil rb gs://BUCKET_NAME | Remove empty bucket |
gsutil rm -r gs://BUCKET_NAME | Remove bucket and contents |
gsutil ls gs://BUCKET_NAME | List objects in bucket |
gsutil ls -l gs://BUCKET_NAME | List objects with details |
File Operations
| Command | Description |
|---|---|
gsutil cp FILE gs://BUCKET_NAME/ | Upload file |
gsutil cp gs://BUCKET_NAME/FILE . | Download file |
gsutil cp -r DIRECTORY gs://BUCKET_NAME/ | Upload directory |
gsutil rsync -r LOCAL_DIR gs://BUCKET_NAME/ | Sync directory |
gsutil rm gs://BUCKET_NAME/FILE | Delete file |
gsutil rm -r gs://BUCKET_NAME/DIRECTORY | Delete directory |
Bucket Configuration
| Command | Description |
|---|---|
gsutil versioning set on gs://BUCKET_NAME | Enable versioning |
gsutil versioning get gs://BUCKET_NAME | Check versioning status |
gsutil lifecycle set LIFECYCLE_CONFIG gs://BUCKET_NAME | Set lifecycle policy |
gsutil cors set CORS_CONFIG gs://BUCKET_NAME | Set CORS policy |
gsutil iam get gs://BUCKET_NAME | Get bucket IAM policy |
gsutil iam set POLICY_FILE gs://BUCKET_NAME | Set bucket IAM policy |
Google Kubernetes Engine (GKE)
Cluster Management
| Command | Description |
|---|---|
gcloud container clusters list | List all clusters |
gcloud container clusters create CLUSTER_NAME --num-nodes=3 | Create cluster |
gcloud container clusters delete CLUSTER_NAME | Delete cluster |
gcloud container clusters get-credentials CLUSTER_NAME | Get cluster credentials |
gcloud container clusters resize CLUSTER_NAME --num-nodes=5 | Resize cluster |
gcloud container clusters upgrade CLUSTER_NAME | Upgrade cluster |
Node Pools
| Command | Description |
|---|---|
gcloud container node-pools list --cluster=CLUSTER_NAME | List node pools |
gcloud container node-pools create POOL_NAME --cluster=CLUSTER_NAME --num-nodes=2 | Create node pool |
gcloud container node-pools delete POOL_NAME --cluster=CLUSTER_NAME | Delete node pool |
gcloud container node-pools describe POOL_NAME --cluster=CLUSTER_NAME | Describe node pool |
Cluster Operations
| Command | Description |
|---|---|
kubectl get nodes | List cluster nodes |
kubectl get pods --all-namespaces | List all pods |
kubectl apply -f MANIFEST_FILE | Apply Kubernetes manifest |
kubectl delete -f MANIFEST_FILE | Delete resources from manifest |
Cloud Functions
Function Management
| Command | Description |
|---|---|
gcloud functions list | List all functions |
gcloud functions deploy FUNCTION_NAME --runtime=python39 --trigger-http | Deploy HTTP function |
gcloud functions deploy FUNCTION_NAME --runtime=nodejs14 --trigger-topic=TOPIC_NAME | Deploy Pub/Sub function |
gcloud functions delete FUNCTION_NAME | Delete function |
gcloud functions describe FUNCTION_NAME | Show function details |
gcloud functions call FUNCTION_NAME | Call function |
Function Logs
| Command | Description |
|---|---|
gcloud functions logs read FUNCTION_NAME | Read function logs |
gcloud functions logs read FUNCTION_NAME --limit=50 | Read recent logs |
gcloud functions logs read FUNCTION_NAME --start-time=2023-01-01 | Read logs from date |
Cloud SQL
Instance Management
| Command | Description |
|---|---|
gcloud sql instances list | List SQL instances |
gcloud sql instances create INSTANCE_NAME --database-version=MYSQL_8_0 --tier=db-f1-micro | Create MySQL instance |
gcloud sql instances create INSTANCE_NAME --database-version=POSTGRES_13 --tier=db-f1-micro | Create PostgreSQL instance |
gcloud sql instances delete INSTANCE_NAME | Delete instance |
gcloud sql instances describe INSTANCE_NAME | Show instance details |
gcloud sql instances restart INSTANCE_NAME | Restart instance |
Database Operations
| Command | Description |
|---|---|
gcloud sql databases list --instance=INSTANCE_NAME | List databases |
gcloud sql databases create DATABASE_NAME --instance=INSTANCE_NAME | Create database |
gcloud sql databases delete DATABASE_NAME --instance=INSTANCE_NAME | Delete database |
User Management
| Command | Description |
|---|---|
gcloud sql users list --instance=INSTANCE_NAME | List users |
gcloud sql users create USERNAME --instance=INSTANCE_NAME --password=PASSWORD | Create user |
gcloud sql users delete USERNAME --instance=INSTANCE_NAME | Delete user |
gcloud sql users set-password USERNAME --instance=INSTANCE_NAME --password=NEW_PASSWORD | Change password |
Backups
| Command | Description |
|---|---|
gcloud sql backups list --instance=INSTANCE_NAME | List backups |
gcloud sql backups create --instance=INSTANCE_NAME | Create backup |
gcloud sql backups restore BACKUP_ID --restore-instance=INSTANCE_NAME | Restore backup |
App Engine
Application Management
| Command | Description |
|---|---|
gcloud app deploy | Deploy application |
gcloud app deploy --version=VERSION_NAME | Deploy specific version |
gcloud app browse | Open application in browser |
gcloud app describe | Show application details |
gcloud app versions list | List application versions |
gcloud app versions delete VERSION_NAME | Delete version |
Traffic Management
| Command | Description |
|---|---|
gcloud app services list | List services |
gcloud app versions migrate VERSION_NAME | Migrate traffic to version |
gcloud app services set-traffic --splits=VERSION1=0.5,VERSION2=0.5 | Split traffic |
Logs
| Command | Description |
|---|---|
gcloud app logs tail | Stream application logs |
gcloud app logs read | Read application logs |
gcloud app logs read --service=SERVICE_NAME | Read service logs |
Cloud Pub/Sub
Topics
| Command | Description |
|---|---|
gcloud pubsub topics list | List topics |
gcloud pubsub topics create TOPIC_NAME | Create topic |
gcloud pubsub topics delete TOPIC_NAME | Delete topic |
gcloud pubsub topics describe TOPIC_NAME | Show topic details |
gcloud pubsub topics publish TOPIC_NAME --message="Hello World" | Publish message |
Subscriptions
| Command | Description |
|---|---|
gcloud pubsub subscriptions list | List subscriptions |
gcloud pubsub subscriptions create SUBSCRIPTION_NAME --topic=TOPIC_NAME | Create subscription |
gcloud pubsub subscriptions delete SUBSCRIPTION_NAME | Delete subscription |
gcloud pubsub subscriptions pull SUBSCRIPTION_NAME | Pull messages |
gcloud pubsub subscriptions pull SUBSCRIPTION_NAME --auto-ack | Pull and acknowledge |
IAM (Identity and Access Management)
Service Accounts
| Command | Description |
|---|---|
gcloud iam service-accounts list | List service accounts |
gcloud iam service-accounts create SERVICE_ACCOUNT_NAME | Create service account |
gcloud iam service-accounts delete SERVICE_ACCOUNT_EMAIL | Delete service account |
gcloud iam service-accounts keys create KEY_FILE --iam-account=SERVICE_ACCOUNT_EMAIL | Create service account key |
gcloud iam service-accounts keys list --iam-account=SERVICE_ACCOUNT_EMAIL | List service account keys |
IAM Policies
| Command | Description |
|---|---|
gcloud projects get-iam-policy PROJECT_ID | Get project IAM policy |
gcloud projects add-iam-policy-binding PROJECT_ID --member=user:EMAIL --role=ROLE | Add IAM binding |
gcloud projects remove-iam-policy-binding PROJECT_ID --member=user:EMAIL --role=ROLE | Remove IAM binding |
gcloud iam roles list | List predefined roles |
gcloud iam roles create ROLE_NAME --project=PROJECT_ID --file=ROLE_DEFINITION | Create custom role |
Cloud Build
Build Management
| Command | Description |
|---|---|
gcloud builds list | List builds |
gcloud builds submit --tag gcr.io/PROJECT_ID/IMAGE_NAME | Build and push image |
gcloud builds submit --config=cloudbuild.yaml | Build with config file |
gcloud builds describe BUILD_ID | Show build details |
gcloud builds cancel BUILD_ID | Cancel build |
Triggers
| Command | Description |
|---|---|
gcloud builds triggers list | List build triggers |
gcloud builds triggers create github --repo-name=REPO_NAME --repo-owner=OWNER --branch-pattern=main | Create GitHub trigger |
gcloud builds triggers delete TRIGGER_ID | Delete trigger |
gcloud builds triggers run TRIGGER_NAME | Run trigger manually |
Networking
VPC Networks
| Command | Description |
|---|---|
gcloud compute networks list | List VPC networks |
gcloud compute networks create NETWORK_NAME --subnet-mode=custom | Create custom VPC |
gcloud compute networks delete NETWORK_NAME | Delete VPC network |
gcloud compute networks subnets list | List subnets |
gcloud compute networks subnets create SUBNET_NAME --network=NETWORK_NAME --range=10.0.0.0/24 | Create subnet |
Firewall Rules
| Command | Description |
|---|---|
gcloud compute firewall-rules list | List firewall rules |
gcloud compute firewall-rules create RULE_NAME --allow tcp:80,tcp:443 --source-ranges 0.0.0.0/0 | Create firewall rule |
gcloud compute firewall-rules delete RULE_NAME | Delete firewall rule |
gcloud compute firewall-rules describe RULE_NAME | Show firewall rule details |
Load Balancers
| Command | Description |
|---|---|
gcloud compute url-maps list | List URL maps |
gcloud compute backend-services list | List backend services |
gcloud compute target-http-proxies list | List HTTP proxies |
gcloud compute forwarding-rules list | List forwarding rules |
Monitoring and Logging
Cloud Logging
| Command | Description |
|---|---|
gcloud logging logs list | List available logs |
gcloud logging read "resource.type=gce_instance" | Read logs by resource |
gcloud logging read "timestamp>=2023-01-01T00:00:00Z" | Read logs by time |
gcloud logging sinks list | List log sinks |
gcloud logging sinks create SINK_NAME DESTINATION --log-filter=FILTER | Create log sink |
Cloud Monitoring
| Command | Description |
|---|---|
gcloud alpha monitoring policies list | List alerting policies |
gcloud alpha monitoring channels list | List notification channels |
Best Practices
Security
- Service Accounts: Use service accounts for applications
- IAM Principles: Follow principle of least privilege
- VPC Security: Use private subnets and firewall rules
- Secret Management: Use Secret Manager for sensitive data
Cost Optimization
- Resource Labels: Label resources for cost tracking
- Preemptible Instances: Use preemptible VMs for batch workloads
- Committed Use: Use committed use discounts for predictable workloads
- Auto-scaling: Configure auto-scaling for dynamic workloads
Automation
- Infrastructure as Code: Use Deployment Manager or Terraform
- CI/CD: Use Cloud Build for continuous integration
- Monitoring: Set up comprehensive monitoring and alerting
- Backup Strategy: Implement automated backup strategies