Google Cloud CLI (gcloud)

Comprehensive Google Cloud CLI commands and workflows for managing Google Cloud Platform services, including Compute Engine, Cloud Storage, and Kubernetes Engine.

Installation & Authentication

Command	Description
`gcloud auth login`	Login to Google Cloud
`gcloud auth application-default login`	Login for application default credentials
`gcloud auth list`	List authenticated accounts
`gcloud auth revoke`	Revoke authentication
`gcloud config list`	Show current configuration
`gcloud config set project PROJECT_ID`	Set default project
`gcloud config set compute/region us-central1`	Set default region
`gcloud config set compute/zone us-central1-a`	Set default zone

Project Management

Command	Description
`gcloud projects list`	List all projects
`gcloud projects create PROJECT_ID`	Create new project
`gcloud projects delete PROJECT_ID`	Delete project
`gcloud projects describe PROJECT_ID`	Show project details
`gcloud config get-value project`	Get current project
`gcloud config configurations list`	List configurations
`gcloud config configurations create CONFIG_NAME`	Create configuration
`gcloud config configurations activate CONFIG_NAME`	Activate configuration

Compute Engine

Instance Management

Command	Description
`gcloud compute instances list`	List all instances
`gcloud compute instances create INSTANCE_NAME --machine-type=e2-medium --image-family=ubuntu-2004-lts --image-project=ubuntu-os-cloud`	Create instance
`gcloud compute instances start INSTANCE_NAME`	Start instance
`gcloud compute instances stop INSTANCE_NAME`	Stop instance
`gcloud compute instances delete INSTANCE_NAME`	Delete instance
`gcloud compute instances reset INSTANCE_NAME`	Reset instance
`gcloud compute instances describe INSTANCE_NAME`	Show instance details

SSH and Remote Access

Command	Description
`gcloud compute ssh INSTANCE_NAME`	SSH into instance
`gcloud compute ssh INSTANCE_NAME --zone=ZONE`	SSH with specific zone
`gcloud compute scp LOCAL_FILE INSTANCE_NAME:REMOTE_PATH`	Copy file to instance
`gcloud compute scp INSTANCE_NAME:REMOTE_PATH LOCAL_FILE`	Copy file from instance
`gcloud compute os-login ssh-keys add --key-file=KEY_FILE`	Add SSH key

Machine Types and Images

Command	Description
`gcloud compute machine-types list`	List machine types
`gcloud compute machine-types list --filter="zone:us-central1-a"`	List machine types by zone
`gcloud compute images list`	List all images
`gcloud compute images list --filter="family:ubuntu-2004-lts"`	List images by family
`gcloud compute images create IMAGE_NAME --source-disk=DISK_NAME`	Create custom image

Disks

Command	Description
`gcloud compute disks list`	List all disks
`gcloud compute disks create DISK_NAME --size=100GB`	Create disk
`gcloud compute disks delete DISK_NAME`	Delete disk
`gcloud compute disks snapshot DISK_NAME --snapshot-names=SNAPSHOT_NAME`	Create snapshot
`gcloud compute instances attach-disk INSTANCE_NAME --disk=DISK_NAME`	Attach disk
`gcloud compute instances detach-disk INSTANCE_NAME --disk=DISK_NAME`	Detach disk

Cloud Storage

Bucket Operations

Command	Description
`gsutil ls`	List all buckets
`gsutil mb gs://BUCKET_NAME`	Create bucket
`gsutil rb gs://BUCKET_NAME`	Remove empty bucket
`gsutil rm -r gs://BUCKET_NAME`	Remove bucket and contents
`gsutil ls gs://BUCKET_NAME`	List objects in bucket
`gsutil ls -l gs://BUCKET_NAME`	List objects with details

File Operations

Command	Description
`gsutil cp FILE gs://BUCKET_NAME/`	Upload file
`gsutil cp gs://BUCKET_NAME/FILE .`	Download file
`gsutil cp -r DIRECTORY gs://BUCKET_NAME/`	Upload directory
`gsutil rsync -r LOCAL_DIR gs://BUCKET_NAME/`	Sync directory
`gsutil rm gs://BUCKET_NAME/FILE`	Delete file
`gsutil rm -r gs://BUCKET_NAME/DIRECTORY`	Delete directory

Bucket Configuration

Command	Description
`gsutil versioning set on gs://BUCKET_NAME`	Enable versioning
`gsutil versioning get gs://BUCKET_NAME`	Check versioning status
`gsutil lifecycle set LIFECYCLE_CONFIG gs://BUCKET_NAME`	Set lifecycle policy
`gsutil cors set CORS_CONFIG gs://BUCKET_NAME`	Set CORS policy
`gsutil iam get gs://BUCKET_NAME`	Get bucket IAM policy
`gsutil iam set POLICY_FILE gs://BUCKET_NAME`	Set bucket IAM policy

Google Kubernetes Engine (GKE)

Cluster Management

Command	Description
`gcloud container clusters list`	List all clusters
`gcloud container clusters create CLUSTER_NAME --num-nodes=3`	Create cluster
`gcloud container clusters delete CLUSTER_NAME`	Delete cluster
`gcloud container clusters get-credentials CLUSTER_NAME`	Get cluster credentials
`gcloud container clusters resize CLUSTER_NAME --num-nodes=5`	Resize cluster
`gcloud container clusters upgrade CLUSTER_NAME`	Upgrade cluster

Node Pools

Command	Description
`gcloud container node-pools list --cluster=CLUSTER_NAME`	List node pools
`gcloud container node-pools create POOL_NAME --cluster=CLUSTER_NAME --num-nodes=2`	Create node pool
`gcloud container node-pools delete POOL_NAME --cluster=CLUSTER_NAME`	Delete node pool
`gcloud container node-pools describe POOL_NAME --cluster=CLUSTER_NAME`	Describe node pool

Cluster Operations

Command	Description
`kubectl get nodes`	List cluster nodes
`kubectl get pods --all-namespaces`	List all pods
`kubectl apply -f MANIFEST_FILE`	Apply Kubernetes manifest
`kubectl delete -f MANIFEST_FILE`	Delete resources from manifest

Cloud Functions

Function Management

Command	Description
`gcloud functions list`	List all functions
`gcloud functions deploy FUNCTION_NAME --runtime=python39 --trigger-http`	Deploy HTTP function
`gcloud functions deploy FUNCTION_NAME --runtime=nodejs14 --trigger-topic=TOPIC_NAME`	Deploy Pub/Sub function
`gcloud functions delete FUNCTION_NAME`	Delete function
`gcloud functions describe FUNCTION_NAME`	Show function details
`gcloud functions call FUNCTION_NAME`	Call function

Function Logs

Command	Description
`gcloud functions logs read FUNCTION_NAME`	Read function logs
`gcloud functions logs read FUNCTION_NAME --limit=50`	Read recent logs
`gcloud functions logs read FUNCTION_NAME --start-time=2023-01-01`	Read logs from date

Cloud SQL

Instance Management

Command	Description
`gcloud sql instances list`	List SQL instances
`gcloud sql instances create INSTANCE_NAME --database-version=MYSQL_8_0 --tier=db-f1-micro`	Create MySQL instance
`gcloud sql instances create INSTANCE_NAME --database-version=POSTGRES_13 --tier=db-f1-micro`	Create PostgreSQL instance
`gcloud sql instances delete INSTANCE_NAME`	Delete instance
`gcloud sql instances describe INSTANCE_NAME`	Show instance details
`gcloud sql instances restart INSTANCE_NAME`	Restart instance

Database Operations

Command	Description
`gcloud sql databases list --instance=INSTANCE_NAME`	List databases
`gcloud sql databases create DATABASE_NAME --instance=INSTANCE_NAME`	Create database
`gcloud sql databases delete DATABASE_NAME --instance=INSTANCE_NAME`	Delete database

User Management

Command	Description
`gcloud sql users list --instance=INSTANCE_NAME`	List users
`gcloud sql users create USERNAME --instance=INSTANCE_NAME --password=PASSWORD`	Create user
`gcloud sql users delete USERNAME --instance=INSTANCE_NAME`	Delete user
`gcloud sql users set-password USERNAME --instance=INSTANCE_NAME --password=NEW_PASSWORD`	Change password

Backups

Command	Description
`gcloud sql backups list --instance=INSTANCE_NAME`	List backups
`gcloud sql backups create --instance=INSTANCE_NAME`	Create backup
`gcloud sql backups restore BACKUP_ID --restore-instance=INSTANCE_NAME`	Restore backup

App Engine

Application Management

Command	Description
`gcloud app deploy`	Deploy application
`gcloud app deploy --version=VERSION_NAME`	Deploy specific version
`gcloud app browse`	Open application in browser
`gcloud app describe`	Show application details
`gcloud app versions list`	List application versions
`gcloud app versions delete VERSION_NAME`	Delete version

Traffic Management

Command	Description
`gcloud app services list`	List services
`gcloud app versions migrate VERSION_NAME`	Migrate traffic to version
`gcloud app services set-traffic --splits=VERSION1=0.5,VERSION2=0.5`	Split traffic

Logs

Command	Description
`gcloud app logs tail`	Stream application logs
`gcloud app logs read`	Read application logs
`gcloud app logs read --service=SERVICE_NAME`	Read service logs

Cloud Pub/Sub

Topics

Command	Description
`gcloud pubsub topics list`	List topics
`gcloud pubsub topics create TOPIC_NAME`	Create topic
`gcloud pubsub topics delete TOPIC_NAME`	Delete topic
`gcloud pubsub topics describe TOPIC_NAME`	Show topic details
`gcloud pubsub topics publish TOPIC_NAME --message="Hello World"`	Publish message

Subscriptions

Command	Description
`gcloud pubsub subscriptions list`	List subscriptions
`gcloud pubsub subscriptions create SUBSCRIPTION_NAME --topic=TOPIC_NAME`	Create subscription
`gcloud pubsub subscriptions delete SUBSCRIPTION_NAME`	Delete subscription
`gcloud pubsub subscriptions pull SUBSCRIPTION_NAME`	Pull messages
`gcloud pubsub subscriptions pull SUBSCRIPTION_NAME --auto-ack`	Pull and acknowledge

IAM (Identity and Access Management)

Service Accounts

Command	Description
`gcloud iam service-accounts list`	List service accounts
`gcloud iam service-accounts create SERVICE_ACCOUNT_NAME`	Create service account
`gcloud iam service-accounts delete SERVICE_ACCOUNT_EMAIL`	Delete service account
`gcloud iam service-accounts keys create KEY_FILE --iam-account=SERVICE_ACCOUNT_EMAIL`	Create service account key
`gcloud iam service-accounts keys list --iam-account=SERVICE_ACCOUNT_EMAIL`	List service account keys

IAM Policies

Command	Description
`gcloud projects get-iam-policy PROJECT_ID`	Get project IAM policy
`gcloud projects add-iam-policy-binding PROJECT_ID --member=user:EMAIL --role=ROLE`	Add IAM binding
`gcloud projects remove-iam-policy-binding PROJECT_ID --member=user:EMAIL --role=ROLE`	Remove IAM binding
`gcloud iam roles list`	List predefined roles
`gcloud iam roles create ROLE_NAME --project=PROJECT_ID --file=ROLE_DEFINITION`	Create custom role

Cloud Build

Build Management

Command	Description
`gcloud builds list`	List builds
`gcloud builds submit --tag gcr.io/PROJECT_ID/IMAGE_NAME`	Build and push image
`gcloud builds submit --config=cloudbuild.yaml`	Build with config file
`gcloud builds describe BUILD_ID`	Show build details
`gcloud builds cancel BUILD_ID`	Cancel build

Triggers

Command	Description
`gcloud builds triggers list`	List build triggers
`gcloud builds triggers create github --repo-name=REPO_NAME --repo-owner=OWNER --branch-pattern=main`	Create GitHub trigger
`gcloud builds triggers delete TRIGGER_ID`	Delete trigger
`gcloud builds triggers run TRIGGER_NAME`	Run trigger manually

Networking

VPC Networks

Command	Description
`gcloud compute networks list`	List VPC networks
`gcloud compute networks create NETWORK_NAME --subnet-mode=custom`	Create custom VPC
`gcloud compute networks delete NETWORK_NAME`	Delete VPC network
`gcloud compute networks subnets list`	List subnets
`gcloud compute networks subnets create SUBNET_NAME --network=NETWORK_NAME --range=10.0.0.0/24`	Create subnet

Firewall Rules

Command	Description
`gcloud compute firewall-rules list`	List firewall rules
`gcloud compute firewall-rules create RULE_NAME --allow tcp:80,tcp:443 --source-ranges 0.0.0.0/0`	Create firewall rule
`gcloud compute firewall-rules delete RULE_NAME`	Delete firewall rule
`gcloud compute firewall-rules describe RULE_NAME`	Show firewall rule details

Load Balancers

Command	Description
`gcloud compute url-maps list`	List URL maps
`gcloud compute backend-services list`	List backend services
`gcloud compute target-http-proxies list`	List HTTP proxies
`gcloud compute forwarding-rules list`	List forwarding rules

Monitoring and Logging

Cloud Logging

Command	Description
`gcloud logging logs list`	List available logs
`gcloud logging read "resource.type=gce_instance"`	Read logs by resource
`gcloud logging read "timestamp>=2023-01-01T00:00:00Z"`	Read logs by time
`gcloud logging sinks list`	List log sinks
`gcloud logging sinks create SINK_NAME DESTINATION --log-filter=FILTER`	Create log sink

Cloud Monitoring

Command	Description
`gcloud alpha monitoring policies list`	List alerting policies
`gcloud alpha monitoring channels list`	List notification channels

Best Practices

Security

Service Accounts: Use service accounts for applications
IAM Principles: Follow principle of least privilege
VPC Security: Use private subnets and firewall rules
Secret Management: Use Secret Manager for sensitive data

Cost Optimization

Resource Labels: Label resources for cost tracking
Preemptible Instances: Use preemptible VMs for batch workloads
Committed Use: Use committed use discounts for predictable workloads
Auto-scaling: Configure auto-scaling for dynamic workloads

Automation

Infrastructure as Code: Use Deployment Manager or Terraform
CI/CD: Use Cloud Build for continuous integration
Monitoring: Set up comprehensive monitoring and alerting
Backup Strategy: Implement automated backup strategies