구글 클라우드 CLI (gcloud)¶

Compute Engine, Cloud Storage 및 Kubernetes Engine을 포함한 Google Cloud Platform 서비스를 관리하기위한 포괄적 인 Google Cloud CLI 명령 및 워크플로우.

설치 및 인증¶

Command	Description
`gcloud auth login`	Login to Google Cloud
`gcloud auth application-default login`	Login for application default credentials
`gcloud auth list`	List authenticated accounts
`gcloud auth revoke`	Revoke authentication
`gcloud config list`	Show current configuration
`gcloud config set project PROJECT_ID`	Set default project
`gcloud config set compute/region us-central1`	Set default region
`gcloud config set compute/zone us-central1-a`	Set default zone

프로젝트 관리¶

Command	Description
`gcloud projects list`	List all projects
`gcloud projects create PROJECT_ID`	Create new project
`gcloud projects delete PROJECT_ID`	Delete project
`gcloud projects describe PROJECT_ID`	Show project details
`gcloud config get-value project`	Get current project
`gcloud config configurations list`	List configurations
`gcloud config configurations create CONFIG_NAME`	Create configuration
`gcloud config configurations activate CONFIG_NAME`	Activate configuration

Compute 엔진¶

Instance 관리¶

Command	Description
`gcloud compute instances list`	List all instances
`gcloud compute instances create INSTANCE_NAME --machine-type=e2-medium --image-family=ubuntu-2004-lts --image-project=ubuntu-os-cloud`	Create instance
`gcloud compute instances start INSTANCE_NAME`	Start instance
`gcloud compute instances stop INSTANCE_NAME`	Stop instance
`gcloud compute instances delete INSTANCE_NAME`	Delete instance
`gcloud compute instances reset INSTANCE_NAME`	Reset instance
`gcloud compute instances describe INSTANCE_NAME`	Show instance details

SSH 및 원격 액세스¶

Command	Description
`gcloud compute ssh INSTANCE_NAME`	SSH into instance
`gcloud compute ssh INSTANCE_NAME --zone=ZONE`	SSH with specific zone
`gcloud compute scp LOCAL_FILE INSTANCE_NAME:REMOTE_PATH`	Copy file to instance
`gcloud compute scp INSTANCE_NAME:REMOTE_PATH LOCAL_FILE`	Copy file from instance
`gcloud compute os-login ssh-keys add --key-file=KEY_FILE`	Add SSH key

기계 종류 및 이미지¶

Command	Description
`gcloud compute machine-types list`	List machine types
`gcloud compute machine-types list --filter="zone:us-central1-a"`	List machine types by zone
`gcloud compute images list`	List all images
`gcloud compute images list --filter="family:ubuntu-2004-lts"`	List images by family
`gcloud compute images create IMAGE_NAME --source-disk=DISK_NAME`	Create custom image

디스크¶

Command	Description
`gcloud compute disks list`	List all disks
`gcloud compute disks create DISK_NAME --size=100GB`	Create disk
`gcloud compute disks delete DISK_NAME`	Delete disk
`gcloud compute disks snapshot DISK_NAME --snapshot-names=SNAPSHOT_NAME`	Create snapshot
`gcloud compute instances attach-disk INSTANCE_NAME --disk=DISK_NAME`	Attach disk
`gcloud compute instances detach-disk INSTANCE_NAME --disk=DISK_NAME`	Detach disk

클라우드 스토리지¶

물통 가동¶

Command	Description
`gsutil ls`	List all buckets
`gsutil mb gs://BUCKET_NAME`	Create bucket
`gsutil rb gs://BUCKET_NAME`	Remove empty bucket
`gsutil rm -r gs://BUCKET_NAME`	Remove bucket and contents
`gsutil ls gs://BUCKET_NAME`	List objects in bucket
`gsutil ls -l gs://BUCKET_NAME`	List objects with details

파일 작업¶

Command	Description
`gsutil cp FILE gs://BUCKET_NAME/`	Upload file
`gsutil cp gs://BUCKET_NAME/FILE .`	Download file
`gsutil cp -r DIRECTORY gs://BUCKET_NAME/`	Upload directory
`gsutil rsync -r LOCAL_DIR gs://BUCKET_NAME/`	Sync directory
`gsutil rm gs://BUCKET_NAME/FILE`	Delete file
`gsutil rm -r gs://BUCKET_NAME/DIRECTORY`	Delete directory

물통 윤곽¶

Command	Description
`gsutil versioning set on gs://BUCKET_NAME`	Enable versioning
`gsutil versioning get gs://BUCKET_NAME`	Check versioning status
`gsutil lifecycle set LIFECYCLE_CONFIG gs://BUCKET_NAME`	Set lifecycle policy
`gsutil cors set CORS_CONFIG gs://BUCKET_NAME`	Set CORS policy
`gsutil iam get gs://BUCKET_NAME`	Get bucket IAM policy
`gsutil iam set POLICY_FILE gs://BUCKET_NAME`	Set bucket IAM policy

Google 쿠버네티스 엔진 (GKE)¶

Cluster 관리¶

Command	Description
`gcloud container clusters list`	List all clusters
`gcloud container clusters create CLUSTER_NAME --num-nodes=3`	Create cluster
`gcloud container clusters delete CLUSTER_NAME`	Delete cluster
`gcloud container clusters get-credentials CLUSTER_NAME`	Get cluster credentials
`gcloud container clusters resize CLUSTER_NAME --num-nodes=5`	Resize cluster
`gcloud container clusters upgrade CLUSTER_NAME`	Upgrade cluster

노드 풀¶

Command	Description
`gcloud container node-pools list --cluster=CLUSTER_NAME`	List node pools
`gcloud container node-pools create POOL_NAME --cluster=CLUSTER_NAME --num-nodes=2`	Create node pool
`gcloud container node-pools delete POOL_NAME --cluster=CLUSTER_NAME`	Delete node pool
`gcloud container node-pools describe POOL_NAME --cluster=CLUSTER_NAME`	Describe node pool

클러스터 작업¶

Command	Description
`kubectl get nodes`	List cluster nodes
`kubectl get pods --all-namespaces`	List all pods
`kubectl apply -f MANIFEST_FILE`	Apply Kubernetes manifest
`kubectl delete -f MANIFEST_FILE`	Delete resources from manifest

클라우드 기능¶

기능 관리¶

Command	Description
`gcloud functions list`	List all functions
`gcloud functions deploy FUNCTION_NAME --runtime=python39 --trigger-http`	Deploy HTTP function
`gcloud functions deploy FUNCTION_NAME --runtime=nodejs14 --trigger-topic=TOPIC_NAME`	Deploy Pub/Sub function
`gcloud functions delete FUNCTION_NAME`	Delete function
`gcloud functions describe FUNCTION_NAME`	Show function details
`gcloud functions call FUNCTION_NAME`	Call function

기능 로그¶

Command	Description
`gcloud functions logs read FUNCTION_NAME`	Read function logs
`gcloud functions logs read FUNCTION_NAME --limit=50`	Read recent logs
`gcloud functions logs read FUNCTION_NAME --start-time=2023-01-01`	Read logs from date

클라우드 SQL¶

Instance 관리¶

Command	Description
`gcloud sql instances list`	List SQL instances
`gcloud sql instances create INSTANCE_NAME --database-version=MYSQL_8_0 --tier=db-f1-micro`	Create MySQL instance
`gcloud sql instances create INSTANCE_NAME --database-version=POSTGRES_13 --tier=db-f1-micro`	Create PostgreSQL instance
`gcloud sql instances delete INSTANCE_NAME`	Delete instance
`gcloud sql instances describe INSTANCE_NAME`	Show instance details
`gcloud sql instances restart INSTANCE_NAME`	Restart instance

Database 운영¶

Command	Description
`gcloud sql databases list --instance=INSTANCE_NAME`	List databases
`gcloud sql databases create DATABASE_NAME --instance=INSTANCE_NAME`	Create database
`gcloud sql databases delete DATABASE_NAME --instance=INSTANCE_NAME`	Delete database

사용자 관리¶

Command	Description
`gcloud sql users list --instance=INSTANCE_NAME`	List users
`gcloud sql users create USERNAME --instance=INSTANCE_NAME --password=PASSWORD`	Create user
`gcloud sql users delete USERNAME --instance=INSTANCE_NAME`	Delete user
`gcloud sql users set-password USERNAME --instance=INSTANCE_NAME --password=NEW_PASSWORD`	Change password

지원하다¶

Command	Description
`gcloud sql backups list --instance=INSTANCE_NAME`	List backups
`gcloud sql backups create --instance=INSTANCE_NAME`	Create backup
`gcloud sql backups restore BACKUP_ID --restore-instance=INSTANCE_NAME`	Restore backup

앱 엔진¶

Application 관리¶

Command	Description
`gcloud app deploy`	Deploy application
`gcloud app deploy --version=VERSION_NAME`	Deploy specific version
`gcloud app browse`	Open application in browser
`gcloud app describe`	Show application details
`gcloud app versions list`	List application versions
`gcloud app versions delete VERSION_NAME`	Delete version

교통 관리¶

Command	Description
`gcloud app services list`	List services
`gcloud app versions migrate VERSION_NAME`	Migrate traffic to version
`gcloud app services set-traffic --splits=VERSION1=0.5,VERSION2=0.5`	Split traffic

로그인¶

Command	Description
`gcloud app logs tail`	Stream application logs
`gcloud app logs read`	Read application logs
`gcloud app logs read --service=SERVICE_NAME`	Read service logs

클라우드 Pub/Sub¶

팟캐스트¶

Command	Description
`gcloud pubsub topics list`	List topics
`gcloud pubsub topics create TOPIC_NAME`	Create topic
`gcloud pubsub topics delete TOPIC_NAME`	Delete topic
`gcloud pubsub topics describe TOPIC_NAME`	Show topic details
`gcloud pubsub topics publish TOPIC_NAME --message="Hello World"`	Publish message

이름 *¶

Command	Description
`gcloud pubsub subscriptions list`	List subscriptions
`gcloud pubsub subscriptions create SUBSCRIPTION_NAME --topic=TOPIC_NAME`	Create subscription
`gcloud pubsub subscriptions delete SUBSCRIPTION_NAME`	Delete subscription
`gcloud pubsub subscriptions pull SUBSCRIPTION_NAME`	Pull messages
`gcloud pubsub subscriptions pull SUBSCRIPTION_NAME --auto-ack`	Pull and acknowledge

IAM (Identity 및 Access Management)¶

서비스 계정¶

Command	Description
`gcloud iam service-accounts list`	List service accounts
`gcloud iam service-accounts create SERVICE_ACCOUNT_NAME`	Create service account
`gcloud iam service-accounts delete SERVICE_ACCOUNT_EMAIL`	Delete service account
`gcloud iam service-accounts keys create KEY_FILE --iam-account=SERVICE_ACCOUNT_EMAIL`	Create service account key
`gcloud iam service-accounts keys list --iam-account=SERVICE_ACCOUNT_EMAIL`	List service account keys

IAM 정책¶

Command	Description
`gcloud projects get-iam-policy PROJECT_ID`	Get project IAM policy
`gcloud projects add-iam-policy-binding PROJECT_ID --member=user:EMAIL --role=ROLE`	Add IAM binding
`gcloud projects remove-iam-policy-binding PROJECT_ID --member=user:EMAIL --role=ROLE`	Remove IAM binding
`gcloud iam roles list`	List predefined roles
`gcloud iam roles create ROLE_NAME --project=PROJECT_ID --file=ROLE_DEFINITION`	Create custom role

클라우드 구축¶

회사연혁¶

Command	Description
`gcloud builds list`	List builds
`gcloud builds submit --tag gcr.io/PROJECT_ID/IMAGE_NAME`	Build and push image
`gcloud builds submit --config=cloudbuild.yaml`	Build with config file
`gcloud builds describe BUILD_ID`	Show build details
`gcloud builds cancel BUILD_ID`	Cancel build

트리거¶

Command	Description
`gcloud builds triggers list`	List build triggers
`gcloud builds triggers create github --repo-name=REPO_NAME --repo-owner=OWNER --branch-pattern=main`	Create GitHub trigger
`gcloud builds triggers delete TRIGGER_ID`	Delete trigger
`gcloud builds triggers run TRIGGER_NAME`	Run trigger manually

사업영역¶

모형: VPC 네트워크¶

Command	Description
`gcloud compute networks list`	List VPC networks
`gcloud compute networks create NETWORK_NAME --subnet-mode=custom`	Create custom VPC
`gcloud compute networks delete NETWORK_NAME`	Delete VPC network
`gcloud compute networks subnets list`	List subnets
`gcloud compute networks subnets create SUBNET_NAME --network=NETWORK_NAME --range=10.0.0.0/24`	Create subnet

방화벽 규칙¶

Command	Description
`gcloud compute firewall-rules list`	List firewall rules
`gcloud compute firewall-rules create RULE_NAME --allow tcp:80,tcp:443 --source-ranges 0.0.0.0/0`	Create firewall rule
`gcloud compute firewall-rules delete RULE_NAME`	Delete firewall rule
`gcloud compute firewall-rules describe RULE_NAME`	Show firewall rule details

로드밸런서¶

Command	Description
`gcloud compute url-maps list`	List URL maps
`gcloud compute backend-services list`	List backend services
`gcloud compute target-http-proxies list`	List HTTP proxies
`gcloud compute forwarding-rules list`	List forwarding rules

모니터링 및 로깅¶

클라우드 로깅¶

Command	Description
`gcloud logging logs list`	List available logs
`gcloud logging read "resource.type=gce_instance"`	Read logs by resource
`gcloud logging read "timestamp>=2023-01-01T00:00:00Z"`	Read logs by time
`gcloud logging sinks list`	List log sinks
`gcloud logging sinks create SINK_NAME DESTINATION --log-filter=FILTER`	Create log sink

클라우드 모니터링¶

Command	Description
`gcloud alpha monitoring policies list`	List alerting policies
`gcloud alpha monitoring channels list`	List notification channels

최고의 연습¶

계정 관리¶

서비스 계정: 서비스 계정 사용
**IAM 원칙 **: 최소 권한의 원칙을 따르십시오.
VPC 소개 Security**: 개인 서브넷 및 방화벽 규칙 사용
명세 Secret Management: 민감한 데이터를 위한 Secret Manager 사용

비용 최적화¶

** 리소스 라벨 ** : 비용 추적을위한 라벨 리소스
Preemptible Instances: 배치 작업 부하에 대한 preemptible VMs 사용
** 완료 Use**: 예측 가능한 워크로드에 대한 최적의 사용 할인
명세 Auto-scaling: 동적 워크로드를 위한 자동 스케일링 구성

회사연혁¶

** Code**: Deployment Manager 또는 Terraform 사용
CI/CD: 지속적인 통합을 위한 Cloud Build 사용
Monitoring: 종합 모니터링 및 경고 설정
명세 Backup Strategy: 자동화된 백업 전략 구현