Google Cloud Platform operations patterns and best practices
Use this skill when managing Google Cloud resources, setting up GCP infrastructure, troubleshooting GCP services, or configuring IAM policies.
# Login interactively
gcloud auth login
# Login with service account
gcloud auth activate-service-account --key-file=key.json
# Application default credentials (for Terraform, SDKs)
gcloud auth application-default login
# Check current auth
gcloud auth list
gcloud config get-value account
# Set project
gcloud config set project PROJECT_ID
# Set region/zone
gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-a
# View all config
gcloud config list
# Named configurations (for multiple projects)
gcloud config configurations create staging
gcloud config configurations activate staging
gcloud config set project my-staging-project
# List instances
gcloud compute instances list
# Create instance
gcloud compute instances create my-vm \
--machine-type=e2-medium \
--image-family=debian-12 \
--image-project=debian-cloud \
--boot-disk-size=20GB
# SSH into instance
gcloud compute ssh my-vm --zone=us-central1-a
# Stop / Start / Delete
gcloud compute instances stop my-vm
gcloud compute instances start my-vm
gcloud compute instances delete my-vm
# Create cluster
gcloud container clusters create my-cluster \
--num-nodes=3 \
--machine-type=e2-standard-4 \
--region=us-central1
# Get credentials (configure kubectl)
gcloud container clusters get-credentials my-cluster --region=us-central1
# List clusters
gcloud container clusters list
# Resize
gcloud container clusters resize my-cluster --num-nodes=5 --region=us-central1
# Delete cluster
gcloud container clusters delete my-cluster --region=us-central1
# Deploy from container image
gcloud run deploy my-service \
--image=gcr.io/PROJECT/image:tag \
--region=us-central1 \
--allow-unauthenticated
# Deploy from source
gcloud run deploy my-service --source=. --region=us-central1
# List services
gcloud run services list
# View logs
gcloud run services logs read my-service --region=us-central1
# Delete service
gcloud run services delete my-service --region=us-central1
# View project IAM policy
gcloud projects get-iam-policy PROJECT_ID
# Grant a role
gcloud projects add-iam-policy-binding PROJECT_ID \
--member=user:[email protected] \
--role=roles/compute.viewer
# Revoke a role
gcloud projects remove-iam-policy-binding PROJECT_ID \
--member=user:[email protected] \
--role=roles/compute.viewer
# List service accounts
gcloud iam service-accounts list
| Task | Role |
|---|---|
| View resources | roles/viewer |
| Deploy Cloud Run | roles/run.developer |
| Manage GKE | roles/container.clusterAdmin |
| Manage Compute | roles/compute.instanceAdmin.v1 |
| Manage Storage | roles/storage.admin |
| View logs | roles/logging.viewer |
# Read recent logs
gcloud logging read "resource.type=gce_instance" --limit=20
# Read logs with severity filter
gcloud logging read "severity>=ERROR" --freshness=1h
# Read logs for a specific resource
gcloud logging read 'resource.type="cloud_run_revision" AND resource.labels.service_name="my-service"'
# Tail logs (stream)
gcloud logging tail "resource.type=gce_instance"
e2- machine types for cost-effective general workloadsgcloud billing budgets create ...gcloud recommender recommendations list ...When using Terraform with Google Cloud:
provider "google" {
project = "my-project"
region = "us-central1"
}
google_project_service to enable APIs declarativelyterraform import to bring existing resources under managementterraform { backend "gcs" { bucket = "..." } }