GCP Basics
gcloud CLI & Setup
# Install Google Cloud SDK
# For Ubuntu/Debian:
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
sudo apt-get install apt-transport-https ca-certificates gnupg
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update && sudo apt-get install google-cloud-sdk
# Initialize gcloud
gcloud init
gcloud auth login
gcloud config set project PROJECT_ID
gcloud config set compute/zone us-central1-a
# Basic gcloud commands
gcloud info
gcloud version
gcloud components update
gcloud config list
gcloud projects list
gcloud auth list
# Service account management
gcloud iam service-accounts list
gcloud iam service-accounts create SA_NAME
gcloud projects add-iam-policy-binding PROJECT_ID --member="serviceAccount:SA_NAME@PROJECT_ID.iam.gserviceaccount.com" --role="roles/editor"
# For Ubuntu/Debian:
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
sudo apt-get install apt-transport-https ca-certificates gnupg
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update && sudo apt-get install google-cloud-sdk
# Initialize gcloud
gcloud init
gcloud auth login
gcloud config set project PROJECT_ID
gcloud config set compute/zone us-central1-a
# Basic gcloud commands
gcloud info
gcloud version
gcloud components update
gcloud config list
gcloud projects list
gcloud auth list
# Service account management
gcloud iam service-accounts list
gcloud iam service-accounts create SA_NAME
gcloud projects add-iam-policy-binding PROJECT_ID --member="serviceAccount:SA_NAME@PROJECT_ID.iam.gserviceaccount.com" --role="roles/editor"
Project & Billing
# Project management
gcloud projects create PROJECT_ID --name="Project Name"
gcloud projects describe PROJECT_ID
gcloud projects list
gcloud projects delete PROJECT_ID
# Billing management
gcloud billing accounts list
gcloud beta billing projects link PROJECT_ID --billing-account=BILLING_ACCOUNT_ID
# Enable APIs
gcloud services list --available
gcloud services enable compute.googleapis.com
gcloud services enable container.googleapis.com
gcloud services enable storage-component.googleapis.com
# IAM & Permissions
gcloud iam roles list
gcloud iam roles describe roles/viewer
gcloud projects get-iam-policy PROJECT_ID
gcloud projects add-iam-policy-binding PROJECT_ID --member=user:example@gmail.com --role=roles/editor
gcloud projects remove-iam-policy-binding PROJECT_ID --member=user:example@gmail.com --role=roles/editor
# Quota management
gcloud compute project-info describe --project PROJECT_ID
gcloud compute regions describe us-central1
gcloud projects create PROJECT_ID --name="Project Name"
gcloud projects describe PROJECT_ID
gcloud projects list
gcloud projects delete PROJECT_ID
# Billing management
gcloud billing accounts list
gcloud beta billing projects link PROJECT_ID --billing-account=BILLING_ACCOUNT_ID
# Enable APIs
gcloud services list --available
gcloud services enable compute.googleapis.com
gcloud services enable container.googleapis.com
gcloud services enable storage-component.googleapis.com
# IAM & Permissions
gcloud iam roles list
gcloud iam roles describe roles/viewer
gcloud projects get-iam-policy PROJECT_ID
gcloud projects add-iam-policy-binding PROJECT_ID --member=user:example@gmail.com --role=roles/editor
gcloud projects remove-iam-policy-binding PROJECT_ID --member=user:example@gmail.com --role=roles/editor
# Quota management
gcloud compute project-info describe --project PROJECT_ID
gcloud compute regions describe us-central1
Compute Services
Compute Engine
# VM instance management
gcloud compute instances list
gcloud compute instances create instance-1 --machine-type=n1-standard-1 --image-family=debian-10 --image-project=debian-cloud
gcloud compute instances create instance-2 --preemptible --maintenance-policy=TERMINATE
gcloud compute instances describe instance-1
gcloud compute instances stop instance-1
gcloud compute instances start instance-1
gcloud compute instances delete instance-1
# SSH into instances
gcloud compute ssh instance-1 --zone=us-central1-a
gcloud compute scp local-file.txt instance-1:remote-file.txt
# Disk management
gcloud compute disks create disk-1 --size=100GB --type=pd-ssd
gcloud compute disks snapshot disk-1 --snapshot-names=snapshot-1
gcloud compute disks list
# Instance groups
gcloud compute instance-templates create template-1 --machine-type=n1-standard-1 --image=debian-9-stretch-v20200805
gcloud compute instance-groups managed create group-1 --base-instance-name=instance-group-1 --template=template-1 --size=3
gcloud compute instance-groups managed set-autoscaling group-1 --max-num-replicas=10 --min-num-replicas=3 --target-cpu-utilization=0.8
# Firewall rules
gcloud compute firewall-rules create allow-http --allow=tcp:80 --target-tags=http-server
gcloud compute firewall-rules create allow-https --allow=tcp:443 --target-tags=https-server
gcloud compute firewall-rules list
gcloud compute instances list
gcloud compute instances create instance-1 --machine-type=n1-standard-1 --image-family=debian-10 --image-project=debian-cloud
gcloud compute instances create instance-2 --preemptible --maintenance-policy=TERMINATE
gcloud compute instances describe instance-1
gcloud compute instances stop instance-1
gcloud compute instances start instance-1
gcloud compute instances delete instance-1
# SSH into instances
gcloud compute ssh instance-1 --zone=us-central1-a
gcloud compute scp local-file.txt instance-1:remote-file.txt
# Disk management
gcloud compute disks create disk-1 --size=100GB --type=pd-ssd
gcloud compute disks snapshot disk-1 --snapshot-names=snapshot-1
gcloud compute disks list
# Instance groups
gcloud compute instance-templates create template-1 --machine-type=n1-standard-1 --image=debian-9-stretch-v20200805
gcloud compute instance-groups managed create group-1 --base-instance-name=instance-group-1 --template=template-1 --size=3
gcloud compute instance-groups managed set-autoscaling group-1 --max-num-replicas=10 --min-num-replicas=3 --target-cpu-utilization=0.8
# Firewall rules
gcloud compute firewall-rules create allow-http --allow=tcp:80 --target-tags=http-server
gcloud compute firewall-rules create allow-https --allow=tcp:443 --target-tags=https-server
gcloud compute firewall-rules list
Kubernetes Engine (GKE)
# Cluster management
gcloud container clusters list
gcloud container clusters create my-cluster --num-nodes=3 --machine-type=n1-standard-2
gcloud container clusters create my-cluster --enable-autoscaling --min-nodes=1 --max-nodes=5
gcloud container clusters get-credentials my-cluster
gcloud container clusters delete my-cluster
# Node pools
gcloud container node-pools list --cluster=my-cluster
gcloud container node-pools create pool-1 --cluster=my-cluster --num-nodes=2 --machine-type=n1-standard-2
gcloud container node-pools delete pool-1 --cluster=my-cluster
# GKE Autopilot
gcloud container clusters create-auto my-autopilot-cluster --region=us-central1
# Workload management
gcloud container images list
gcloud container images list-tags gcr.io/my-project/my-image
gcloud builds submit --tag gcr.io/my-project/my-image .
# Using kubectl with GKE
kubectl get nodes
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=LoadBalancer
kubectl get services
kubectl scale deployment nginx --replicas=3
# GKE features
gcloud container clusters update my-cluster --enable-network-policy
gcloud container clusters update my-cluster --enable-ip-alias
gcloud container clusters list
gcloud container clusters create my-cluster --num-nodes=3 --machine-type=n1-standard-2
gcloud container clusters create my-cluster --enable-autoscaling --min-nodes=1 --max-nodes=5
gcloud container clusters get-credentials my-cluster
gcloud container clusters delete my-cluster
# Node pools
gcloud container node-pools list --cluster=my-cluster
gcloud container node-pools create pool-1 --cluster=my-cluster --num-nodes=2 --machine-type=n1-standard-2
gcloud container node-pools delete pool-1 --cluster=my-cluster
# GKE Autopilot
gcloud container clusters create-auto my-autopilot-cluster --region=us-central1
# Workload management
gcloud container images list
gcloud container images list-tags gcr.io/my-project/my-image
gcloud builds submit --tag gcr.io/my-project/my-image .
# Using kubectl with GKE
kubectl get nodes
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=LoadBalancer
kubectl get services
kubectl scale deployment nginx --replicas=3
# GKE features
gcloud container clusters update my-cluster --enable-network-policy
gcloud container clusters update my-cluster --enable-ip-alias
App Engine & Cloud Functions
# App Engine
# app.yaml for Python
runtime: python39
entrypoint: gunicorn -b :$PORT main:app
env_variables:
MY_VAR: 'my_value'
# Deploy to App Engine
gcloud app deploy app.yaml --version=1 --promote
gcloud app browse
gcloud app logs tail -s default
gcloud app versions list
gcloud app versions delete 1
# Cloud Functions
# Deploy HTTP function
gcloud functions deploy my-function --runtime=python39 --trigger-http --allow-unauthenticated --entry-point=hello_http
# Deploy background function
gcloud functions deploy my-function --runtime=python39 --trigger-topic=my-topic --entry-point=hello_pubsub
# Manage functions
gcloud functions list
gcloud functions describe my-function
gcloud functions delete my-function
gcloud functions logs read my-function
# Cloud Run
gcloud run deploy my-service --image=gcr.io/my-project/my-image --platform=managed --region=us-central1 --allow-unauthenticated
gcloud run services list --platform=managed
gcloud run services describe my-service --platform=managed --region=us-central1
# app.yaml for Python
runtime: python39
entrypoint: gunicorn -b :$PORT main:app
env_variables:
MY_VAR: 'my_value'
# Deploy to App Engine
gcloud app deploy app.yaml --version=1 --promote
gcloud app browse
gcloud app logs tail -s default
gcloud app versions list
gcloud app versions delete 1
# Cloud Functions
# Deploy HTTP function
gcloud functions deploy my-function --runtime=python39 --trigger-http --allow-unauthenticated --entry-point=hello_http
# Deploy background function
gcloud functions deploy my-function --runtime=python39 --trigger-topic=my-topic --entry-point=hello_pubsub
# Manage functions
gcloud functions list
gcloud functions describe my-function
gcloud functions delete my-function
gcloud functions logs read my-function
# Cloud Run
gcloud run deploy my-service --image=gcr.io/my-project/my-image --platform=managed --region=us-central1 --allow-unauthenticated
gcloud run services list --platform=managed
gcloud run services describe my-service --platform=managed --region=us-central1
Cloud Storage
# Bucket management
gsutil mb gs://my-bucket
gsutil ls
gsutil du -h gs://my-bucket
gsutil rb gs://my-bucket
# File operations
gsutil cp file.txt gs://my-bucket/
gsutil cp gs://my-bucket/file.txt .
gsutil mv gs://my-bucket/file.txt gs://my-bucket/newfile.txt
gsutil rm gs://my-bucket/file.txt
gsutil rsync -r ./dir gs://my-bucket/dir
# Access control
gsutil iam ch user:email@gmail.com:objectViewer gs://my-bucket
gsutil iam get gs://my-bucket
gsutil defacl set public-read gs://my-bucket
gsutil acl set private gs://my-bucket
# Lifecycle management
# Create lifecycle.json
{
"rule": [
{
"action": {"type": "Delete"},
"condition": {"age": 365}
}
]
}
gsutil lifecycle set lifecycle.json gs://my-bucket
gsutil lifecycle get gs://my-bucket
# Versioning
gsutil versioning set on gs://my-bucket
gsutil ls -a gs://my-bucket
gsutil cp gs://my-bucket/file.txt#1234567890 .
# Transfer Service
gcloud transfer jobs create gs://source-bucket gs://dest-bucket
gcloud transfer jobs list
gcloud transfer operations list
gsutil mb gs://my-bucket
gsutil ls
gsutil du -h gs://my-bucket
gsutil rb gs://my-bucket
# File operations
gsutil cp file.txt gs://my-bucket/
gsutil cp gs://my-bucket/file.txt .
gsutil mv gs://my-bucket/file.txt gs://my-bucket/newfile.txt
gsutil rm gs://my-bucket/file.txt
gsutil rsync -r ./dir gs://my-bucket/dir
# Access control
gsutil iam ch user:email@gmail.com:objectViewer gs://my-bucket
gsutil iam get gs://my-bucket
gsutil defacl set public-read gs://my-bucket
gsutil acl set private gs://my-bucket
# Lifecycle management
# Create lifecycle.json
{
"rule": [
{
"action": {"type": "Delete"},
"condition": {"age": 365}
}
]
}
gsutil lifecycle set lifecycle.json gs://my-bucket
gsutil lifecycle get gs://my-bucket
# Versioning
gsutil versioning set on gs://my-bucket
gsutil ls -a gs://my-bucket
gsutil cp gs://my-bucket/file.txt#1234567890 .
# Transfer Service
gcloud transfer jobs create gs://source-bucket gs://dest-bucket
gcloud transfer jobs list
gcloud transfer operations list
Database Services
Cloud SQL
# Instance management
gcloud sql instances list
gcloud sql instances create my-instance --database-version=MYSQL_8_0 --cpu=2 --memory=4GB --root-password=my-password
gcloud sql instances describe my-instance
gcloud sql instances patch my-instance --memory=8GB
gcloud sql instances delete my-instance
# Database management
gcloud sql databases list --instance=my-instance
gcloud sql databases create my-database --instance=my-instance
gcloud sql databases delete my-database --instance=my-instance
# User management
gcloud sql users list --instance=my-instance
gcloud sql users create my-user --instance=my-instance --password=my-password
gcloud sql users set-password my-user --instance=my-instance --password=new-password
# Connect to instances
gcloud sql connect my-instance --user=root
mysql --host=IP --user=root --password
# Backups and exports
gcloud sql backups list --instance=my-instance
gcloud sql backups describe BACKUP_ID --instance=my-instance
gcloud sql export sql my-instance gs://my-bucket/export.sql --database=my-database
gcloud sql import sql my-instance gs://my-bucket/import.sql
# SSL certificates
gcloud sql ssl-certs list --instance=my-instance
gcloud sql ssl-certs create client-cert client-key.pem --instance=my-instance
gcloud sql ssl-certs describe client-cert --instance=my-instance
gcloud sql instances list
gcloud sql instances create my-instance --database-version=MYSQL_8_0 --cpu=2 --memory=4GB --root-password=my-password
gcloud sql instances describe my-instance
gcloud sql instances patch my-instance --memory=8GB
gcloud sql instances delete my-instance
# Database management
gcloud sql databases list --instance=my-instance
gcloud sql databases create my-database --instance=my-instance
gcloud sql databases delete my-database --instance=my-instance
# User management
gcloud sql users list --instance=my-instance
gcloud sql users create my-user --instance=my-instance --password=my-password
gcloud sql users set-password my-user --instance=my-instance --password=new-password
# Connect to instances
gcloud sql connect my-instance --user=root
mysql --host=IP --user=root --password
# Backups and exports
gcloud sql backups list --instance=my-instance
gcloud sql backups describe BACKUP_ID --instance=my-instance
gcloud sql export sql my-instance gs://my-bucket/export.sql --database=my-database
gcloud sql import sql my-instance gs://my-bucket/import.sql
# SSL certificates
gcloud sql ssl-certs list --instance=my-instance
gcloud sql ssl-certs create client-cert client-key.pem --instance=my-instance
gcloud sql ssl-certs describe client-cert --instance=my-instance
Firestore & Bigtable
# Firestore management
gcloud firestore indexes composite list
gcloud firestore import gs://my-bucket/namespace/
gcloud firestore export gs://my-bucket/namespace/
# Firestore database creation (only available via UI or API)
# Use the Firebase console or enable Firestore API
gcloud services enable firestore.googleapis.com
# Bigtable instance management
gcloud bigtable instances list
gcloud bigtable instances create my-bigtable-instance --display-name="My Bigtable" --cluster=my-cluster --cluster-zone=us-central1-a --cluster-num-nodes=3
gcloud bigtable instances update my-bigtable-instance --display-name="New Name"
gcloud bigtable instances delete my-bigtable-instance
# Bigtable cluster management
gcloud bigtable clusters list --instance=my-bigtable-instance
gcloud bigtable clusters update my-cluster --instance=my-bigtable-instance --num-nodes=5
gcloud bigtable clusters delete my-cluster --instance=my-bigtable-instance
# Bigtable tables
cbt -instance=my-bigtable-instance createtable my-table
cbt -instance=my-bigtable-instance ls
cbt -instance=my-bigtable-instance read my-table
cbt -instance=my-bigtable-instance deletetable my-table
# Bigtable column families
cbt -instance=my-bigtable-instance createfamily my-table cf1
cbt -instance=my-bigtable-instance ls my-table
cbt -instance=my-bigtable-instance deletefamily my-table cf1
# Spanner instances
gcloud spanner instances list
gcloud spanner instances create my-spanner-instance --config=regional-us-central1 --description="My Spanner" --nodes=1
gcloud spanner instances update my-spanner-instance --nodes=3
gcloud spanner instances delete my-spanner-instance
gcloud firestore indexes composite list
gcloud firestore import gs://my-bucket/namespace/
gcloud firestore export gs://my-bucket/namespace/
# Firestore database creation (only available via UI or API)
# Use the Firebase console or enable Firestore API
gcloud services enable firestore.googleapis.com
# Bigtable instance management
gcloud bigtable instances list
gcloud bigtable instances create my-bigtable-instance --display-name="My Bigtable" --cluster=my-cluster --cluster-zone=us-central1-a --cluster-num-nodes=3
gcloud bigtable instances update my-bigtable-instance --display-name="New Name"
gcloud bigtable instances delete my-bigtable-instance
# Bigtable cluster management
gcloud bigtable clusters list --instance=my-bigtable-instance
gcloud bigtable clusters update my-cluster --instance=my-bigtable-instance --num-nodes=5
gcloud bigtable clusters delete my-cluster --instance=my-bigtable-instance
# Bigtable tables
cbt -instance=my-bigtable-instance createtable my-table
cbt -instance=my-bigtable-instance ls
cbt -instance=my-bigtable-instance read my-table
cbt -instance=my-bigtable-instance deletetable my-table
# Bigtable column families
cbt -instance=my-bigtable-instance createfamily my-table cf1
cbt -instance=my-bigtable-instance ls my-table
cbt -instance=my-bigtable-instance deletefamily my-table cf1
# Spanner instances
gcloud spanner instances list
gcloud spanner instances create my-spanner-instance --config=regional-us-central1 --description="My Spanner" --nodes=1
gcloud spanner instances update my-spanner-instance --nodes=3
gcloud spanner instances delete my-spanner-instance
Big Data & AI
BigQuery
# Dataset management
bq ls
bq mk my_dataset
bq show my_dataset
bq rm -r -f my_dataset
# Table management
bq mk -t my_dataset.my_table name:STRING,age:INTEGER
bq show my_dataset.my_table
bq cp my_dataset.source_table my_dataset.target_table
bq rm -f my_dataset.my_table
# Query execution
bq query "SELECT COUNT(*) FROM my_dataset.my_table"
bq query --nouse_legacy_sql "SELECT * FROM my_dataset.my_table LIMIT 10"
bq query --destination_table=my_dataset.result_table "SELECT * FROM my_dataset.my_table"
# Data operations
bq load my_dataset.my_table gs://my-bucket/data.csv name:STRING,age:INTEGER
bq extract my_dataset.my_table gs://my-bucket/extract.csv
bq extract --compression GZIP my_dataset.my_table gs://my-bucket/extract*.csv
# View management
bq mk --view="SELECT name, age FROM my_dataset.my_table" my_dataset.my_view
bq update --view="SELECT * FROM my_dataset.my_table WHERE age > 18" my_dataset.my_view
# Job management
bq ls -j
bq show -j job_id
bq cancel job_id
# Monitoring and pricing
bq head -n 10 my_dataset.my_table
bq query --dry_run "SELECT * FROM my_dataset.my_table"
bq --format=prettyjson show --schema my_dataset.my_table
bq ls
bq mk my_dataset
bq show my_dataset
bq rm -r -f my_dataset
# Table management
bq mk -t my_dataset.my_table name:STRING,age:INTEGER
bq show my_dataset.my_table
bq cp my_dataset.source_table my_dataset.target_table
bq rm -f my_dataset.my_table
# Query execution
bq query "SELECT COUNT(*) FROM my_dataset.my_table"
bq query --nouse_legacy_sql "SELECT * FROM my_dataset.my_table LIMIT 10"
bq query --destination_table=my_dataset.result_table "SELECT * FROM my_dataset.my_table"
# Data operations
bq load my_dataset.my_table gs://my-bucket/data.csv name:STRING,age:INTEGER
bq extract my_dataset.my_table gs://my-bucket/extract.csv
bq extract --compression GZIP my_dataset.my_table gs://my-bucket/extract*.csv
# View management
bq mk --view="SELECT name, age FROM my_dataset.my_table" my_dataset.my_view
bq update --view="SELECT * FROM my_dataset.my_table WHERE age > 18" my_dataset.my_view
# Job management
bq ls -j
bq show -j job_id
bq cancel job_id
# Monitoring and pricing
bq head -n 10 my_dataset.my_table
bq query --dry_run "SELECT * FROM my_dataset.my_table"
bq --format=prettyjson show --schema my_dataset.my_table
AI & Machine Learning
# AI Platform
gcloud ai-platform jobs list
gcloud ai-platform jobs describe job_name
gcloud ai-platform jobs stream-logs job_name
# Model deployment
gcloud ai-platform models list
gcloud ai-platform models create model_name --regions=us-central1
gcloud ai-platform versions create version_name --model=model_name --origin=gs://my-bucket/model --runtime-version=2.1 --python-version=3.7
gcloud ai-platform versions delete version_name --model=model_name
gcloud ai-platform models delete model_name
# Prediction
gcloud ai-platform predict --model=model_name --version=version_name --json-instances=instances.json
gcloud ai-platform predict --model=model_name --version=version_name --text-instances=instances.txt
# Cloud Vision API
gcloud ml vision detect-text gs://my-bucket/image.jpg
gcloud ml vision detect-labels gs://my-bucket/image.jpg
gcloud ml vision detect-faces gs://my-bucket/image.jpg
# Cloud Natural Language API
gcloud ml language analyze-entities --content="Google Cloud Platform provides infrastructure services."
gcloud ml language analyze-sentiment --content="I love Google Cloud Platform!"
gcloud ml language analyze-syntax --content="Google Cloud Platform is awesome."
# Cloud Speech-to-Text
gcloud ml speech recognize gs://my-bucket/audio.wav --language-code=en-US
gcloud ml speech recognize gs://my-bucket/audio.wav --language-code=en-US --enable-automatic-punctuation
# Cloud Text-to-Speech
gcloud ml speech synthesize-speech --text="Hello World" --output-file=output.mp3
gcloud ml speech synthesize-speech --text="Hello World" --output-file=output.mp3 --voice-name=en-US-Wavenet-D
# Vertex AI
gcloud ai custom-jobs create --region=us-central1 --display-name=my-job --config=config.yaml
gcloud ai datasets create --display-name=my-dataset --metadata-file=schema.json --region=us-central1
gcloud ai models upload --region=us-central1 --display-name=my-model --container-image-uri=us-docker.pkg.dev/cloud-aiplatform/prediction/tf2-cpu.2-1:latest --artifact-uri=gs://my-bucket/model
gcloud ai-platform jobs list
gcloud ai-platform jobs describe job_name
gcloud ai-platform jobs stream-logs job_name
# Model deployment
gcloud ai-platform models list
gcloud ai-platform models create model_name --regions=us-central1
gcloud ai-platform versions create version_name --model=model_name --origin=gs://my-bucket/model --runtime-version=2.1 --python-version=3.7
gcloud ai-platform versions delete version_name --model=model_name
gcloud ai-platform models delete model_name
# Prediction
gcloud ai-platform predict --model=model_name --version=version_name --json-instances=instances.json
gcloud ai-platform predict --model=model_name --version=version_name --text-instances=instances.txt
# Cloud Vision API
gcloud ml vision detect-text gs://my-bucket/image.jpg
gcloud ml vision detect-labels gs://my-bucket/image.jpg
gcloud ml vision detect-faces gs://my-bucket/image.jpg
# Cloud Natural Language API
gcloud ml language analyze-entities --content="Google Cloud Platform provides infrastructure services."
gcloud ml language analyze-sentiment --content="I love Google Cloud Platform!"
gcloud ml language analyze-syntax --content="Google Cloud Platform is awesome."
# Cloud Speech-to-Text
gcloud ml speech recognize gs://my-bucket/audio.wav --language-code=en-US
gcloud ml speech recognize gs://my-bucket/audio.wav --language-code=en-US --enable-automatic-punctuation
# Cloud Text-to-Speech
gcloud ml speech synthesize-speech --text="Hello World" --output-file=output.mp3
gcloud ml speech synthesize-speech --text="Hello World" --output-file=output.mp3 --voice-name=en-US-Wavenet-D
# Vertex AI
gcloud ai custom-jobs create --region=us-central1 --display-name=my-job --config=config.yaml
gcloud ai datasets create --display-name=my-dataset --metadata-file=schema.json --region=us-central1
gcloud ai models upload --region=us-central1 --display-name=my-model --container-image-uri=us-docker.pkg.dev/cloud-aiplatform/prediction/tf2-cpu.2-1:latest --artifact-uri=gs://my-bucket/model
Networking & Security
VPC & Networking
# VPC management
gcloud compute networks list
gcloud compute networks create my-vpc --subnet-mode=custom
gcloud compute networks describe my-vpc
gcloud compute networks delete my-vpc
# Subnet management
gcloud compute networks subnets list
gcloud compute networks subnets create my-subnet --network=my-vpc --range=10.0.0.0/24 --region=us-central1
gcloud compute networks subnets update my-subnet --region=us-central1 --enable-private-ip-google-access
gcloud compute networks subnets delete my-subnet --region=us-central1
# Firewall rules
gcloud compute firewall-rules list
gcloud compute firewall-rules create allow-icmp --network=my-vpc --allow=icmp
gcloud compute firewall-rules create allow-ssh --network=my-vpc --allow=tcp:22 --source-ranges=0.0.0.0/0
gcloud compute firewall-rules create allow-internal --network=my-vpc --allow=tcp:0-65535,udp:0-65535,icmp --source-ranges=10.0.0.0/8
gcloud compute firewall-rules delete allow-ssh
# Cloud DNS
gcloud dns managed-zones list
gcloud dns managed-zones create my-zone --dns-name=example.com. --description="My DNS zone"
gcloud dns record-sets list --zone=my-zone
gcloud dns record-sets transaction start --zone=my-zone
gcloud dns record-sets transaction add 1.2.3.4 --name=www.example.com. --type=A --ttl=300 --zone=my-zone
gcloud dns record-sets transaction execute --zone=my-zone
# Cloud Load Balancing
gcloud compute addresses create lb-ip --global
gcloud compute addresses describe lb-ip --global
gcloud compute backend-services create web-backend --protocol=HTTP --port-name=http --global
gcloud compute url-maps create web-map --default-service=web-backend
gcloud compute target-http-proxies create http-lb-proxy --url-map=web-map
gcloud compute forwarding-rules create http-content-rule --address=lb-ip --global --target-http-proxy=http-lb-proxy --ports=80
gcloud compute networks list
gcloud compute networks create my-vpc --subnet-mode=custom
gcloud compute networks describe my-vpc
gcloud compute networks delete my-vpc
# Subnet management
gcloud compute networks subnets list
gcloud compute networks subnets create my-subnet --network=my-vpc --range=10.0.0.0/24 --region=us-central1
gcloud compute networks subnets update my-subnet --region=us-central1 --enable-private-ip-google-access
gcloud compute networks subnets delete my-subnet --region=us-central1
# Firewall rules
gcloud compute firewall-rules list
gcloud compute firewall-rules create allow-icmp --network=my-vpc --allow=icmp
gcloud compute firewall-rules create allow-ssh --network=my-vpc --allow=tcp:22 --source-ranges=0.0.0.0/0
gcloud compute firewall-rules create allow-internal --network=my-vpc --allow=tcp:0-65535,udp:0-65535,icmp --source-ranges=10.0.0.0/8
gcloud compute firewall-rules delete allow-ssh
# Cloud DNS
gcloud dns managed-zones list
gcloud dns managed-zones create my-zone --dns-name=example.com. --description="My DNS zone"
gcloud dns record-sets list --zone=my-zone
gcloud dns record-sets transaction start --zone=my-zone
gcloud dns record-sets transaction add 1.2.3.4 --name=www.example.com. --type=A --ttl=300 --zone=my-zone
gcloud dns record-sets transaction execute --zone=my-zone
# Cloud Load Balancing
gcloud compute addresses create lb-ip --global
gcloud compute addresses describe lb-ip --global
gcloud compute backend-services create web-backend --protocol=HTTP --port-name=http --global
gcloud compute url-maps create web-map --default-service=web-backend
gcloud compute target-http-proxies create http-lb-proxy --url-map=web-map
gcloud compute forwarding-rules create http-content-rule --address=lb-ip --global --target-http-proxy=http-lb-proxy --ports=80
Security & IAM
# IAM management
gcloud iam roles list
gcloud iam roles describe roles/viewer
gcloud iam service-accounts list
gcloud iam service-accounts create my-sa --display-name="My Service Account"
gcloud iam service-accounts keys create key.json --iam-account=my-sa@project-id.iam.gserviceaccount.com
gcloud iam service-accounts keys list --iam-account=my-sa@project-id.iam.gserviceaccount.com
gcloud iam service-accounts delete my-sa@project-id.iam.gserviceaccount.com
# Policy binding
gcloud projects add-iam-policy-binding project-id --member=user:user@example.com --role=roles/editor
gcloud projects add-iam-policy-binding project-id --member=serviceAccount:my-sa@project-id.iam.gserviceaccount.com --role=roles/viewer
gcloud projects remove-iam-policy-binding project-id --member=user:user@example.com --role=roles/editor
gcloud projects get-iam-policy project-id
# Cloud KMS
gcloud kms keyrings list --location=global
gcloud kms keyrings create my-keyring --location=global
gcloud kms keys list --keyring=my-keyring --location=global
gcloud kms keys create my-key --keyring=my-keyring --location=global --purpose=encryption
gcloud kms encrypt --plaintext-file=secret.txt --ciphertext-file=secret.enc --key=my-key --keyring=my-keyring --location=global
gcloud kms decrypt --ciphertext-file=secret.enc --plaintext-file=secret.dec --key=my-key --keyring=my-keyring --location=global
# Cloud Security Scanner
gcloud beta security-scanner scans list
gcloud beta security-scanner scans create --scan-name=my-scan --starting-urls=http://example.com
gcloud beta security-scanner scans run --scan-name=my-scan
gcloud beta security-scanner scans list-findings --scan-name=my-scan
# Secret Manager
gcloud secrets list
gcloud secrets create my-secret --replication-policy="automatic"
echo "sensitive-data" | gcloud secrets versions add my-secret --data-file=-
gcloud secrets versions access latest --secret=my-secret
gcloud secrets add-iam-policy-binding my-secret --member=user:user@example.com --role=roles/secretmanager.secretAccessor
gcloud secrets delete my-secret
gcloud iam roles list
gcloud iam roles describe roles/viewer
gcloud iam service-accounts list
gcloud iam service-accounts create my-sa --display-name="My Service Account"
gcloud iam service-accounts keys create key.json --iam-account=my-sa@project-id.iam.gserviceaccount.com
gcloud iam service-accounts keys list --iam-account=my-sa@project-id.iam.gserviceaccount.com
gcloud iam service-accounts delete my-sa@project-id.iam.gserviceaccount.com
# Policy binding
gcloud projects add-iam-policy-binding project-id --member=user:user@example.com --role=roles/editor
gcloud projects add-iam-policy-binding project-id --member=serviceAccount:my-sa@project-id.iam.gserviceaccount.com --role=roles/viewer
gcloud projects remove-iam-policy-binding project-id --member=user:user@example.com --role=roles/editor
gcloud projects get-iam-policy project-id
# Cloud KMS
gcloud kms keyrings list --location=global
gcloud kms keyrings create my-keyring --location=global
gcloud kms keys list --keyring=my-keyring --location=global
gcloud kms keys create my-key --keyring=my-keyring --location=global --purpose=encryption
gcloud kms encrypt --plaintext-file=secret.txt --ciphertext-file=secret.enc --key=my-key --keyring=my-keyring --location=global
gcloud kms decrypt --ciphertext-file=secret.enc --plaintext-file=secret.dec --key=my-key --keyring=my-keyring --location=global
# Cloud Security Scanner
gcloud beta security-scanner scans list
gcloud beta security-scanner scans create --scan-name=my-scan --starting-urls=http://example.com
gcloud beta security-scanner scans run --scan-name=my-scan
gcloud beta security-scanner scans list-findings --scan-name=my-scan
# Secret Manager
gcloud secrets list
gcloud secrets create my-secret --replication-policy="automatic"
echo "sensitive-data" | gcloud secrets versions add my-secret --data-file=-
gcloud secrets versions access latest --secret=my-secret
gcloud secrets add-iam-policy-binding my-secret --member=user:user@example.com --role=roles/secretmanager.secretAccessor
gcloud secrets delete my-secret
Operations
Monitoring & Logging
# Cloud Monitoring
gcloud monitoring dashboards list
gcloud monitoring dashboards create --config-from-file=dashboard.json
gcloud monitoring channels list
gcloud monitoring channels create --channel-content=channel.json
# Alert policies
gcloud alpha monitoring policies list
gcloud alpha monitoring policies create --policy-from-file=alert-policy.json
gcloud alpha monitoring policies update policy-id --policy-from-file=alert-policy.json
gcloud alpha monitoring policies delete policy-id
# Uptime checks
gcloud alpha monitoring uptime-check-configs list
gcloud alpha monitoring uptime-check-configs create --display-name="My Uptime Check" --http-check --request-method=GET --path="/health" --period="60s" --timeout="10s" --content-matcher="contains:healthy"
gcloud alpha monitoring uptime-check-configs delete config-id
# Cloud Logging
gcloud logging logs list
gcloud logging read "resource.type=gce_instance" --limit=10
gcloud logging sinks list
gcloud logging sinks create my-sink storage.googleapis.com/my-bucket --log-filter='resource.type=gce_instance'
gcloud logging sinks update my-sink --log-filter='resource.type=gce_instance AND severity>=ERROR'
gcloud logging sinks delete my-sink
# Metrics
gcloud logging metrics list
gcloud logging metrics create my-metric --description="My metric" --log-filter='resource.type=gce_instance AND severity>=ERROR'
gcloud logging metrics update my-metric --log-filter='resource.type=gce_instance AND severity>=WARNING'
gcloud logging metrics delete my-metric
# Export logs
gcloud logging export storage.googleapis.com/my-bucket --log-filter='resource.type=gce_instance'
gcloud logging copy bigquery.googleapis.com/projects/my-project/datasets/my_dataset --log-filter='resource.type=gce_instance'
gcloud monitoring dashboards list
gcloud monitoring dashboards create --config-from-file=dashboard.json
gcloud monitoring channels list
gcloud monitoring channels create --channel-content=channel.json
# Alert policies
gcloud alpha monitoring policies list
gcloud alpha monitoring policies create --policy-from-file=alert-policy.json
gcloud alpha monitoring policies update policy-id --policy-from-file=alert-policy.json
gcloud alpha monitoring policies delete policy-id
# Uptime checks
gcloud alpha monitoring uptime-check-configs list
gcloud alpha monitoring uptime-check-configs create --display-name="My Uptime Check" --http-check --request-method=GET --path="/health" --period="60s" --timeout="10s" --content-matcher="contains:healthy"
gcloud alpha monitoring uptime-check-configs delete config-id
# Cloud Logging
gcloud logging logs list
gcloud logging read "resource.type=gce_instance" --limit=10
gcloud logging sinks list
gcloud logging sinks create my-sink storage.googleapis.com/my-bucket --log-filter='resource.type=gce_instance'
gcloud logging sinks update my-sink --log-filter='resource.type=gce_instance AND severity>=ERROR'
gcloud logging sinks delete my-sink
# Metrics
gcloud logging metrics list
gcloud logging metrics create my-metric --description="My metric" --log-filter='resource.type=gce_instance AND severity>=ERROR'
gcloud logging metrics update my-metric --log-filter='resource.type=gce_instance AND severity>=WARNING'
gcloud logging metrics delete my-metric
# Export logs
gcloud logging export storage.googleapis.com/my-bucket --log-filter='resource.type=gce_instance'
gcloud logging copy bigquery.googleapis.com/projects/my-project/datasets/my_dataset --log-filter='resource.type=gce_instance'
Deployment Manager & Terraform
# Deployment Manager
gcloud deployment-manager deployments list
gcloud deployment-manager deployments create my-deployment --config=config.yaml
gcloud deployment-manager deployments describe my-deployment
gcloud deployment-manager deployments update my-deployment --config=config.yaml
gcloud deployment-manager deployments delete my-deployment
# Deployment Manager templates
# config.yaml
resources:
- name: my-vm
type: compute.v1.instance
properties:
zone: us-central1-a
machineType: zones/us-central1-a/machineTypes/n1-standard-1
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
sourceImage: projects/debian-cloud/global/images/family/debian-10
networkInterfaces:
- network: global/networks/default
accessConfigs:
- name: External NAT
type: ONE_TO_ONE_NAT
# Terraform with GCP
# main.tf
provider "google" {
project = "my-project"
region = "us-central1"
zone = "us-central1-a"
}
resource "google_compute_instance" "default" {
name = "terraform-instance"
machine_type = "n1-standard-1"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-10"
}
}
network_interface {
network = "default"
access_config {
}
}
}
# Terraform commands
terraform init
terraform plan
terraform apply
terraform destroy
# Import existing resources
terraform import google_compute_instance.default projects/my-project/zones/us-central1-a/instances/existing-instance
gcloud deployment-manager deployments list
gcloud deployment-manager deployments create my-deployment --config=config.yaml
gcloud deployment-manager deployments describe my-deployment
gcloud deployment-manager deployments update my-deployment --config=config.yaml
gcloud deployment-manager deployments delete my-deployment
# Deployment Manager templates
# config.yaml
resources:
- name: my-vm
type: compute.v1.instance
properties:
zone: us-central1-a
machineType: zones/us-central1-a/machineTypes/n1-standard-1
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
sourceImage: projects/debian-cloud/global/images/family/debian-10
networkInterfaces:
- network: global/networks/default
accessConfigs:
- name: External NAT
type: ONE_TO_ONE_NAT
# Terraform with GCP
# main.tf
provider "google" {
project = "my-project"
region = "us-central1"
zone = "us-central1-a"
}
resource "google_compute_instance" "default" {
name = "terraform-instance"
machine_type = "n1-standard-1"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-10"
}
}
network_interface {
network = "default"
access_config {
}
}
}
# Terraform commands
terraform init
terraform plan
terraform apply
terraform destroy
# Import existing resources
terraform import google_compute_instance.default projects/my-project/zones/us-central1-a/instances/existing-instance