Google Cloud Platform Skill

Manage GCP resources using gcloud, gsutil, and firebase CLIs.

Installation

gcloud CLI (one-time setup)

# Download and extract
cd ~ && curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz
tar -xzf google-cloud-cli-linux-x86_64.tar.gz

# Install (adds to PATH via .bashrc)
./google-cloud-sdk/install.sh --quiet --path-update true

# Reload shell or source
source ~/.bashrc

# Authenticate
gcloud auth login

Firebase CLI

npm install -g firebase-tools
firebase login

Quick Reference

Authentication & Config

# List authenticated accounts
gcloud auth list

# Switch active account
gcloud config set account EMAIL

# List projects
gcloud projects list

# Set default project
gcloud config set project PROJECT_ID

# View current config
gcloud config list

Compute Engine (VMs)

List Instances

# All instances across projects
gcloud compute instances list --project PROJECT_ID

# With specific fields
gcloud compute instances list --project PROJECT_ID \
  --format="table(name,zone,status,networkInterfaces[0].accessConfigs[0].natIP)"

Start/Stop/Restart

gcloud compute instances start INSTANCE_NAME --zone ZONE --project PROJECT_ID
gcloud compute instances stop INSTANCE_NAME --zone ZONE --project PROJECT_ID
gcloud compute instances reset INSTANCE_NAME --zone ZONE --project PROJECT_ID

SSH Access

# Interactive SSH
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID

# Run command remotely
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID --command "uptime"

# With tunneling (e.g., for local port forwarding)
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID -- -L 8080:localhost:8080

View Logs

# Serial port output (boot logs)
gcloud compute instances get-serial-port-output INSTANCE_NAME --zone ZONE --project PROJECT_ID

# Tail logs via SSH
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID --command "journalctl -f"

Cloud Run

List Services

# List all services in a region
gcloud run services list --region REGION --project PROJECT_ID

# All regions
gcloud run services list --project PROJECT_ID

Deploy

# Deploy from source (builds container automatically)
gcloud run deploy SERVICE_NAME \
  --source . \
  --region REGION \
  --project PROJECT_ID \
  --allow-unauthenticated

# Deploy existing container image
gcloud run deploy SERVICE_NAME \
  --image gcr.io/PROJECT_ID/IMAGE:TAG \
  --region REGION \
  --project PROJECT_ID

View Service Details

gcloud run services describe SERVICE_NAME --region REGION --project PROJECT_ID

View Logs

# Stream logs
gcloud run services logs read SERVICE_NAME --region REGION --project PROJECT_ID --limit 50

# Or use Cloud Logging
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=SERVICE_NAME" \
  --project PROJECT_ID --limit 20 --format="table(timestamp,textPayload)"

Update Environment Variables

gcloud run services update SERVICE_NAME \
  --region REGION \
  --project PROJECT_ID \
  --set-env-vars "KEY1=value1,KEY2=value2"

Traffic Management

# Route 100% traffic to latest
gcloud run services update-traffic SERVICE_NAME --to-latest --region REGION --project PROJECT_ID

# Split traffic (canary)
gcloud run services update-traffic SERVICE_NAME \
  --to-revisions=REVISION1=90,REVISION2=10 \
  --region REGION --project PROJECT_ID

Firebase Hosting

List Projects

firebase projects:list

Deploy

# Deploy everything (hosting + functions + rules)
firebase deploy --project PROJECT_ID

# Hosting only
firebase deploy --only hosting --project PROJECT_ID

# Specific site (multi-site setup)
firebase deploy --only hosting:SITE_NAME --project PROJECT_ID

Preview Channels

# Create preview channel
firebase hosting:channel:deploy CHANNEL_NAME --project PROJECT_ID

# List channels
firebase hosting:channel:list --project PROJECT_ID

# Delete channel
firebase hosting:channel:delete CHANNEL_NAME --project PROJECT_ID

Rollback

# List recent deploys
firebase hosting:releases:list --project PROJECT_ID

# Rollback to specific version
firebase hosting:rollback --project PROJECT_ID

Cloud Storage (gsutil)

# List buckets
gsutil ls

# List contents
gsutil ls gs://BUCKET_NAME/

# Copy file
gsutil cp LOCAL_FILE gs://BUCKET_NAME/path/
gsutil cp gs://BUCKET_NAME/path/file LOCAL_PATH

# Sync directory
gsutil -m rsync -r LOCAL_DIR gs://BUCKET_NAME/path/

# Make public
gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME

Logs & Monitoring

Cloud Logging

# Read recent logs
gcloud logging read "resource.type=gce_instance" --project PROJECT_ID --limit 20

# Filter by severity
gcloud logging read "severity>=ERROR" --project PROJECT_ID --limit 20

# Specific resource
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=my-service" \
  --project PROJECT_ID --limit 20

Monitoring Metrics

# List available metrics
gcloud monitoring metrics list --project PROJECT_ID | head -50

# Describe metric
gcloud monitoring metrics-scopes describe projects/PROJECT_ID

Billing & Cost Monitoring

View Current Costs

# List billing accounts
gcloud billing accounts list

# Get billing account linked to project
gcloud billing projects describe PROJECT_ID

# View cost breakdown (requires billing export to BigQuery or use console)
# Quick estimate via APIs enabled:
gcloud services list --enabled --project PROJECT_ID

Set Budget Alerts

# Create budget (via gcloud beta)
gcloud billing budgets create \
  --billing-account=BILLING_ACCOUNT_ID \
  --display-name="Monthly Budget" \
  --budget-amount=50EUR \
  --threshold-rule=percent=50 \
  --threshold-rule=percent=90 \
  --threshold-rule=percent=100

# List budgets
gcloud billing budgets list --billing-account=BILLING_ACCOUNT_ID

# Describe budget
gcloud billing budgets describe BUDGET_ID --billing-account=BILLING_ACCOUNT_ID

Cost-Saving Tips

# Stop unused VMs (saves $$)
gcloud compute instances stop INSTANCE_NAME --zone ZONE --project PROJECT_ID

# Schedule auto-start/stop (use Cloud Scheduler + Cloud Functions or cron)

# Check for idle resources
gcloud recommender recommendations list \
  --project=PROJECT_ID \
  --location=global \
  --recommender=google.compute.instance.IdleResourceRecommender

Secret Manager

Create & Manage Secrets

# Enable API
gcloud services enable secretmanager.googleapis.com --project PROJECT_ID

# Create a secret
echo -n "my-secret-value" | gcloud secrets create SECRET_NAME \
  --data-file=- \
  --project PROJECT_ID

# Or from file
gcloud secrets create SECRET_NAME --data-file=./secret.txt --project PROJECT_ID

Access Secrets

# Get latest version
gcloud secrets versions access latest --secret=SECRET_NAME --project PROJECT_ID

# Get specific version
gcloud secrets versions access 1 --secret=SECRET_NAME --project PROJECT_ID

# List all secrets
gcloud secrets list --project PROJECT_ID

# List versions of a secret
gcloud secrets versions list SECRET_NAME --project PROJECT_ID

Update Secrets

# Add new version
echo -n "new-value" | gcloud secrets versions add SECRET_NAME --data-file=- --project PROJECT_ID

# Disable old version
gcloud secrets versions disable VERSION_ID --secret=SECRET_NAME --project PROJECT_ID

# Delete version (permanent!)
gcloud secrets versions destroy VERSION_ID --secret=SECRET_NAME --project PROJECT_ID

Use in Cloud Run

# Deploy with secret as env var
gcloud run deploy SERVICE_NAME \
  --image IMAGE \
  --region REGION \
  --project PROJECT_ID \
  --set-secrets="ENV_VAR_NAME=SECRET_NAME:latest"

# Mount as file
gcloud run deploy SERVICE_NAME \
  --image IMAGE \
  --region REGION \
  --project PROJECT_ID \
  --set-secrets="/path/to/secret=SECRET_NAME:latest"

Artifact Registry (Container Images)

Setup

# Enable API
gcloud services enable artifactregistry.googleapis.com --project PROJECT_ID

# Create Docker repository
gcloud artifacts repositories create REPO_NAME \
  --repository-format=docker \
  --location=REGION \
  --project PROJECT_ID \
  --description="Docker images"

Configure Docker Auth

# Configure Docker to use gcloud credentials
gcloud auth configure-docker REGION-docker.pkg.dev

Build & Push Images

# Build with Cloud Build (no local Docker needed)
gcloud builds submit --tag REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG

# Or with local Docker
docker build -t REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG .
docker push REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG

List & Manage Images

# List images
gcloud artifacts docker images list REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME

# List tags for an image
gcloud artifacts docker tags list REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE

# Delete image
gcloud artifacts docker images delete REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG

Cloud SQL (Databases)

Create Instance

# Enable API
gcloud services enable sqladmin.googleapis.com --project PROJECT_ID

# Create PostgreSQL instance
gcloud sql instances create INSTANCE_NAME \
  --database-version=POSTGRES_15 \
  --tier=db-f1-micro \
  --region=REGION \
  --project PROJECT_ID

# Create MySQL instance
gcloud sql instances create INSTANCE_NAME \
  --database-version=MYSQL_8_0 \
  --tier=db-f1-micro \
  --region=REGION \
  --project PROJECT_ID

Manage Databases & Users

# Create database
gcloud sql databases create DB_NAME --instance=INSTANCE_NAME --project PROJECT_ID

# List databases
gcloud sql databases list --instance=INSTANCE_NAME --project PROJECT_ID

# Create user
gcloud sql users create USERNAME \
  --instance=INSTANCE_NAME \
  --password=PASSWORD \
  --project PROJECT_ID

# List users
gcloud sql users list --instance=INSTANCE_NAME --project PROJECT_ID

Connect

# Connect via Cloud SQL Proxy (recommended)
# First, download proxy: https://cloud.google.com/sql/docs/mysql/sql-proxy

# Direct connection (requires public IP & authorized networks)
gcloud sql connect INSTANCE_NAME --user=USERNAME --project PROJECT_ID

# Get connection info
gcloud sql instances describe INSTANCE_NAME --project PROJECT_ID \
  --format="value(connectionName)"

Backups

# Create on-demand backup
gcloud sql backups create --instance=INSTANCE_NAME --project PROJECT_ID

# List backups
gcloud sql backups list --instance=INSTANCE_NAME --project PROJECT_ID

# Restore from backup
gcloud sql backups restore BACKUP_ID --restore-instance=INSTANCE_NAME --project PROJECT_ID

Connect from Cloud Run

# Deploy with Cloud SQL connection
gcloud run deploy SERVICE_NAME \
  --image IMAGE \
  --region REGION \
  --project PROJECT_ID \
  --add-cloudsql-instances=PROJECT_ID:REGION:INSTANCE_NAME \
  --set-env-vars="DB_HOST=/cloudsql/PROJECT_ID:REGION:INSTANCE_NAME"

Troubleshooting

"API not enabled"

# Enable an API
gcloud services enable run.googleapis.com --project PROJECT_ID
gcloud services enable compute.googleapis.com --project PROJECT_ID

"Permission denied"

# Check IAM roles
gcloud projects get-iam-policy PROJECT_ID --flatten="bindings[].members" \
  --format="table(bindings.role)" --filter="bindings.members:EMAIL"

"Not authenticated"

gcloud auth login
gcloud auth application-default login  # For ADC (used by libraries)

Refresh credentials

gcloud auth login --force

Google Cloud Platformv1.0.1

Install & Quick Start

Google Cloud Platform Skill

Installation

gcloud CLI (one-time setup)

Firebase CLI

Quick Reference

Authentication & Config

Compute Engine (VMs)

List Instances

Start/Stop/Restart

SSH Access

View Logs

Cloud Run

List Services

Deploy

View Service Details

View Logs

Update Environment Variables

Traffic Management

Firebase Hosting

List Projects

Deploy

Preview Channels

Rollback

Cloud Storage (gsutil)

Logs & Monitoring

Cloud Logging

Monitoring Metrics

Billing & Cost Monitoring

View Current Costs

Set Budget Alerts

Cost-Saving Tips

Secret Manager

Create & Manage Secrets

Access Secrets

Update Secrets

Use in Cloud Run

Artifact Registry (Container Images)

Setup

Configure Docker Auth

Build & Push Images

List & Manage Images

Cloud SQL (Databases)

Create Instance

Manage Databases & Users

Connect

Backups

Connect from Cloud Run

Troubleshooting

"API not enabled"

"Permission denied"

"Not authenticated"

Refresh credentials

AI Usage Analysis

💡 Application Scenarios

💼 Business Models

More DevOps & Cloud Skills