---
name: gcloud
description: Manage Google Cloud Platform resources via gcloud CLI. Use for Compute Engine VMs, Cloud Run services, Firebase Hosting, Cloud Storage, and project management. Covers deployment, monitoring, logs, and SSH access.
---
# Google Cloud Platform Skill
Manage GCP resources using `gcloud`, `gsutil`, and `firebase` CLIs.
## Installation
### gcloud CLI (one-time setup)
```bash
# Download and extract
cd ~ && curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz
tar -xzf google-cloud-cli-linux-x86_64.tar.gz
# Install (adds to PATH via .bashrc)
./google-cloud-sdk/install.sh --quiet --path-update true
# Reload shell or source
source ~/.bashrc
# Authenticate
gcloud auth login
```
### Firebase CLI
```bash
npm install -g firebase-tools
firebase login
```
## Quick Reference
### Authentication & Config
```bash
# List authenticated accounts
gcloud auth list
# Switch active account
gcloud config set account EMAIL
# List projects
gcloud projects list
# Set default project
gcloud config set project PROJECT_ID
# View current config
gcloud config list
```
---
## Compute Engine (VMs)
### List Instances
```bash
# All instances across projects
gcloud compute instances list --project PROJECT_ID
# With specific fields
gcloud compute instances list --project PROJECT_ID \
--format="table(name,zone,status,networkInterfaces[0].accessConfigs[0].natIP)"
```
### Start/Stop/Restart
```bash
gcloud compute instances start INSTANCE_NAME --zone ZONE --project PROJECT_ID
gcloud compute instances stop INSTANCE_NAME --zone ZONE --project PROJECT_ID
gcloud compute instances reset INSTANCE_NAME --zone ZONE --project PROJECT_ID
```
### SSH Access
```bash
# Interactive SSH
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID
# Run command remotely
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID --command "uptime"
# With tunneling (e.g., for local port forwarding)
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID -- -L 8080:localhost:8080
```
### View Logs
```bash
# Serial port output (boot logs)
gcloud compute instances get-serial-port-output INSTANCE_NAME --zone ZONE --project PROJECT_ID
# Tail logs via SSH
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID --command "journalctl -f"
```
---
## Cloud Run
### List Services
```bash
# List all services in a region
gcloud run services list --region REGION --project PROJECT_ID
# All regions
gcloud run services list --project PROJECT_ID
```
### Deploy
```bash
# Deploy from source (builds container automatically)
gcloud run deploy SERVICE_NAME \
--source . \
--region REGION \
--project PROJECT_ID \
--allow-unauthenticated
# Deploy existing container image
gcloud run deploy SERVICE_NAME \
--image gcr.io/PROJECT_ID/IMAGE:TAG \
--region REGION \
--project PROJECT_ID
```
### View Service Details
```bash
gcloud run services describe SERVICE_NAME --region REGION --project PROJECT_ID
```
### View Logs
```bash
# Stream logs
gcloud run services logs read SERVICE_NAME --region REGION --project PROJECT_ID --limit 50
# Or use Cloud Logging
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=SERVICE_NAME" \
--project PROJECT_ID --limit 20 --format="table(timestamp,textPayload)"
```
### Update Environment Variables
```bash
gcloud run services update SERVICE_NAME \
--region REGION \
--project PROJECT_ID \
--set-env-vars "KEY1=value1,KEY2=value2"
```
### Traffic Management
```bash
# Route 100% traffic to latest
gcloud run services update-traffic SERVICE_NAME --to-latest --region REGION --project PROJECT_ID
# Split traffic (canary)
gcloud run services update-traffic SERVICE_NAME \
--to-revisions=REVISION1=90,REVISION2=10 \
--region REGION --project PROJECT_ID
```
---
## Firebase Hosting
### List Projects
```bash
firebase projects:list
```
### Deploy
```bash
# Deploy everything (hosting + functions + rules)
firebase deploy --project PROJECT_ID
# Hosting only
firebase deploy --only hosting --project PROJECT_ID
# Specific site (multi-site setup)
firebase deploy --only hosting:SITE_NAME --project PROJECT_ID
```
### Preview Channels
```bash
# Create preview channel
firebase hosting:channel:deploy CHANNEL_NAME --project PROJECT_ID
# List channels
firebase hosting:channel:list --project PROJECT_ID
# Delete channel
firebase hosting:channel:delete CHANNEL_NAME --project PROJECT_ID
```
### Rollback
```bash
# List recent deploys
firebase hosting:releases:list --project PROJECT_ID
# Rollback to specific version
firebase hosting:rollback --project PROJECT_ID
```
---
## Cloud Storage (gsutil)
```bash
# List buckets
gsutil ls
# List contents
gsutil ls gs://BUCKET_NAME/
# Copy file
gsutil cp LOCAL_FILE gs://BUCKET_NAME/path/
gsutil cp gs://BUCKET_NAME/path/file LOCAL_PATH
# Sync directory
gsutil -m rsync -r LOCAL_DIR gs://BUCKET_NAME/path/
# Make public
gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME
```
---
## Logs & Monitoring
### Cloud Logging
```bash
# Read recent logs
gcloud logging read "resource.type=gce_instance" --project PROJECT_ID --limit 20
# Filter by severity
gcloud logging read "severity>=ERROR" --project PROJECT_ID --limit 20
# Specific resource
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=my-service" \
--project PROJECT_ID --limit 20
```
### Monitoring Metrics
```bash
# List available metrics
gcloud monitoring metrics list --project PROJECT_ID | head -50
# Describe metric
gcloud monitoring metrics-scopes describe projects/PROJECT_ID
```
---
## Billing & Cost Monitoring
### View Current Costs
```bash
# List billing accounts
gcloud billing accounts list
# Get billing account linked to project
gcloud billing projects describe PROJECT_ID
# View cost breakdown (requires billing export to BigQuery or use console)
# Quick estimate via APIs enabled:
gcloud services list --enabled --project PROJECT_ID
```
### Set Budget Alerts
```bash
# Create budget (via gcloud beta)
gcloud billing budgets create \
--billing-account=BILLING_ACCOUNT_ID \
--display-name="Monthly Budget" \
--budget-amount=50EUR \
--threshold-rule=percent=50 \
--threshold-rule=percent=90 \
--threshold-rule=percent=100
# List budgets
gcloud billing budgets list --billing-account=BILLING_ACCOUNT_ID
# Describe budget
gcloud billing budgets describe BUDGET_ID --billing-account=BILLING_ACCOUNT_ID
```
### Cost-Saving Tips
```bash
# Stop unused VMs (saves $$)
gcloud compute instances stop INSTANCE_NAME --zone ZONE --project PROJECT_ID
# Schedule auto-start/stop (use Cloud Scheduler + Cloud Functions or cron)
# Check for idle resources
gcloud recommender recommendations list \
--project=PROJECT_ID \
--location=global \
--recommender=google.compute.instance.IdleResourceRecommender
```
---
## Secret Manager
### Create & Manage Secrets
```bash
# Enable API
gcloud services enable secretmanager.googleapis.com --project PROJECT_ID
# Create a secret
echo -n "my-secret-value" | gcloud secrets create SECRET_NAME \
--data-file=- \
--project PROJECT_ID
# Or from file
gcloud secrets create SECRET_NAME --data-file=./secret.txt --project PROJECT_ID
```
### Access Secrets
```bash
# Get latest version
gcloud secrets versions access latest --secret=SECRET_NAME --project PROJECT_ID
# Get specific version
gcloud secrets versions access 1 --secret=SECRET_NAME --project PROJECT_ID
# List all secrets
gcloud secrets list --project PROJECT_ID
# List versions of a secret
gcloud secrets versions list SECRET_NAME --project PROJECT_ID
```
### Update Secrets
```bash
# Add new version
echo -n "new-value" | gcloud secrets versions add SECRET_NAME --data-file=- --project PROJECT_ID
# Disable old version
gcloud secrets versions disable VERSION_ID --secret=SECRET_NAME --project PROJECT_ID
# Delete version (permanent!)
gcloud secrets versions destroy VERSION_ID --secret=SECRET_NAME --project PROJECT_ID
```
### Use in Cloud Run
```bash
# Deploy with secret as env var
gcloud run deploy SERVICE_NAME \
--image IMAGE \
--region REGION \
--project PROJECT_ID \
--set-secrets="ENV_VAR_NAME=SECRET_NAME:latest"
# Mount as file
gcloud run deploy SERVICE_NAME \
--image IMAGE \
--region REGION \
--project PROJECT_ID \
--set-secrets="/path/to/secret=SECRET_NAME:latest"
```
---
## Artifact Registry (Container Images)
### Setup
```bash
# Enable API
gcloud services enable artifactregistry.googleapis.com --project PROJECT_ID
# Create Docker repository
gcloud artifacts repositories create REPO_NAME \
--repository-format=docker \
--location=REGION \
--project PROJECT_ID \
--description="Docker images"
```
### Configure Docker Auth
```bash
# Configure Docker to use gcloud credentials
gcloud auth configure-docker REGION-docker.pkg.dev
```
### Build & Push Images
```bash
# Build with Cloud Build (no local Docker needed)
gcloud builds submit --tag REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG
# Or with local Docker
docker build -t REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG .
docker push REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG
```
### List & Manage Images
```bash
# List images
gcloud artifacts docker images list REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME
# List tags for an image
gcloud artifacts docker tags list REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE
# Delete image
gcloud artifacts docker images delete REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG
```
---
## Cloud SQL (Databases)
### Create Instance
```bash
# Enable API
gcloud services enable sqladmin.googleapis.com --project PROJECT_ID
# Create PostgreSQL instance
gcloud sql instances create INSTANCE_NAME \
--database-version=POSTGRES_15 \
--tier=db-f1-micro \
--region=REGION \
--project PROJECT_ID
# Create MySQL instance
gcloud sql instances create INSTANCE_NAME \
--database-version=MYSQL_8_0 \
--tier=db-f
... (truncated)Create and manage Docker sandboxed VM environments
Agent continuity and cognitive health infrastructure.
Agent continuity and cognitive health infrastructure.
Enables the bot to manage Docker containers, images, and stacks.