Skip to content

Instantly share code, notes, and snippets.

@mwin007

mwin007/gcloud_cheat_sheet.md

Forked from pydevops/gcloud-cheat-sheet.md
Created April 21, 2018 15:54
Show Gist options
  • Save mwin007/4fc444132c67933d5ea416618bdba9a2 to your computer and use it in GitHub Desktop.
Save mwin007/4fc444132c67933d5ea416618bdba9a2 to your computer and use it in GitHub Desktop.
Download ZIP
gcp gcloud cheat sheet
Raw
gcloud_cheat_sheet.md

auth

kubectl uses OAuth token generated by

  • gcloud config config-helper --format json
  • gcloud config config-helper --format='value(credential.access_token)'
  • gcloud auth print-access-token generates new token
gcloud init
gcloud auth list
gcloud auth login
gcloud info

switch gcloud context with gcloud config

gcloud config list
gcloud config configurations list
gcloud config set account pythonrocksk8s201702@gmail.com 
gcloud config set project salt-163215
gcloud config set compute/region us-west1
gcloud config set compute/zone us-west1-a
alias demo='gcloud config set account pythonrocksk8s201702@gmail.com && gcloud config set project salt-163215 && gcloud config set compute/region us-west1 && gcloud config set compute/zone us-west1-a'

project_id=$(gcloud config get-value core/project)
project_id=$(gcloud config list project --format='value(core.project)')

cluster=$(gcloud config get-value container/cluster 2> /dev/null)
zone=$(gcloud config get-value compute/zone 2> /dev/null)
project=$(gcloud config get-value core/project 2> /dev/null)

# switch project based on the name
gcloud config set project $(gcloud projects list --filter='name:wordpress-dev' --format='value(project_id)')

# get the GKE cluster endpoint
gcloud container clusters describe porch-development --zone $(gcloud config get-value compute/zone) --format='get(endpoint)'

kms

# list all keyrings 
gcloud kms keyrings list --location global
# list all keys in my_key_ring
gcloud kms keys list --keyring my_key_ring --location global

billing

gcloud alpha billing accounts projects link <project_id> --account-id <account_id>

find the forwrading-rules given the dns

gcloud compute forwarding-rules list --filter=$(dig +short <dns_name>)

describe a regional forwarding rule

gcloud compute forwarding-rules describe my-forwardingrule --region us-central1

describe a global forwarding rule

gcloud compute forwarding-rules describe my-http-forwardingrule --global

address

gcloud compute addresses describe https-lb --global --format json

# list all IP addresses
gcloud projects list --format='value(project_id)' | xargs -I {} gcloud compute addresses list --format='value(address)' --project {}  2>/dev/null | sort | uniq -c

compute engine image

gcloud compute images list --filter=name:debian --uri
https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-8-jessie-v20180109
https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-9-stretch-v20180105

find an instance

gcloud compute instances list --project=dev --filter="name~^es"
gcloud compute instances list --project=dev --filter=name:kafka --format="value(name,INTERNAL_IP)"
gcloud compute instances list --filter=tags:kafka-node
gcloud compute instances list --filter='machineType:g1-small'

gcloud compute instances list --filter=name:prod-es --format='value(NAME)' | xargs -I {} -p gcloud compute instances stop {}

gcloud compute instances list --filter='name:prod-es*' --format='value(INTERNAL_IP)' | xargs -I {} ssh {} "sudo chef-client"

generate ssh config

gcloud compute config-ssh

disk snapshot

gcloud compute disks snapshot kafka-data1-1 --async --snapshot-names=kafka-data-1 --project project_a --zone us-west1-a
Use [gcloud compute operations describe URI] command to check the status of the operation(s).

move instance

gcloud compute instances move <instance_wanna_move> --destination-zone=us-central1-a --zone=us-central1-c

debugging

gcloud  compute instances list --log-http

iam

gcloud iam service-accounts keys list --iam-account=vault-admin@<project_id>.iam.gserviceaccount.com
gcloud projects get-iam-policy <project_id>
gcloud iam service-accounts list
gcloud iam service-accounts get-iam-policy <sa_email>

# add role to service account
gcloud iam service-accounts add-iam-policy-binding infrastructure@retviews-154908.iam.gserviceaccount.com --member='serviceAccount:infrastructure@retviews-154908.iam.gserviceaccount.com' --role='roles/iam.serviceAccountActor'

instance level metadata

curl "http://metadata.google.internal/computeMetadata/v1/instance/?recursive=true&alt=text" -H "Metadata-Flavor: Google"

project level metadata

gcloud compute project-info describe

GCR

StackDriver logging

gcloud logging read "timestamp >= \"2018-04-19T00:30:00Z\"  and logName=projects/${project_id}/logs/requests and resource.type=http_load_balancer" --format="csv(httpRequest.remoteIp,httpRequest.requestUrl,timestamp)" --project=${project_id}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment