gcloud Cheatsheet

Top commands.

Authentication

gcloud auth is the entry point for everything. Get the auth and configurations right and the rest of the CLI behaves.

• gcloud auth login: Per-user the interactive browser flow. Standard for human users.
• gcloud auth activate-service-account --key-file=key.json: Per-service-account the credential. For CI and automation.
• gcloud config configurations create dev: Per-context the named configuration. Switch projects, accounts, regions in one command.
• gcloud auth application-default login: Per-host the ADC. The discipline supports SDK clients.

Project and region management

Project and region defaults shape every subsequent command. Set them explicitly per terminal.

• gcloud config set project my-project: Per-shell the default project. Sets default for subsequent commands.
• gcloud config set compute/region us-central1: Per-shell the default region. Avoids per-command --region.
• gcloud projects list: Per-account the project list. Useful when working across many.
• gcloud config configurations activate dev: Per-shell the named configuration switch. The discipline catches the wrong-project mistake.

Compute Engine commands

Compute Engine is where the bulk of daily work lives. Three commands cover 80 percent of cases.

• gcloud compute instances list: Per-project the VM inventory. Lists VMs in current project.
• gcloud compute instances create my-vm --zone=us-central1-a --machine-type=e2-medium: Per-VM the explicit creation. Sane defaults; spell out zone and type.
• gcloud compute ssh my-vm: Per-VM the auth-handled SSH. Handles key distribution.
• gcloud compute instances stop my-vm: Per-VM the stop. The discipline supports cost hygiene.

GKE commands

GKE on the CLI is a thin wrapper over kubectl context. Three commands set you up.

• gcloud container clusters list: Per-project the cluster inventory. Lists clusters across regions.
• gcloud container clusters get-credentials my-cluster --region=us-central1: Per-cluster the kubectl context. Standard onboarding step.
• gcloud container clusters update --enable-autoscaling: Per-cluster the in-place config change. The discipline supports operations.
• gcloud container node-pools list --cluster=my-cluster: Per-cluster the node-pool inventory. Useful for cost and scaling reviews.

Logs and debugging

Logging and IAM are the daily debugging surface. Read, tail, describe.

• gcloud logging read 'resource.type=gce_instance' --limit=50: Per-query the recent log read. Filter by resource type.
• gcloud logging tail 'resource.type=gce_instance': Per-resource the live tail. Useful during incidents.
• gcloud projects describe my-project: Per-project the IAM and metadata. Surfaces who has what access.
• gcloud iam service-accounts list: Per-project the SA inventory. The discipline supports access reviews.