gcloud is the command-line interface (CLI) for the Google Cloud Platform (GCP). Gcloud commands allows users to interact with GCP resources and services, including managing virtual machines, deploying applications, configuring networking, and more.
gcloud, users can manage their GCP resources from their local machine without using the web console. The
gcloud CLI can be installed on Windows, Linux, and macOS machines.
gcloud provides a set of commands that can be used to perform various operations on GCP resources, such as creating and managing virtual machines, creating and managing storage buckets, and managing network configurations.
Users can also use
gcloud to interact with services like Google Kubernetes Engine (GKE), Google Cloud Storage, and Google Cloud SQL.
gcloud commands can be run in a terminal window or incorporated into scripts for automated workflows.
How to manage oauth2 credentials in GCP
The gcloud auth commands are used to add and remove access to the Google Cloud CLI. If you come from an AWS background, Google Auth works exactly the same as AWS SSO.
To manage OAuth2 credentials in Google Cloud Platform (GCP), you can use the Cloud Console or the gcloud command-line tool. Here are the general steps:
- Create a project in the GCP Console if you haven’t already done so.
- Go to the APIs & Services Dashboard and click on the “+CREATE CREDENTIALS” button.
- Select “OAuth client ID” from the dropdown menu.
- Choose your application type (Web application, Android, iOS, or Desktop app) and provide the required information.
- Once the OAuth2 client ID is created, you can view, edit, or delete it from the Credentials page in the Console.
- To use the client ID in your application, you’ll need to configure your application to use the OAuth2 flow appropriate for your application type. This will typically involve redirecting users to a Google sign-in page and obtaining an authorization code or token that can be used to make API requests on behalf of the user.
To manage OAuth2 credentials using the gcloud command-line tool, you can use the
gcloud auth application-default command. This command sets up application default credentials for your local development environment. Here are the general steps:
- Install the gcloud command-line tool if you haven’t already done so.
- Open a terminal window and run the following command to authenticate with your GCP account:
gcloud auth login
Once you’ve authenticated, run the following command to set up application default credentials:
gcloud auth application-default login
This will generate a new OAuth2 client ID and store it locally.
To view or manage your application default credentials, run the following command:
gcloud auth application-default --help This will show you the available options for managing your credentials.
Note that application default credentials are typically used for local development and testing. In production, you should use a more secure authentication method, such as service accounts.
gcloud auth command list
gcloud auth gcloud auth activate-refresh-token gcloud auth activate-service-account gcloud auth git-helper gcloud auth list gcloud auth login gcloud auth print-access-token gcloud auth print-refresh-token gcloud auth revoke
How to manage gcloud components?
gcloud components are used to manage the tools and plugins associated with the gcloud CLI.
gcloud components gcloud components list gcloud components remove gcloud components repositories gcloud components repositories add gcloud components repositories list gcloud components repositories remove gcloud components restore gcloud components update
Name: gcloud app Python Extensions ID: app-engine-python Size: 8.6 MiB Status: Not Installed Name: Appctl ID: appctl Size: 21.0 MiB Status: Not Installed Name: Artifact Registry Go Module Package Helper ID: package-go-module Size: < 1 MiB Status: Not Installed Name: Cloud Firestore Emulator ID: cloud-firestore-emulator Size: 40.2 MiB Status: Not Installed Name: Cloud SQL Proxy ID: cloud_sql_proxy Size: 7.8 MiB Status: Not Installed Name: Cloud Spanner Emulator ID: cloud-spanner-emulator Size: 27.2 MiB Status: Not Installed Name: Cloud Spanner Migration Tool ID: harbourbridge Size: 14.8 MiB Status: Not Installed Name: Google Container Registry's Docker credential helper ID: docker-credential-gcr Size: 1.8 MiB Status: Not Installed Name: Kustomize ID: kustomize Size: 4.3 MiB Status: Not Installed Name: Nomos CLI ID: nomos Size: 25.0 MiB Status: Not Installed Name: Terraform Tools ID: terraform-tools Size: 52.7 MiB Status: Not Installed Name: anthos-auth ID: anthos-auth Size: 19.2 MiB Status: Not Installed Name: config-connector ID: config-connector Size: 56.4 MiB Status: Not Installed Name: kubectl ID: kubectl Size: < 1 MiB Status: Not Installed Name: kubectl-oidc ID: kubectl-oidc Size: 19.2 MiB Status: Not Installed Name: pkg ID: pkg Size:
How to Create and Manipulate Compute Engine Resources.
The bulk of the gcloud commands are kept under gcloud compute group. This selection manages all GCP resources.
All commands start gcloud compute
Compute firewall-policies Manage Compute Engine organization firewall policies. machine-images Read and manage Compute Engine machine image resources. network-firewall-policies Manage Compute Engine network firewall policies. reservations Manage Compute Engine reservations. resource-policies Manage Compute Engine Resource Policies. Disks disk-types Read Compute Engine virtual disk types. disks Read and manipulate Compute Engine disks. Info accelerator-types Read Compute Engine accelerator types. machine-types Read Compute Engine virtual machine types. operations Read and manipulate Compute Engine operations. regions List Compute Engine regions. zones List Compute Engine zones. Instances commitments Manage Compute Engine commitments. diagnose Debugging tools for Compute Engine virtual machine instances. images List, create, and delete Compute Engine images. instance-groups Read and manipulate Compute Engine instance groups. instance-templates Read and manipulate Compute Engine instances templates. instances Read and manipulate Compute Engine virtual machine instances. snapshots List, describe, and delete Compute Engine snapshots. sole-tenancy Read and manage Compute Engine sole-tenancy resources. target-instances Read and manipulate Compute Engine virtual target instances. tpus List, create, and delete Cloud TPUs. Load Balancing backend-buckets Read and manipulate backend buckets. backend-services List, create, and delete backend services. forwarding-rules Read and manipulate traffic forwarding rules to network load balancers. health-checks Read and manipulate health checks for load balanced instances. http-health-checks Read and manipulate HTTP health checks for load balanced instances. https-health-checks Read and manipulate HTTPS health checks for load balanced instances. security-policies Read and manipulate Cloud Armor security policies. ssl-certificates List, create, and delete Compute Engine SSL certificate resources. ssl-policies List, create, delete and update Compute Engine SSL policies. target-pools Control Compute Engine target pools for network load balancing. Networking addresses Read and manipulate Compute Engine addresses. external-vpn-gateways List, create, delete and update External VPN Gateways. firewall-rules List, create, update, and delete Compute Engine firewall rules. interconnects Read and manipulate Compute Engine interconnects. network-endpoint-groups Read and manipulate Compute Engine network endpoint groups. networks List, create, and delete Compute Engine networks. packet-mirrorings Manage Compute Engine packet mirroring resources. public-advertised-prefixes Manage public advertised prefix resources. public-delegated-prefixes Manage public delegated prefix resources. routers List, create, and delete Compute Engine routers. routes Read and manipulate routes. service-attachments Manage Compute Engine service attachment resources. shared-vpc Configure shared VPC. target-grpc-proxies Manage Compute Engine target gRPC proxy resources. target-http-proxies List, create, and delete target HTTP proxies. target-https-proxies List, create, and delete target HTTPS proxies. target-ssl-proxies List, create, and delete target SSL proxies. target-tcp-proxies List, create, and delete target TCP proxies. target-vpn-gateways Read and manipulate classic VPN gateways. url-maps List, create, and delete URL maps. vpn-gateways read and manipulate Highly Available VPN Gateways. vpn-tunnels Read and manipulate Compute Engine VPN tunnels. Tools os-config Manage OS Config tasks for Compute Engine VM instances. os-login Create and manipulate Compute Engine OS Login resources. project-info Read and manipulate project-level data like quotas and metadata. Available commands for gcloud compute: Other copy-files *(DEPRECATED)* Copy files to and from Google Compute Engine virtual machines via scp. start-iap-tunnel Starts an IAP TCP forwarding tunnel. Tools config-ssh Populate SSH config files with Host entries from each instance. connect-to-serial-port Connect to the serial port of an instance. reset-windows-password Reset and return a password for a Windows machine instance. scp Copy files to and from Google Compute Engine virtual machines via scp. sign-url Sign specified URL for use with Cloud CDN Signed URLs. ssh SSH into a virtual machine instance.
Here are the general steps to create and manipulate Compute Engine resources using the
gcloud command-line tool:
- Install the gcloud command-line tool if you haven’t already done so.
- Authenticate with your GCP account by running the following command and following the on-screen prompts:
gcloud auth login
Create a new Compute Engine instance by running the following command:
gcloud compute instances create INSTANCE-NAME --machine-type MACHINE-TYPE --image IMAGE-NAME --zone ZONE
INSTANCE-NAME with a name for your instance,
MACHINE-TYPE with the machine type you want to use (e.g.,
IMAGE-NAME with the name of the image you want to use (e.g.,
ZONE with the zone you want to create the instance in (e.g.,
List your Compute Engine instances by running the following command:
gcloud compute instances list
This will show you a list of all your instances and their current status.
Connect to your instance by running the following command:
gcloud compute ssh INSTANCE-NAME --zone ZONE
INSTANCE-NAME with the name of the instance you want to connect to and
ZONE with the zone it’s in.
Stop or start an instance by running the following command:
gcloud compute instances stop INSTANCE-NAME --zone ZONE
gcloud compute instances start INSTANCE-NAME --zone ZONE
INSTANCE-NAME with the name of the instance you want to stop or start, and
ZONE with the zone it’s in.
Delete an instance by running the following command:
gcloud compute instances delete INSTANCE-NAME --zone ZONE Replace INSTANCE-NAME with the name of the instance you want to delete, and ZONE with the zone it's in.
These are just a few examples of the many things you can do with the
gcloud command-line tool and Compute Engine. You can find more information and examples in the
How to edit Google Cloud CLI properties?
The gcloud config command group lets you set, view and unset properties Google Cloud CLI uses.
Remember you can use gcloud info to learn about your current properties and environmental variables
gcloud config gcloud config list gcloud config set gcloud config unset