GCloud CLI

VM

Network

IAM

GKE

KMS

ISTIO

Project

Get active account name
gcloud auth list
Set active account
gcloud config set account <account>
Get config
gcloud config list [--all]
Get a list of projects:
gcloud config list project 
Set Project ID
gcloud config set project <project_id>
Get Project Info
gcloud compute project-info describe --project <your_project_ID>
List components
gcloud components list
Get Zone/Region
gcloud config get-value compute/zone
gcloud config get-value compute/region
Set Zone
gcloud config set compute/zone <zone>
Install cloud sdk
sudo apt-get install google-cloud-sdk
Enable interactive (includes autocomplete)
gcloud beta interactive

VM

Create a VM
gcloud compute instances create
Get VM info
gcloud compute instances describe <vm>
SSH to VM
gcloud compute ssh <vm_name> --zone <zone>
Test RDP is running
gcloud compute instances get-serial-port-output <vm-name>
Set windows password
gcloud compute reset-windows-password [instance] --zone us-central1-a --user [username]

Network

Create a network
gcloud compute networks create <network_name> --subnet-mode <mode>

mode:
auto are created automatically. This is the recommended selection
custom Create subnets manually.
Create subnet in current VPC
gcloud compute networks subnets create <subnet_name> --network <network_name> --range <cidr> --region <region>
List project routes
gcloud compute routes list --project <project_id>
Get External IP of a VM
gcloud compute instances describe source-instance --zone <zone> | grep natIP

IAM

 List Permissions for a project
 gcloud iam list-testable-permissions //cloudresourcemanager.googleapis.com/projects/$DEVSHELL_PROJECT_ID
View Role Metadata
gcloud iam roles describe <role_name>
e.g. ROLE_NAME = roles/viewer, roles/editor etc
List Grantable roles
gcloud iam list-grantable-roles //cloudresourcemanager.googleapis.com/projects/$DEVSHELL_PROJECT_ID
List Custom Roles
gcloud iam roles list --project $DEVSHELL_PROJECT_ID
Add/Remove Permissions from role using flags

[Add]
gcloud iam roles update <role> --project $DEVSHELL_PROJECT_ID --add-permissions <comma separated list of roles> e.g. buckets.get,storage.buckets.list

[Remove]
gcloud iam roles update <role> --project $DEVSHELL_PROJECT_ID --remove-permissions <comma separated list of roles>
Disable a Role
gcloud iam roles update <role> --project $DEVSHELL_PROJECT_ID --stage DISABLED
Delete a Role
gcloud iam roles delete <delete> --project $DEVSHELL_PROJECT_ID

Existing bindings remain and are set to inactive
Can be undeleted within 7 days
37 days after deletion, the Role ID is available to be used again.
Undelete a role
gcloud iam roles undelete <role> --project $DEVSHELL_PROJECT_ID
Create Service Account
gcloud iam service-accounts create <account_id> --display-name "<DESCRIPTION>"
Describe Service Account
gcloud iam service-accounts describe <account_id>@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com

GKE

Create GKE cluster
gcloud container clusters create <cluster_name>
Authenticate GKE cluster
gcloud container clusters get-credentials <cluster_name>
Get admin permissions on GKEcluster
kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=<user>
List Clusters
gcloud container clusters list
Get Cluster Info
kubectl cluster-info
Create GKE deployment from a Container Repository
kubectl create deployment <name> --image=<container_image>
Create deployment from yaml configuration file
kubectl create -f <path_to_yaml_file>
List deployments
kubectl get deployments
Get deployment yaml
kubectl get deployment <name> -o yaml
List namespaces
kubectl get ns
Get Kubernetes services
kubectl get services [-n <namespace>] e.g. namespace = istio-system
Get detailed Pod info
kubectl describe pods <name>
Get Pods by namespace
kubectl get pods --namespace <namespace>
kubectl get pods -n <namespace> 
Create namespace
kubectl create ns <namespace>
Expose a Kubernetes service
kubectl expose deployment <name> --type=<type_of_service> --port <port>

<type> = ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'.
Configure Port Forwarding on a Pod
kubectl port-forward <local_host_port>:<pod_internal_port>
Get Pod logs
kubectl logs [ -f ] <pod>
Get Pod Labels
kubectl get pods <pod> --show-labels
Add Labels to a Pod
kubectl label pods <pod> <label>
Get Pods by label
kubectl get pods -selector=<labels>
kubectl get pods -l <labels>
Get Pod config in json format
kubectl get pods <pod> -o json
List Containers in a Pod
kubectl get pods <pod> -o jsonpath='{.spec.containers[*].name}'
Run shell inside a container
kubectl exec <pod> --stdin --tty -c <container> /bin/sh
Delete a container cluster
gcloud container clusters delete <cluster_name>

KMS

Enable KMS API
gcloud services enable cloudkms.googleapis.com
Create Keyring 
gcloud kms keyrings create <keyring_name> --location <location>

location: global or regional
Create a cryotokey
gcloud kms keys create <crypotokey_name> --location <region> --keyring <keyring_name> --purpose encryption

Note: Crypto keys and Rings cannot be deleted in Cloud KMS

ISTIO

Install Istio
curl -L https://git.io/getLatestIstio | ISTIO_VERSION=<version> sh -
Deploy cluster with Istio add-on
gcloud beta container clusters create <cluster_name> --zone <zone> --num-nodes 4 --machine-type "n1-standard-2" --image-type "COS" --cluster-version=<cluster_version> --enable-ip-alias --addons=Istio --istio-config=auth=MTLS_STRICT

e.g. cluster-version = latest
Inject Istio sidecar proxy into a depployment
istioctl kube-inject -f <deployment_yaml> > deployment_istio_yaml
kubectl apply -f <deployment_istio_yaml>
Get istio gatways
kubectl get gateway
Install Kpt (kept)
sudo apt-get install google-cloud-sdk-kpt
Download Anthos service mesh
kpt pkg get https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages@<version> asm
e.g. github.com/GoogleCloudPlatform/anthos-service-mesh-packages@1.6.8-asm.9 asm