v1.0.1

Google Cloud Platform

Pipenzo Pipenzo ← All skills

Manage Google Cloud Platform resources via gcloud CLI. Use for Compute Engine VMs, Cloud Run services, Firebase Hosting, Cloud Storage, and project management. Covers deployment, monitoring, logs, and SSH access.

Downloads
1.7k
Stars
0
Versions
2
Updated
2026-02-24

Install

npx clawhub@latest install gcloud

Documentation

Google Cloud Platform Skill

Manage GCP resources using gcloud, gsutil, and firebase CLIs.

Installation

gcloud CLI (one-time setup)

Download and extract


cd ~ && curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz


tar -xzf google-cloud-cli-linux-x86_64.tar.gz



Install (adds to PATH via .bashrc)


./google-cloud-sdk/install.sh --quiet --path-update true



Reload shell or source


source ~/.bashrc



Authenticate


gcloud auth login

Firebase CLI

npm install -g firebase-tools

firebase login

Quick Reference

Authentication & Config

List authenticated accounts


gcloud auth list



Switch active account


gcloud config set account EMAIL



List projects


gcloud projects list



Set default project


gcloud config set project PROJECT_ID



View current config


gcloud config list

---

Compute Engine (VMs)

List Instances

All instances across projects


gcloud compute instances list --project PROJECT_ID



With specific fields


gcloud compute instances list --project PROJECT_ID \


  --format="table(name,zone,status,networkInterfaces[0].accessConfigs[0].natIP)"

Start/Stop/Restart

gcloud compute instances start INSTANCE_NAME --zone ZONE --project PROJECT_ID

gcloud compute instances stop INSTANCE_NAME --zone ZONE --project PROJECT_ID


gcloud compute instances reset INSTANCE_NAME --zone ZONE --project PROJECT_ID

SSH Access

Interactive SSH


gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID



Run command remotely


gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID --command "uptime"



With tunneling (e.g., for local port forwarding)


gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID -- -L 8080:localhost:8080

View Logs

Serial port output (boot logs)


gcloud compute instances get-serial-port-output INSTANCE_NAME --zone ZONE --project PROJECT_ID



Tail logs via SSH


gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID --command "journalctl -f"

---

Cloud Run

List Services

List all services in a region


gcloud run services list --region REGION --project PROJECT_ID



All regions


gcloud run services list --project PROJECT_ID

Deploy

Deploy from source (builds container automatically)


gcloud run deploy SERVICE_NAME \


  --source . \


  --region REGION \


  --project PROJECT_ID \


  --allow-unauthenticated



Deploy existing container image


gcloud run deploy SERVICE_NAME \


  --image gcr.io/PROJECT_ID/IMAGE:TAG \


  --region REGION \


  --project PROJECT_ID

View Service Details

gcloud run services describe SERVICE_NAME --region REGION --project PROJECT_ID

View Logs

Stream logs


gcloud run services logs read SERVICE_NAME --region REGION --project PROJECT_ID --limit 50



Or use Cloud Logging


gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=SERVICE_NAME" \


  --project PROJECT_ID --limit 20 --format="table(timestamp,textPayload)"

Update Environment Variables

gcloud run services update SERVICE_NAME \

  --region REGION \


  --project PROJECT_ID \


  --set-env-vars "KEY1=value1,KEY2=value2"

Traffic Management

Route 100% traffic to latest


gcloud run services update-traffic SERVICE_NAME --to-latest --region REGION --project PROJECT_ID



Split traffic (canary)


gcloud run services update-traffic SERVICE_NAME \


  --to-revisions=REVISION1=90,REVISION2=10 \


  --region REGION --project PROJECT_ID

---

Firebase Hosting

List Projects

firebase projects:list

Deploy

Deploy everything (hosting + functions + rules)


firebase deploy --project PROJECT_ID



Hosting only


firebase deploy --only hosting --project PROJECT_ID



Specific site (multi-site setup)


firebase deploy --only hosting:SITE_NAME --project PROJECT_ID

Preview Channels

Create preview channel


firebase hosting:channel:deploy CHANNEL_NAME --project PROJECT_ID



List channels


firebase hosting:channel:list --project PROJECT_ID



Delete channel


firebase hosting:channel:delete CHANNEL_NAME --project PROJECT_ID

Rollback

List recent deploys


firebase hosting:releases:list --project PROJECT_ID



Rollback to specific version


firebase hosting:rollback --project PROJECT_ID

---

Cloud Storage (gsutil)

List buckets


gsutil ls



List contents


gsutil ls gs://BUCKET_NAME/



Copy file


gsutil cp LOCAL_FILE gs://BUCKET_NAME/path/


gsutil cp gs://BUCKET_NAME/path/file LOCAL_PATH



Sync directory


gsutil -m rsync -r LOCAL_DIR gs://BUCKET_NAME/path/



Make public


gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME

---

Logs & Monitoring

Cloud Logging

Read recent logs


gcloud logging read "resource.type=gce_instance" --project PROJECT_ID --limit 20



Filter by severity


gcloud logging read "severity>=ERROR" --project PROJECT_ID --limit 20



Specific resource


gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=my-service" \


  --project PROJECT_ID --limit 20

Monitoring Metrics

List available metrics


gcloud monitoring metrics list --project PROJECT_ID | head -50



Describe metric


gcloud monitoring metrics-scopes describe projects/PROJECT_ID

---

Billing & Cost Monitoring

View Current Costs

List billing accounts


gcloud billing accounts list



Get billing account linked to project


gcloud billing projects describe PROJECT_ID



View cost breakdown (requires billing export to BigQuery or use console)


Quick estimate via APIs enabled:


gcloud services list --enabled --project PROJECT_ID

Set Budget Alerts

Create budget (via gcloud beta)


gcloud billing budgets create \


  --billing-account=BILLING_ACCOUNT_ID \


  --display-name="Monthly Budget" \


  --budget-amount=50EUR \


  --threshold-rule=percent=50 \


  --threshold-rule=percent=90 \


  --threshold-rule=percent=100



List budgets


gcloud billing budgets list --billing-account=BILLING_ACCOUNT_ID



Describe budget


gcloud billing budgets describe BUDGET_ID --billing-account=BILLING_ACCOUNT_ID

Cost-Saving Tips

Stop unused VMs (saves $$$)


gcloud compute instances stop INSTANCE_NAME --zone ZONE --project PROJECT_ID



Schedule auto-start/stop (use Cloud Scheduler + Cloud Functions or cron)



Check for idle resources


gcloud recommender recommendations list \


  --project=PROJECT_ID \


  --location=global \


  --recommender=google.compute.instance.IdleResourceRecommender

---

Secret Manager

Create & Manage Secrets

Enable API


gcloud services enable secretmanager.googleapis.com --project PROJECT_ID



Create a secret


echo -n "my-secret-value" | gcloud secrets create SECRET_NAME \


  --data-file=- \


  --project PROJECT_ID



Or from file


gcloud secrets create SECRET_NAME --data-file=./secret.txt --project PROJECT_ID

Access Secrets

Get latest version


gcloud secrets versions access latest --secret=SECRET_NAME --project PROJECT_ID



Get specific version


gcloud secrets versions access 1 --secret=SECRET_NAME --project PROJECT_ID



List all secrets


gcloud secrets list --project PROJECT_ID



List versions of a secret


gcloud secrets versions list SECRET_NAME --project PROJECT_ID

Update Secrets

Add new version


echo -n "new-value" | gcloud secrets versions add SECRET_NAME --data-file=- --project PROJECT_ID



Disable old version


gcloud secrets versions disable VERSION_ID --secret=SECRET_NAME --project PROJECT_ID



Delete version (permanent!)


gcloud secrets versions destroy VERSION_ID --secret=SECRET_NAME --project PROJECT_ID

Use in Cloud Run

Deploy with secret as env var


gcloud run deploy SERVICE_NAME \


  --image IMAGE \


  --region REGION \


  --project PROJECT_ID \


  --set-secrets="ENV_VAR_NAME=SECRET_NAME:latest"



Mount as file


gcloud run deploy SERVICE_NAME \


  --image IMAGE \


  --region REGION \


  --project PROJECT_ID \


  --set-secrets="/path/to/secret=SECRET_NAME:latest"

---

Artifact Registry (Container Images)

Setup

Enable API


gcloud services enable artifactregistry.googleapis.com --project PROJECT_ID



Create Docker repository


gcloud artifacts repositories create REPO_NAME \


  --repository-format=docker \


  --location=REGION \


  --project PROJECT_ID \


  --description="Docker images"

Configure Docker Auth

Configure Docker to use gcloud credentials


gcloud auth configure-docker REGION-docker.pkg.dev

Build & Push Images

Build with Cloud Build (no local Docker needed)


gcloud builds submit --tag REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG



Or with local Docker


docker build -t REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG .


docker push REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG

List & Manage Images

List images


gcloud artifacts docker images list REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME



List tags for an image


gcloud artifacts docker tags list REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE



Delete image


gcloud artifacts docker images delete REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG

---

Cloud SQL (Databases)

Create Instance

Enable API


gcloud services enable sqladmin.googleapis.com --project PROJECT_ID



Create PostgreSQL instance


gcloud sql instances create INSTANCE_NAME \


  --database-version=POSTGRES_15 \


  --tier=db-f1-micro \


  --region=REGION \


  --project PROJECT_ID



Create MySQL instance


gcloud sql instances create INSTANCE_NAME \


  --database-version=MYSQL_8_0 \


  --tier=db-f1-micro \


  --region=REGION \


  --project PROJECT_ID

Manage Databases & Users

Create database


gcloud sql databases create DB_NAME --instance=INSTANCE_NAME --project PROJECT_ID



List databases


gcloud sql databases list --instance=INSTANCE_NAME --project PROJECT_ID



Create user


gcloud sql users create USERNAME \


  --instance=INSTANCE_NAME \


  --password=PASSWORD \


  --project PROJECT_ID



List users


gcloud sql users list --instance=INSTANCE_NAME --project PROJECT_ID

Connect

Connect via Cloud SQL Proxy (recommended)


First, download proxy: https://cloud.google.com/sql/docs/mysql/sql-proxy



Direct connection (requires public IP & authorized networks)


gcloud sql connect INSTANCE_NAME --user=USERNAME --project PROJECT_ID



Get connection info


gcloud sql instances describe INSTANCE_NAME --project PROJECT_ID \


  --format="value(connectionName)"

Backups

Create on-demand backup


gcloud sql backups create --instance=INSTANCE_NAME --project PROJECT_ID



List backups


gcloud sql backups list --instance=INSTANCE_NAME --project PROJECT_ID



Restore from backup


gcloud sql backups restore BACKUP_ID --restore-instance=INSTANCE_NAME --project PROJECT_ID

Connect from Cloud Run

Deploy with Cloud SQL connection


gcloud run deploy SERVICE_NAME \


  --image IMAGE \


  --region REGION \


  --project PROJECT_ID \


  --add-cloudsql-instances=PROJECT_ID:REGION:INSTANCE_NAME \


  --set-env-vars="DB_HOST=/cloudsql/PROJECT_ID:REGION:INSTANCE_NAME"

---

Troubleshooting

"API not enabled"

Enable an API


gcloud services enable run.googleapis.com --project PROJECT_ID


gcloud services enable compute.googleapis.com --project PROJECT_ID

"Permission denied"

Check IAM roles


gcloud projects get-iam-policy PROJECT_ID --flatten="bindings[].members" \


  --format="table(bindings.role)" --filter="bindings.members:EMAIL"

"Not authenticated"

gcloud auth login

gcloud auth application-default login  # For ADC (used by libraries)

Refresh credentials

gcloud auth login --force

Launch an agent with Google Cloud Platform on Termo.

Use this skill View on ClawHub