gcloud CLI Automation Patterns

Advancedv1.0.0

Master gcloud CLI patterns for scripting and automation — project configuration, output formatting, filtering, batch operations, and CI/CD integration with Workload Identity.

Content

Overview

The gcloud CLI is the primary tool for Google Cloud automation. Mastering configurations, output formatting, and filtering patterns enables efficient resource management and CI/CD integration.

Why This Matters

-Automation — script repetitive cloud operations
-CI/CD — gcloud is the standard for GCP pipeline deployments
-Multi-project — manage multiple projects with configurations
-Filtering — server-side filters reduce data transfer

Configuration Management

bash

# Create named configurations for different projects
gcloud config configurations create production
gcloud config set project myapp-production
gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-a

gcloud config configurations create development
gcloud config set project myapp-development
gcloud config set compute/region us-central1

# Switch between configurations
gcloud config configurations activate production

# List all configurations
gcloud config configurations list

Output Formatting

bash

# Table format (default, human-readable)
gcloud compute instances list

# JSON output
gcloud compute instances list --format=json

# Specific fields
gcloud compute instances list --format="table(name, zone, status, machineType)"

# CSV for spreadsheets
gcloud compute instances list --format="csv(name, zone, status)"

# Single value extraction
gcloud compute instances describe myvm --format="value(networkInterfaces[0].accessConfigs[0].natIP)"

# Custom formatting
gcloud projects list --format="table(projectId:label=PROJECT, name:label=NAME, lifecycleState:label=STATE)"

Filtering

bash

# Server-side filtering (faster, less data transferred)
gcloud compute instances list --filter="status=RUNNING"
gcloud compute instances list --filter="zone:us-central1-a AND machineType:e2-medium"
gcloud compute instances list --filter="labels.environment=production"
gcloud compute instances list --filter="name~'^web-.*'"  # Regex

# Combined filter and format
gcloud compute instances list \
  --filter="status=RUNNING AND labels.team=platform" \
  --format="table(name, zone, machineType.basename())"

Batch Operations

bash

# Stop all dev instances
gcloud compute instances list \
  --filter="labels.environment=development AND status=RUNNING" \
  --format="value(name, zone)" | while read name zone; do
  gcloud compute instances stop "$name" --zone="$zone" --async
done

# Apply labels to multiple instances
gcloud compute instances list \
  --filter="NOT labels.environment:*" \
  --format="value(name, zone)" | while read name zone; do
  gcloud compute instances add-labels "$name" --zone="$zone" \
    --labels="environment=unknown,needs-review=true"
done

# Delete old snapshots
gcloud compute snapshots list \
  --filter="creationTimestamp<'2024-01-01'" \
  --format="value(name)" | xargs -I {} gcloud compute snapshots delete {} --quiet

CI/CD Authentication

bash

# Workload Identity Federation (recommended — no stored keys)
gcloud auth login --cred-file=credentials.json

# Service account key (legacy — avoid if possible)
gcloud auth activate-service-account --key-file=key.json

# Application Default Credentials
gcloud auth application-default login

# Verify current identity
gcloud auth list
gcloud config get-value project

Project Operations

bash

# List projects
gcloud projects list --format="table(projectId, name, lifecycleState)"

# Set project for all commands
gcloud config set project myapp-production

# Per-command project override
gcloud compute instances list --project=myapp-staging

# Enable APIs
gcloud services enable \
  container.googleapis.com \
  run.googleapis.com \
  cloudbuild.googleapis.com \
  artifactregistry.googleapis.com

Best Practices

-Use named configurations for different projects/environments
-Use --format=value() when piping to other commands
-Use --filter for server-side filtering (faster than client-side grep)
-Use --async for long-running operations in scripts
-Use --quiet to skip confirmation prompts in automation
-Prefer Workload Identity Federation over exported service account keys

Common Mistakes

-Not setting the project context (operates on wrong project)
-Using client-side grep instead of --filter (slower, more data)
-Exporting service account keys for CI/CD (use Workload Identity)
-Forgetting --quiet in automated scripts (hangs on confirmation)

FAQ

Discussion

Loading comments...

gcloud CLI Automation Patterns

Advancedv1.0.0

Master gcloud CLI patterns for scripting and automation — project configuration, output formatting, filtering, batch operations, and CI/CD integration with Workload Identity.

Content

Overview

The gcloud CLI is the primary tool for Google Cloud automation. Mastering configurations, output formatting, and filtering patterns enables efficient resource management and CI/CD integration.

Why This Matters

-Automation — script repetitive cloud operations
-CI/CD — gcloud is the standard for GCP pipeline deployments
-Multi-project — manage multiple projects with configurations
-Filtering — server-side filters reduce data transfer

Configuration Management

bash

# Create named configurations for different projects
gcloud config configurations create production
gcloud config set project myapp-production
gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-a

gcloud config configurations create development
gcloud config set project myapp-development
gcloud config set compute/region us-central1

# Switch between configurations
gcloud config configurations activate production

# List all configurations
gcloud config configurations list

Output Formatting

bash

# Table format (default, human-readable)
gcloud compute instances list

# JSON output
gcloud compute instances list --format=json

# Specific fields
gcloud compute instances list --format="table(name, zone, status, machineType)"

# CSV for spreadsheets
gcloud compute instances list --format="csv(name, zone, status)"

# Single value extraction
gcloud compute instances describe myvm --format="value(networkInterfaces[0].accessConfigs[0].natIP)"

# Custom formatting
gcloud projects list --format="table(projectId:label=PROJECT, name:label=NAME, lifecycleState:label=STATE)"

Filtering

bash

# Server-side filtering (faster, less data transferred)
gcloud compute instances list --filter="status=RUNNING"
gcloud compute instances list --filter="zone:us-central1-a AND machineType:e2-medium"
gcloud compute instances list --filter="labels.environment=production"
gcloud compute instances list --filter="name~'^web-.*'"  # Regex

# Combined filter and format
gcloud compute instances list \
  --filter="status=RUNNING AND labels.team=platform" \
  --format="table(name, zone, machineType.basename())"

Batch Operations

bash

# Stop all dev instances
gcloud compute instances list \
  --filter="labels.environment=development AND status=RUNNING" \
  --format="value(name, zone)" | while read name zone; do
  gcloud compute instances stop "$name" --zone="$zone" --async
done

# Apply labels to multiple instances
gcloud compute instances list \
  --filter="NOT labels.environment:*" \
  --format="value(name, zone)" | while read name zone; do
  gcloud compute instances add-labels "$name" --zone="$zone" \
    --labels="environment=unknown,needs-review=true"
done

# Delete old snapshots
gcloud compute snapshots list \
  --filter="creationTimestamp<'2024-01-01'" \
  --format="value(name)" | xargs -I {} gcloud compute snapshots delete {} --quiet

CI/CD Authentication

bash

# Workload Identity Federation (recommended — no stored keys)
gcloud auth login --cred-file=credentials.json

# Service account key (legacy — avoid if possible)
gcloud auth activate-service-account --key-file=key.json

# Application Default Credentials
gcloud auth application-default login

# Verify current identity
gcloud auth list
gcloud config get-value project

Project Operations

bash

# List projects
gcloud projects list --format="table(projectId, name, lifecycleState)"

# Set project for all commands
gcloud config set project myapp-production

# Per-command project override
gcloud compute instances list --project=myapp-staging

# Enable APIs
gcloud services enable \
  container.googleapis.com \
  run.googleapis.com \
  cloudbuild.googleapis.com \
  artifactregistry.googleapis.com

Best Practices

-Use named configurations for different projects/environments
-Use --format=value() when piping to other commands
-Use --filter for server-side filtering (faster than client-side grep)
-Use --async for long-running operations in scripts
-Use --quiet to skip confirmation prompts in automation
-Prefer Workload Identity Federation over exported service account keys