🚀

GKE CLI

gcloud and kubectl commands for Google Kubernetes Engine — clusters, workloads, networking, and operations

Auth & Project Setup

Authenticate and configure gcloud before anything else

bash·Login to Google account

gcloud auth login

bash·Login with Application Default Credentials

gcloud auth application-default login

bash·Set active project

gcloud config set project <project-id>

bash·Set default region and zone

gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-a

bash·Show current config

gcloud config list

bash·List all config profiles

gcloud config configurations list

bash·Create and activate a new config profile

gcloud config configurations create <profile>
gcloud config configurations activate <profile>

bash·Print active account and project

gcloud auth list
gcloud config get-value project

Cluster Management

Create, resize, upgrade and delete GKE clusters

bash·List clusters

gcloud container clusters list

bash·Describe a cluster

gcloud container clusters describe <cluster> --region <region>

bash·Create Autopilot cluster (recommended)

gcloud container clusters create-auto <cluster> --region us-central1

bash·Create Standard cluster

gcloud container clusters create <cluster> \
  --region us-central1 \
  --num-nodes 3 \
  --machine-type e2-standard-4 \
  --enable-autoscaling --min-nodes 1 --max-nodes 10 \
  --enable-ip-alias \
  --workload-pool=<project-id>.svc.id.goog

bash·Get credentials (update kubeconfig)

gcloud container clusters get-credentials <cluster> --region <region>

bash·Resize a node pool

gcloud container clusters resize <cluster> --node-pool <pool> --num-nodes 5 --region <region>

bash·Upgrade cluster control plane

gcloud container clusters upgrade <cluster> --master --cluster-version <version> --region <region>

bash·Upgrade a node pool

gcloud container clusters upgrade <cluster> --node-pool <pool> --region <region>

bash·Delete cluster

gcloud container clusters delete <cluster> --region <region>

Node Pools

Add, scale and manage node pools within a cluster

bash·List node pools

gcloud container node-pools list --cluster <cluster> --region <region>

bash·Describe a node pool

gcloud container node-pools describe <pool> --cluster <cluster> --region <region>

bash·Add a GPU node pool

gcloud container node-pools create gpu-pool \
  --cluster <cluster> --region <region> \
  --machine-type a2-highgpu-1g \
  --accelerator type=nvidia-tesla-a100,count=1 \
  --num-nodes 1

bash·Add a spot (preemptible) node pool

gcloud container node-pools create spot-pool \
  --cluster <cluster> --region <region> \
  --machine-type e2-standard-4 \
  --spot \
  --enable-autoscaling --min-nodes 0 --max-nodes 20

bash·Cordon all nodes in a pool (stop scheduling)

kubectl cordon $(kubectl get nodes -l cloud.google.com/gke-nodepool=<pool> -o name)

bash·Delete a node pool

gcloud container node-pools delete <pool> --cluster <cluster> --region <region>

kubectl Essentials

Everyday kubectl commands for GKE workloads

bash·Show all contexts

kubectl config get-contexts

bash·Switch context

kubectl config use-context <context>

bash·List all resources in namespace

kubectl get all -n <namespace>

bash·List pods with node placement

kubectl get pods -o wide -n <namespace>

bash·Describe a pod

kubectl describe pod <pod> -n <namespace>

bash·Stream pod logs

kubectl logs -f <pod> -n <namespace> --tail=100

bash·Stream logs from all pods in a deployment

kubectl logs -f deployment/<name> -n <namespace> --all-containers=true

bash·Exec into a pod

kubectl exec -it <pod> -n <namespace> -- /bin/sh

bash·Copy file from pod

kubectl cp <namespace>/<pod>:/path/to/file ./local-file

bash·Port-forward a service

kubectl port-forward svc/<service> 8080:80 -n <namespace>

bash·Apply manifests

kubectl apply -f ./manifests/

bash·Delete resources from manifests

kubectl delete -f ./manifests/

bash·Rollout restart deployment

kubectl rollout restart deployment/<name> -n <namespace>

bash·Check rollout status

kubectl rollout status deployment/<name> -n <namespace>

bash·Undo last rollout

kubectl rollout undo deployment/<name> -n <namespace>

Workload Identity

Bind Kubernetes service accounts to Google IAM roles — the secure way to access GCP services from pods

bash·Create a GCP service account

gcloud iam service-accounts create <gsa-name> --project <project-id>

bash·Grant GCP role to service account

gcloud projects add-iam-policy-binding <project-id> \
  --member="serviceAccount:<gsa-name>@<project-id>.iam.gserviceaccount.com" \
  --role="roles/storage.objectViewer"

bash·Create Kubernetes service account

kubectl create serviceaccount <ksa-name> -n <namespace>

bash·Bind KSA → GSA (Workload Identity)

gcloud iam service-accounts add-iam-policy-binding <gsa-name>@<project-id>.iam.gserviceaccount.com \
  --role roles/iam.workloadIdentityUser \
  --member "serviceAccount:<project-id>.svc.id.goog[<namespace>/<ksa-name>]"

bash·Annotate KSA with GSA email

kubectl annotate serviceaccount <ksa-name> -n <namespace> \
  iam.gke.io/gcp-service-account=<gsa-name>@<project-id>.iam.gserviceaccount.com

bash·Verify Workload Identity is working

kubectl run -it --rm debug --image=google/cloud-sdk:slim \
  --serviceaccount=<ksa-name> -n <namespace> \
  -- gcloud auth list

Networking & Ingress

Manage GKE services, load balancers and GKE Gateway

bash·List services and external IPs

kubectl get svc -A

bash·Expose deployment as LoadBalancer

kubectl expose deployment <name> --type=LoadBalancer --port=80 --target-port=8080 -n <namespace>

bash·List ingresses

kubectl get ingress -A

bash·List GKE Gateways

kubectl get gateway -A

bash·Reserve a static external IP

gcloud compute addresses create <name> --global

bash·List reserved IP addresses

gcloud compute addresses list

bash·List firewall rules

gcloud compute firewall-rules list --format='table(name,direction,sourceRanges,allowed)'

bash·Describe a load balancer backend service

gcloud compute backend-services describe <name> --global

Artifact Registry

Push and pull container images using Google Artifact Registry

bash·Configure Docker auth for Artifact Registry

gcloud auth configure-docker <region>-docker.pkg.dev

bash·Create a Docker repository

gcloud artifacts repositories create <repo> --repository-format=docker --location=<region>

bash·List repositories

gcloud artifacts repositories list

bash·Tag and push image

docker tag <local-image>:<tag> <region>-docker.pkg.dev/<project-id>/<repo>/<image>:<tag>
docker push <region>-docker.pkg.dev/<project-id>/<repo>/<image>:<tag>

bash·List images in repository

gcloud artifacts docker images list <region>-docker.pkg.dev/<project-id>/<repo>

bash·Delete an image tag

gcloud artifacts docker tags delete <region>-docker.pkg.dev/<project-id>/<repo>/<image>:<tag>

bash·Build and push with Cloud Build

gcloud builds submit --tag <region>-docker.pkg.dev/<project-id>/<repo>/<image>:<tag> .

Logging & Monitoring

Query Cloud Logging and inspect cluster metrics from the CLI

bash·Tail GKE container logs from Cloud Logging

gcloud logging read \
  'resource.type="k8s_container" AND resource.labels.cluster_name="<cluster>" AND resource.labels.namespace_name="<namespace>"' \
  --limit 50 --format "value(textPayload)" --freshness 1h

bash·Query logs with severity filter

gcloud logging read \
  'resource.type="k8s_container" AND severity>=ERROR AND resource.labels.cluster_name="<cluster>"' \
  --limit 100 --format json | jq '.[].textPayload'

bash·List Cloud Monitoring alert policies

gcloud alpha monitoring policies list

bash·List uptime checks

gcloud monitoring uptime list-configs

bash·View node resource usage (top)

kubectl top nodes

bash·View pod resource usage

kubectl top pods -n <namespace> --sort-by=cpu

bash·Describe node for pressure/events

kubectl describe node <node-name>

Debugging & Troubleshooting

Diagnose failing pods, OOMKills, and cluster issues

bash·Show events sorted by time

kubectl get events -n <namespace> --sort-by=.lastTimestamp

bash·Show only Warning events cluster-wide

kubectl get events -A --field-selector type=Warning

bash·Get previous container logs (after crash)

kubectl logs <pod> -n <namespace> --previous

bash·Run ephemeral debug container

kubectl debug -it <pod> -n <namespace> --image=busybox --target=<container>

bash·Check pod resource requests vs limits

kubectl get pod <pod> -n <namespace> -o jsonpath='{.spec.containers[*].resources}'

bash·List pods in CrashLoopBackOff

kubectl get pods -A | grep CrashLoopBackOff

bash·Check HorizontalPodAutoscaler status

kubectl get hpa -n <namespace>

bash·Drain node for maintenance

kubectl drain <node> --ignore-daemonsets --delete-emptydir-data

bash·Uncordon node after maintenance

kubectl uncordon <node>

bash·Force delete a stuck terminating pod

kubectl delete pod <pod> -n <namespace> --grace-period=0 --force