diff --git a/skills/cloud/alloydb-basics/SKILL.md b/skills/cloud/alloydb-basics/SKILL.md index 8bd5129241..31c978c448 100644 --- a/skills/cloud/alloydb-basics/SKILL.md +++ b/skills/cloud/alloydb-basics/SKILL.md @@ -20,14 +20,15 @@ endpoint management to help developers build AI apps faster. 1. **Enable the AlloyDB API:** ```bash - gcloud services enable alloydb.googleapis.com + gcloud services enable alloydb.googleapis.com --quiet ``` 2. **Create a Cluster:** ```bash gcloud alloydb clusters create my-cluster --region=us-central1 \ - --password=my-password --network=my-vpc + --password=my-password --network=my-vpc \ + --quiet ``` *Note: For production, we recommend using IAM database authentication @@ -39,7 +40,8 @@ endpoint management to help developers build AI apps faster. ```bash gcloud alloydb instances create my-primary --cluster=my-cluster \ - --region=us-central1 --instance-type=PRIMARY --cpu-count=2 + --region=us-central1 --instance-type=PRIMARY --cpu-count=2 \ + --quiet ``` ## Reference Directory diff --git a/skills/cloud/bigquery-basics/SKILL.md b/skills/cloud/bigquery-basics/SKILL.md index 8f83de5036..74bc127d43 100644 --- a/skills/cloud/bigquery-basics/SKILL.md +++ b/skills/cloud/bigquery-basics/SKILL.md @@ -21,7 +21,7 @@ intelligence capabilities. 1. **Enable the BigQuery API:** ```bash - gcloud services enable bigquery.googleapis.com + gcloud services enable bigquery.googleapis.com --quiet ``` 2. **Create a Dataset:** diff --git a/skills/cloud/cloud-run-basics/SKILL.md b/skills/cloud/cloud-run-basics/SKILL.md index 8bffebe374..5c043760fd 100644 --- a/skills/cloud/cloud-run-basics/SKILL.md +++ b/skills/cloud/cloud-run-basics/SKILL.md @@ -27,7 +27,7 @@ types: 1. Enable the Cloud Run Admin API and Cloud Build APIs: ```bash - gcloud services enable run.googleapis.com cloudbuild.googleapis.com + gcloud services enable run.googleapis.com cloudbuild.googleapis.com --quiet ``` 1. If you are under a domain restriction organization policy [restricting](https://docs.cloud.google.com/organization-policy/restrict-domains) @@ -55,7 +55,8 @@ Cloud Run Builder (`roles/run.builder`) role on your project: ```bash gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:SERVICE_ACCOUNT_EMAIL_ADDRESS \ - --role=roles/run.builder + --role=roles/run.builder \ + --quiet ``` Replace `PROJECT_ID` with your Google Cloud project ID and @@ -106,7 +107,8 @@ To deploy a container image, run the following command: gcloud run deploy SERVICE_NAME \ --image IMAGE_URL \ --region us-central1 \ - --allow-unauthenticated + --allow-unauthenticated \ + --quiet ``` Replace the following: @@ -139,7 +141,8 @@ There are two different ways to deploy your service from source: ```bash gcloud run deploy SERVICE_NAME --source . \ --base-image BASE_IMAGE \ - --automatic-updates + --automatic-updates \ + --quiet ``` Cloud Run only supports automatic base images that use [Google Cloud's @@ -149,7 +152,7 @@ There are two different ways to deploy your service from source: * To deploy from source using a Dockerfile, run the following command: ```bash - gcloud run deploy SERVICE_NAME --source . + gcloud run deploy SERVICE_NAME --source . --quiet ``` When you provide a Dockerfile, Cloud Build runs it in the cloud, and deploys the service. @@ -165,7 +168,8 @@ There are two different ways to deploy your service from source: --no-build \ --base-image=BASE_IMAGE \ --command=COMMAND \ - --args=ARG + --args=ARG \ + --quiet ``` Replace the following: @@ -192,13 +196,13 @@ There are two different ways to deploy your service from source: To create a new job, run the following command: ```bash -gcloud run jobs create JOB_NAME --image IMAGE_URL OPTIONS +gcloud run jobs create JOB_NAME --image IMAGE_URL OPTIONS --quiet ``` Alternatively, use the deploy command: ```bash -gcloud run jobs deploy JOB_NAME --image IMAGE_URL OPTIONS +gcloud run jobs deploy JOB_NAME --image IMAGE_URL OPTIONS --quiet ``` Replace the following: @@ -243,14 +247,14 @@ successful completion. To execute an existing job, run the following command: ```bash -gcloud run jobs execute JOB_NAME +gcloud run jobs execute JOB_NAME --quiet ``` If you want the command to wait until the execution completes, run the following command: ```bash -gcloud run jobs execute JOB_NAME --wait --region=REGION +gcloud run jobs execute JOB_NAME --wait --region=REGION --quiet ``` Replace the following: @@ -296,7 +300,7 @@ repository](https://docs.cloud.google.com/artifact-registry/docs/repositories/re To deploy a container image, run the following command: ```bash -gcloud run worker-pools deploy WORKER_POOL_NAME --image IMAGE_URL +gcloud run worker-pools deploy WORKER_POOL_NAME --image IMAGE_URL --quiet ``` Replace the following: @@ -333,7 +337,7 @@ default, Cloud Run uses the default machine type provided by Cloud Build. To deploy a worker pool from source, run the following command: ```bash -gcloud run worker-pools deploy WORKER_POOL_NAME --source . +gcloud run worker-pools deploy WORKER_POOL_NAME --source . --quiet ``` Replace `WORKER_POOL_NAME` with the name you want for your worker pool. diff --git a/skills/cloud/cloud-run-basics/references/cli-usage.md b/skills/cloud/cloud-run-basics/references/cli-usage.md index 5ab2f061d1..e7f88a4c9f 100644 --- a/skills/cloud/cloud-run-basics/references/cli-usage.md +++ b/skills/cloud/cloud-run-basics/references/cli-usage.md @@ -16,32 +16,33 @@ gcloud run [GROUP] [COMMAND] [FLAGS] ```bash gcloud run deploy my-service \ - --image us-docker.pkg.dev/cloudrun/container/hello:latest + --image us-docker.pkg.dev/cloudrun/container/hello:latest \ + --quiet ``` - **Deploy from source code:** ```bash - gcloud run deploy my-service --source . + gcloud run deploy my-service --source . --quiet ``` - **Deploy a Cloud Run function:** ```bash gcloud run deploy my-service - --source . --function example-hello --base-image go126 --region us-central1 + --source . --function example-hello --base-image go126 --region us-central1 --quiet ``` - **List services:** ```bash - gcloud run services list + gcloud run services list --quiet ``` - **Update traffic split:** ```bash - gcloud run services update-traffic my-service --to-revisions=REV1=50,REV2=50 + gcloud run services update-traffic my-service --to-revisions=REV1=50,REV2=50 --quiet ``` ### Cloud Run job @@ -50,13 +51,14 @@ gcloud run [GROUP] [COMMAND] [FLAGS] ```bash gcloud run jobs create my-job \ - --image us-docker.pkg.dev/cloudrun/container/job:latest + --image us-docker.pkg.dev/cloudrun/container/job:latest \ + --quiet ``` - **Execute a job:** ```bash - gcloud run jobs execute my-job + gcloud run jobs execute my-job --quiet ``` - **List jobs:** `gcloud run jobs list` @@ -73,26 +75,28 @@ gcloud run [GROUP] [COMMAND] [FLAGS] ```bash gcloud run worker-pools deploy my-workerpool \ - --image us-docker.pkg.dev/cloudrun/container/worker-pool:latest + --image us-docker.pkg.dev/cloudrun/container/worker-pool:latest \ + --quiet ``` - **Deploy from source code:** ```bash - gcloud run worker-pools deploy my-workerpool --source . + gcloud run worker-pools deploy my-workerpool --source . --quiet ``` - **List worker pools:** ```bash - gcloud run worker-pools list --region us-central1 + gcloud run worker-pools list --region us-central1 --quiet ``` - **Configure scaling (manual):** ```bash gcloud run worker-pools deploy my-workerpool --instances=5 \ - --image us-docker.pkg.dev/cloudrun/container/worker-pool:latest + --image us-docker.pkg.dev/cloudrun/container/worker-pool:latest \ + --quiet ``` ### Configuration and logs @@ -103,7 +107,8 @@ gcloud run [GROUP] [COMMAND] [FLAGS] ```bash gcloud logging read "resource.type=cloud_run_revision AND \ - resource.labels.service_name=my-service" + resource.labels.service_name=my-service" \ + --quiet ``` ## Common Flags diff --git a/skills/cloud/cloud-run-basics/references/iam-security.md b/skills/cloud/cloud-run-basics/references/iam-security.md index 501fc92565..5f974915bc 100644 --- a/skills/cloud/cloud-run-basics/references/iam-security.md +++ b/skills/cloud/cloud-run-basics/references/iam-security.md @@ -97,5 +97,6 @@ gcloud run deploy SERVICE_NAME \ --region=REGION \ --image=IMAGE_URL \ --no-allow-unauthenticated \ - --iap + --iap \ + --quiet ``` diff --git a/skills/cloud/cloud-sql-basics/SKILL.md b/skills/cloud/cloud-sql-basics/SKILL.md index 0c075b2f44..9b121b23f8 100644 --- a/skills/cloud/cloud-sql-basics/SKILL.md +++ b/skills/cloud/cloud-sql-basics/SKILL.md @@ -31,7 +31,7 @@ access to Cloud SQL resources. 1. **Enable the API:** ```bash - gcloud services enable sqladmin.googleapis.com + gcloud services enable sqladmin.googleapis.com --quiet ``` 2. **Create an Instance:** @@ -40,7 +40,8 @@ access to Cloud SQL resources. --database-version=POSTGRES_18 \ --cpu=2 \ --memory=7680MiB \ - --region=REGION + --region=REGION \ + --quiet ``` 3. **Set a password for the default user:** @@ -49,13 +50,15 @@ access to Cloud SQL resources. is `postgres`: ```bash gcloud sql users set-password postgres \ - --instance=INSTANCE_NAME --password=PASSWORD + --instance=INSTANCE_NAME --password=PASSWORD \ + --quiet ``` 4. **Create a database:** ```bash gcloud sql databases create DATABASE_NAME \ - --instance=INSTANCE_NAME + --instance=INSTANCE_NAME \ + --quiet ``` 5. **Get the instance connection name:** @@ -65,7 +68,8 @@ access to Cloud SQL resources. Proxy. Retrieve it with the following command: ```bash gcloud sql instances describe INSTANCE_NAME \ - --format="value(connectionName)" + --format="value(connectionName)" \ + --quiet ``` 6. **Connect to the instance:** diff --git a/skills/cloud/cloud-sql-basics/references/cli-usage.md b/skills/cloud/cloud-sql-basics/references/cli-usage.md index 5ad89b4d6a..78dad686bc 100644 --- a/skills/cloud/cloud-sql-basics/references/cli-usage.md +++ b/skills/cloud/cloud-sql-basics/references/cli-usage.md @@ -17,25 +17,26 @@ gcloud sql [GROUP] [COMMAND] [FLAGS] ```bash gcloud sql instances create my-instance --database-version=MYSQL_8_0 \ - --tier=db-f1-micro --region=us-central1 + --tier=db-f1-micro --region=us-central1 \ + --quiet ``` - **List instances:** ```bash - gcloud sql instances list + gcloud sql instances list --quiet ``` - **Describe an instance:** ```bash - gcloud sql instances describe my-instance + gcloud sql instances describe my-instance --quiet ``` - **Restart an instance:** ```bash - gcloud sql instances restart my-instance + gcloud sql instances restart my-instance --quiet ``` ### Database and User Management @@ -43,14 +44,15 @@ gcloud sql [GROUP] [COMMAND] [FLAGS] - **Create a database:** ```bash - gcloud sql databases create my-db --instance=my-instance + gcloud sql databases create my-db --instance=my-instance --quiet ``` - **Create a user:** ```bash gcloud sql users create my-user --instance=my-instance \ - --password=my-password + --password=my-password \ + --quiet ``` ### Operations and Backups @@ -58,19 +60,19 @@ gcloud sql [GROUP] [COMMAND] [FLAGS] - **List operations:** ```bash - gcloud sql operations list --instance=my-instance + gcloud sql operations list --instance=my-instance --quiet ``` - **Create a backup:** ```bash - gcloud sql backups create --instance=my-instance + gcloud sql backups create --instance=my-instance --quiet ``` - **Restore from a backup:** ```bash - gcloud sql backups restore backup_id --restore-instance=my-instance + gcloud sql backups restore backup_id --restore-instance=my-instance --quiet ``` ## Common Flags diff --git a/skills/cloud/gke-basics/SKILL.md b/skills/cloud/gke-basics/SKILL.md index 8e40f4b3ca..98633d6d5c 100644 --- a/skills/cloud/gke-basics/SKILL.md +++ b/skills/cloud/gke-basics/SKILL.md @@ -14,9 +14,9 @@ GKE is a managed Kubernetes platform on Google Cloud for deploying, scaling, and ## Quick Start ```bash -gcloud services enable container.googleapis.com -gcloud container clusters create-auto my-cluster --region=us-central1 -gcloud container clusters get-credentials my-cluster --region=us-central1 +gcloud services enable container.googleapis.com --quiet +gcloud container clusters create-auto my-cluster --region=us-central1 --quiet +gcloud container clusters get-credentials my-cluster --region=us-central1 --quiet kubectl create deployment hello-server \ --image=us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0 ``` diff --git a/skills/cloud/gke-basics/references/cli-reference.md b/skills/cloud/gke-basics/references/cli-reference.md index 028ee73dde..5b6b77db9f 100644 --- a/skills/cloud/gke-basics/references/cli-reference.md +++ b/skills/cloud/gke-basics/references/cli-reference.md @@ -60,17 +60,18 @@ create_cluster( ```bash # Get available Kubernetes versions (CLI-only) -gcloud container get-server-config --region --format="yaml(channels)" +gcloud container get-server-config --region --format="yaml(channels)" --quiet # Create golden path Autopilot cluster (see gke-cluster-creation.md for full templates) gcloud container clusters create-auto \ --region --project \ --enable-private-nodes --enable-master-authorized-networks \ --enable-dns-access --release-channel regular \ - --enable-secret-manager --scoped-rbs-bindings + --enable-secret-manager --scoped-rbs-bindings \ + --quiet # Get credentials (CLI-only) -gcloud container clusters get-credentials --region --project +gcloud container clusters get-credentials --region --project --quiet ``` ## Node Pool Operations @@ -110,7 +111,8 @@ update_cluster( ```bash # Update monitoring components (CLI-only) gcloud container clusters update --region \ - --monitoring=SYSTEM,API_SERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,POD,DEPLOYMENT,STATEFULSET,DAEMONSET,HPA + --monitoring=SYSTEM,API_SERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,POD,DEPLOYMENT,STATEFULSET,DAEMONSET,HPA \ + --quiet ``` ## Kubernetes Resource Operations @@ -185,12 +187,12 @@ get_operation(name="projects//locations//operations/" ## AI/ML Inference (GIQ) — CLI-Only ```bash -gcloud container ai profiles models list -gcloud container ai profiles list --model= +gcloud container ai profiles models list --quiet +gcloud container ai profiles list --model= --quiet gcloud container ai profiles manifests create \ --model= --model-server= \ --accelerator-type= \ - --target-ntpot-milliseconds= > inference.yaml + --target-ntpot-milliseconds= --quiet > inference.yaml # Deploy generated manifest via MCP apply_k8s_manifest(parent="...", yamlManifest="") diff --git a/skills/cloud/gke-basics/references/gke-app-onboarding.md b/skills/cloud/gke-basics/references/gke-app-onboarding.md index e64044026b..ef6ebbfca9 100644 --- a/skills/cloud/gke-basics/references/gke-app-onboarding.md +++ b/skills/cloud/gke-basics/references/gke-app-onboarding.md @@ -53,7 +53,7 @@ Build and store the container image: ```bash # Configure Docker for Artifact Registry -gcloud auth configure-docker -docker.pkg.dev +gcloud auth configure-docker -docker.pkg.dev --quiet # Build and push docker build -t -docker.pkg.dev///: . @@ -66,7 +66,8 @@ docker push -docker.pkg.dev///: # Check scan results gcloud artifacts docker images describe \ -docker.pkg.dev///: \ - --show-package-vulnerability + --show-package-vulnerability \ + --quiet ``` ### 4. Manifest Generation diff --git a/skills/cloud/gke-basics/references/gke-backup-dr.md b/skills/cloud/gke-basics/references/gke-backup-dr.md index ac64ca7b27..eb7859d278 100644 --- a/skills/cloud/gke-basics/references/gke-backup-dr.md +++ b/skills/cloud/gke-basics/references/gke-backup-dr.md @@ -13,12 +13,14 @@ Backup for GKE must be enabled at the cluster level. ```bash # Check if enabled gcloud container clusters describe --region \ - --format="value(addonsConfig.gkeBackupAgentConfig.enabled)" + --format="value(addonsConfig.gkeBackupAgentConfig.enabled)" \ + --quiet # Enable (Day-1 change) gcloud container clusters update \ --enable-gke-backup \ - --region + --region \ + --quiet ``` ### 2. Create a Backup Plan @@ -31,7 +33,8 @@ gcloud container backup-restore backup-plans create \ --location= \ --retention-days= \ --cron-schedule="" \ - --all-namespaces + --all-namespaces \ + --quiet ``` **Options:** @@ -46,7 +49,8 @@ Trigger a backup immediately outside the schedule: ```bash gcloud container backup-restore backups create \ --backup-plan= \ - --location= + --location= \ + --quiet ``` ### 4. Restore from Backup @@ -59,7 +63,8 @@ gcloud container backup-restore restore-plans create \ --location= \ --backup-plan= \ --cluster-resource-conflict-policy=USE_EXISTING_VERSION \ - --namespaced-resource-restore-mode=FAIL_ON_CONFLICT + --namespaced-resource-restore-mode=FAIL_ON_CONFLICT \ + --quiet ``` **Execute the restore:** @@ -68,7 +73,8 @@ gcloud container backup-restore restore-plans create \ gcloud container backup-restore restores create \ --restore-plan= \ --backup= \ - --location= + --location= \ + --quiet ``` ## Best Practices diff --git a/skills/cloud/gke-basics/references/gke-batch-hpc.md b/skills/cloud/gke-basics/references/gke-batch-hpc.md index 0e952dcc81..74ec29feb4 100644 --- a/skills/cloud/gke-basics/references/gke-batch-hpc.md +++ b/skills/cloud/gke-basics/references/gke-batch-hpc.md @@ -115,7 +115,8 @@ gcloud container node-pools create hpc-pool \ --machine-type c3-standard-44 \ --placement-type COMPACT \ --num-nodes 8 \ - --enable-autoscaling --min-nodes 0 --max-nodes 16 + --enable-autoscaling --min-nodes 0 --max-nodes 16 \ + --quiet ``` ### MPI Workloads diff --git a/skills/cloud/gke-basics/references/gke-cluster-creation.md b/skills/cloud/gke-basics/references/gke-cluster-creation.md index eff3bb2f76..735590011c 100644 --- a/skills/cloud/gke-basics/references/gke-cluster-creation.md +++ b/skills/cloud/gke-basics/references/gke-cluster-creation.md @@ -47,7 +47,8 @@ gcloud container clusters create-auto \ --enable-secret-manager \ --secret-manager-rotation-interval=120s \ --scoped-rbs-bindings \ - --monitoring=SYSTEM,API_SERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,POD,DEPLOYMENT,STATEFULSET,DAEMONSET,HPA,CADVISOR,KUBELET,DCGM + --monitoring=SYSTEM,API_SERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,POD,DEPLOYMENT,STATEFULSET,DAEMONSET,HPA,CADVISOR,KUBELET,DCGM \ + --quiet ``` **Via MCP (`create_cluster`):** @@ -83,7 +84,8 @@ Relaxes some golden path defaults for cost savings and easier access in non-prod gcloud container clusters create-auto \ --region \ --project \ - --release-channel rapid + --release-channel rapid \ + --quiet ``` > **Warning**: This does not apply golden path security hardening. Suitable for dev/test only. @@ -104,7 +106,8 @@ gcloud container clusters create \ --enable-master-authorized-networks \ --enable-vertical-pod-autoscaling \ --enable-dataplane-v2 \ - --release-channel regular + --release-channel regular \ + --quiet ``` ### 4. GPU/AI Workloads (Autopilot with ComputeClass) @@ -116,14 +119,15 @@ Create a golden path Autopilot cluster, then apply a ComputeClass for GPU worklo gcloud container clusters create-auto \ --region --project \ --enable-private-nodes --enable-master-authorized-networks \ - --enable-dns-access --enable-secret-manager --scoped-rbs-bindings + --enable-dns-access --enable-secret-manager --scoped-rbs-bindings \ + --quiet # 2. Apply GPU ComputeClass (see gke-compute-classes.md) kubectl apply -f gpu-compute-class.yaml # 3. Or use GIQ for inference (see gke-inference.md) gcloud container ai profiles manifests create \ - --model=gemma-2-9b-it --model-server=vllm --accelerator-type=nvidia-l4 > inference.yaml + --model=gemma-2-9b-it --model-server=vllm --accelerator-type=nvidia-l4 --quiet > inference.yaml kubectl apply -f inference.yaml ``` diff --git a/skills/cloud/gke-basics/references/gke-cost.md b/skills/cloud/gke-basics/references/gke-cost.md index 04b0d57122..2bb88dc645 100644 --- a/skills/cloud/gke-basics/references/gke-cost.md +++ b/skills/cloud/gke-basics/references/gke-cost.md @@ -135,7 +135,7 @@ For steady-state workloads, purchase 1-year or 3-year CUDs: ```bash # View cluster cost breakdown (requires Cost Management API) -gcloud billing budgets list --billing-account= +gcloud billing budgets list --billing-account= --quiet # View node utilization kubectl top nodes diff --git a/skills/cloud/gke-basics/references/gke-inference.md b/skills/cloud/gke-basics/references/gke-inference.md index cb900d969e..761adf2e62 100644 --- a/skills/cloud/gke-basics/references/gke-inference.md +++ b/skills/cloud/gke-basics/references/gke-inference.md @@ -23,13 +23,13 @@ This reference covers deploying AI/ML inference workloads on GKE using Google's ```bash # List all supported models -gcloud container ai profiles models list +gcloud container ai profiles models list --quiet # Find valid accelerator/server combinations for a model -gcloud container ai profiles list --model= +gcloud container ai profiles list --model= --quiet # Example: what can run Gemma 2 9B? -gcloud container ai profiles list --model=gemma-2-9b-it +gcloud container ai profiles list --model=gemma-2-9b-it --quiet ``` ### 2. Generate Manifest @@ -39,7 +39,7 @@ gcloud container ai profiles manifests create \ --model= \ --model-server= \ --accelerator-type= \ - --target-ntpot-milliseconds= > inference.yaml + --target-ntpot-milliseconds= --quiet > inference.yaml ``` **Parameters:** @@ -55,7 +55,7 @@ gcloud container ai profiles manifests create \ --model=gemma-2-9b-it \ --model-server=vllm \ --accelerator-type=nvidia-l4 \ - --target-ntpot-milliseconds=50 > inference.yaml + --target-ntpot-milliseconds=50 --quiet > inference.yaml ``` ### 3. Review and Deploy diff --git a/skills/cloud/gke-basics/references/gke-networking.md b/skills/cloud/gke-basics/references/gke-networking.md index 7e307da71a..20eb5b49c0 100644 --- a/skills/cloud/gke-basics/references/gke-networking.md +++ b/skills/cloud/gke-basics/references/gke-networking.md @@ -30,11 +30,13 @@ The golden path creates a private cluster. Users access it via: ```bash # Access private cluster via DNS endpoint (golden path default) gcloud container clusters get-credentials \ - --region --dns-endpoint + --region --dns-endpoint \ + --quiet # Access via private endpoint (from within VPC) gcloud container clusters get-credentials \ - --region --internal-ip + --region --internal-ip \ + --quiet ``` ## Bring-Your-Own VPC/Subnet @@ -49,7 +51,8 @@ gcloud container clusters create-auto \ --cluster-secondary-range-name \ --services-secondary-range-name \ --enable-private-nodes \ - --enable-master-authorized-networks + --enable-master-authorized-networks \ + --quiet ``` > **Day-0 Warning**: VPC, subnet, and IP ranges cannot be changed after cluster creation. diff --git a/skills/cloud/gke-basics/references/gke-observability.md b/skills/cloud/gke-basics/references/gke-observability.md index 8d34857090..9b940a2041 100644 --- a/skills/cloud/gke-basics/references/gke-observability.md +++ b/skills/cloud/gke-basics/references/gke-observability.md @@ -32,15 +32,18 @@ These are critical for diagnosing cluster-level issues (slow API responses, sche ```bash # Enable golden path monitoring suite gcloud container clusters update --region \ - --monitoring=SYSTEM,API_SERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,POD,DEPLOYMENT,STATEFULSET,DAEMONSET,HPA,CADVISOR,KUBELET,DCGM + --monitoring=SYSTEM,API_SERVER,SCHEDULER,CONTROLLER_MANAGER,STORAGE,POD,DEPLOYMENT,STATEFULSET,DAEMONSET,HPA,CADVISOR,KUBELET,DCGM \ + --quiet # Enable Managed Prometheus gcloud container clusters update --region \ - --enable-managed-prometheus + --enable-managed-prometheus \ + --quiet # Enable Dataplane V2 observability metrics gcloud container clusters update --region \ - --enable-dataplane-v2-flow-observability + --enable-dataplane-v2-flow-observability \ + --quiet ``` ## Managed Prometheus @@ -82,17 +85,20 @@ kubectl top pods --containers -n # per-container breakdown # System component logs gcloud logging read \ 'resource.type="k8s_cluster" AND resource.labels.cluster_name=""' \ - --project --limit 50 + --project --limit 50 \ + --quiet # Workload logs for a specific namespace gcloud logging read \ 'resource.type="k8s_container" AND resource.labels.cluster_name="" AND resource.labels.namespace_name=""' \ - --project --limit 50 + --project --limit 50 \ + --quiet # Audit logs (who did what) gcloud logging read \ 'resource.type="k8s_cluster" AND logName:"cloudaudit.googleapis.com"' \ - --project --limit 50 + --project --limit 50 \ + --quiet ``` ## Diagnostic Settings @@ -102,7 +108,8 @@ For security monitoring and troubleshooting, enable control-plane audit logs: ```bash # View current logging config gcloud container clusters describe --region \ - --format="yaml(loggingConfig)" + --format="yaml(loggingConfig)" \ + --quiet ``` ## Alerting @@ -130,7 +137,8 @@ To reduce costs in non-production: ```bash # Reduce to system-only monitoring gcloud container clusters update --region \ - --monitoring=SYSTEM + --monitoring=SYSTEM \ + --quiet ``` ## Distributed Tracing & Continuous Profiling (Recommended) diff --git a/skills/cloud/gke-basics/references/gke-reliability.md b/skills/cloud/gke-basics/references/gke-reliability.md index c839fd6e56..8b2f3129b6 100644 --- a/skills/cloud/gke-basics/references/gke-reliability.md +++ b/skills/cloud/gke-basics/references/gke-reliability.md @@ -26,7 +26,8 @@ get_cluster(name="projects//locations//clusters/", # gcloud fallback gcloud container clusters describe --region \ - --format="json(location, locations)" + --format="json(location, locations)" \ + --quiet ``` - If `location` is a region (e.g., `us-central1`), the control plane is regional diff --git a/skills/cloud/gke-basics/references/gke-scaling.md b/skills/cloud/gke-basics/references/gke-scaling.md index e694ac9497..2ce2a6dbb9 100644 --- a/skills/cloud/gke-basics/references/gke-scaling.md +++ b/skills/cloud/gke-basics/references/gke-scaling.md @@ -106,13 +106,15 @@ On Autopilot (golden path), node scaling is fully managed. NAP automatically cre # Enable cluster autoscaler on a node pool gcloud container clusters update --region \ --enable-autoscaling --node-pool \ - --min-nodes --max-nodes + --min-nodes --max-nodes \ + --quiet # Enable NAP gcloud container clusters update --region \ --enable-autoprovisioning \ --min-cpu --max-cpu \ - --min-memory --max-memory + --min-memory --max-memory \ + --quiet ``` **Autoscaling profiles:** diff --git a/skills/cloud/gke-basics/references/gke-security.md b/skills/cloud/gke-basics/references/gke-security.md index 5fd650ec47..d4699ca5a6 100644 --- a/skills/cloud/gke-basics/references/gke-security.md +++ b/skills/cloud/gke-basics/references/gke-security.md @@ -28,12 +28,14 @@ Workload Identity is the recommended way for pods to access Google Cloud APIs. I # 1. Create a Google Service Account (GSA) gcloud iam service-accounts create \ --project \ - --display-name "Workload Identity SA" + --display-name "Workload Identity SA" \ + --quiet # 2. Grant IAM roles to the GSA gcloud projects add-iam-policy-binding \ --member "serviceAccount:@.iam.gserviceaccount.com" \ - --role "" + --role "" \ + --quiet # 3. Create Kubernetes Service Account (KSA) kubectl create namespace @@ -43,7 +45,8 @@ kubectl create serviceaccount --namespace gcloud iam service-accounts add-iam-policy-binding \ @.iam.gserviceaccount.com \ --role roles/iam.workloadIdentityUser \ - --member "serviceAccount:.svc.id.goog[/]" + --member "serviceAccount:.svc.id.goog[/]" \ + --quiet # 5. Annotate KSA kubectl annotate serviceaccount \ @@ -59,7 +62,7 @@ kubectl annotate serviceaccount \ kubectl run workload-identity-test \ --image=gcr.io/google.com/cloudsdktool/cloud-sdk:slim \ --serviceaccount= --namespace= \ - --rm -it -- gcloud auth list + --rm -it -- gcloud auth list --quiet ``` ## Secret Manager Integration @@ -69,12 +72,14 @@ The golden path enables Secret Manager with automatic rotation. Secrets are sync ```bash # Verify Secret Manager is enabled on cluster gcloud container clusters describe --region \ - --format="value(secretManagerConfig.enabled)" + --format="value(secretManagerConfig.enabled)" \ + --quiet # Enable if not already (Day-1 change) gcloud container clusters update --region \ --enable-secret-manager \ - --secret-manager-rotation-interval=120s + --secret-manager-rotation-interval=120s \ + --quiet ``` ## RBAC Hardening @@ -84,7 +89,8 @@ The golden path disables insecure legacy RBAC bindings that grant broad access t ```bash # Verify insecure bindings are disabled gcloud container clusters describe --region \ - --format="yaml(rbacBindingConfig)" + --format="yaml(rbacBindingConfig)" \ + --quiet ``` **Best practices for RBAC:** @@ -102,7 +108,8 @@ Not enabled in golden path by default but recommended for production image prove ```bash # Enable Binary Authorization gcloud container clusters update --region \ - --binauthz-evaluation-mode=PROJECT_SINGLETON_POLICY_ENFORCE + --binauthz-evaluation-mode=PROJECT_SINGLETON_POLICY_ENFORCE \ + --quiet ``` ## Network Policies @@ -123,7 +130,7 @@ For running untrusted workloads in an isolated sandbox: ```bash # Enable on cluster (Standard clusters) -gcloud container clusters update --region --enable-gke-sandbox +gcloud container clusters update --region --enable-gke-sandbox --quiet # Use in pod spec # Add: runtimeClassName: gvisor @@ -165,7 +172,8 @@ With Dataplane V2 (golden path), you can enable logging for Network Policy decis ```bash gcloud container clusters update --region \ - --enable-network-policy-logging + --enable-network-policy-logging \ + --quiet ``` This logs allowed and denied connections, useful for troubleshooting Network Policy rules and auditing traffic flows. @@ -198,17 +206,20 @@ Common patterns for granting GKE workloads access to other Google Cloud services # Grant a GKE workload access to Cloud Storage gcloud projects add-iam-policy-binding \ --member "serviceAccount:@.iam.gserviceaccount.com" \ - --role "roles/storage.objectViewer" + --role "roles/storage.objectViewer" \ + --quiet # Grant a GKE workload access to Cloud SQL gcloud projects add-iam-policy-binding \ --member "serviceAccount:@.iam.gserviceaccount.com" \ - --role "roles/cloudsql.client" + --role "roles/cloudsql.client" \ + --quiet # Grant a GKE workload access to Pub/Sub gcloud projects add-iam-policy-binding \ --member "serviceAccount:@.iam.gserviceaccount.com" \ - --role "roles/pubsub.subscriber" + --role "roles/pubsub.subscriber" \ + --quiet ``` In all cases, the GSA must be bound to a KSA via Workload Identity (see setup above). The pod then uses the KSA to authenticate as the GSA. diff --git a/skills/cloud/gke-basics/references/gke-upgrades.md b/skills/cloud/gke-basics/references/gke-upgrades.md index ad4dd327aa..91e1a5ba90 100644 --- a/skills/cloud/gke-basics/references/gke-upgrades.md +++ b/skills/cloud/gke-basics/references/gke-upgrades.md @@ -26,11 +26,13 @@ This reference covers upgrade strategy, maintenance windows, and release channel ```bash # Check current channel gcloud container clusters describe --region \ - --format="value(releaseChannel.channel)" + --format="value(releaseChannel.channel)" \ + --quiet # Change channel (Day-1) gcloud container clusters update --region \ - --release-channel + --release-channel \ + --quiet ``` ## Maintenance Windows @@ -42,7 +44,8 @@ Control when GKE can perform automatic maintenance (upgrades, patches). gcloud container clusters update --region \ --maintenance-window-start "2026-01-01T02:00:00Z" \ --maintenance-window-end "2026-01-01T06:00:00Z" \ - --maintenance-window-recurrence "FREQ=WEEKLY;BYDAY=SA,SU" + --maintenance-window-recurrence "FREQ=WEEKLY;BYDAY=SA,SU" \ + --quiet ``` ### Maintenance Exclusions @@ -55,11 +58,13 @@ gcloud container clusters update --region \ --add-maintenance-exclusion-name "freeze-1" \ --add-maintenance-exclusion-start "2026-04-11T00:00:00Z" \ --add-maintenance-exclusion-end "2027-04-11T00:00:00Z" \ - --add-maintenance-exclusion-scope NO_MINOR_UPGRADES + --add-maintenance-exclusion-scope NO_MINOR_UPGRADES \ + --quiet # Remove exclusion gcloud container clusters update --region \ - --remove-maintenance-exclusion "freeze-1" + --remove-maintenance-exclusion "freeze-1" \ + --quiet ``` **Exclusion scopes:** @@ -77,7 +82,8 @@ Rolling upgrade with configurable surge capacity: # Default: maxSurge=1 (one extra node during upgrade) gcloud container node-pools update \ --cluster --region \ - --max-surge-upgrade 1 --max-unavailable-upgrade 0 + --max-surge-upgrade 1 --max-unavailable-upgrade 0 \ + --quiet ``` ### Blue-Green (For Zero-Downtime Critical Workloads) @@ -86,7 +92,8 @@ gcloud container node-pools update \ gcloud container node-pools update \ --cluster --region \ --enable-blue-green-upgrade \ - --node-pool-soak-duration "3600s" + --node-pool-soak-duration "3600s" \ + --quiet ``` ## Pre-Upgrade Checklist @@ -100,11 +107,13 @@ gcloud container node-pools update \ ```bash # Check current versions gcloud container clusters describe --region \ - --format="table(currentMasterVersion, nodePools[].version)" + --format="table(currentMasterVersion, nodePools[].version)" \ + --quiet # Check available upgrades gcloud container get-server-config --region \ - --format="yaml(channels)" + --format="yaml(channels)" \ + --quiet # List deprecation warnings kubectl get --raw /metrics | grep apiserver_requested_deprecated_apis @@ -115,11 +124,13 @@ kubectl get --raw /metrics | grep apiserver_requested_deprecated_apis ```bash # Upgrade control plane gcloud container clusters upgrade --region \ - --master --cluster-version + --master --cluster-version \ + --quiet # Upgrade node pool gcloud container clusters upgrade --region \ - --node-pool + --node-pool \ + --quiet ``` ## Best Practices diff --git a/skills/cloud/google-cloud-networking-observability/references/cloud-nat-analysis.md b/skills/cloud/google-cloud-networking-observability/references/cloud-nat-analysis.md index a32cbb75dd..a80b06d609 100644 --- a/skills/cloud/google-cloud-networking-observability/references/cloud-nat-analysis.md +++ b/skills/cloud/google-cloud-networking-observability/references/cloud-nat-analysis.md @@ -47,13 +47,13 @@ If MCP tools are unavailable, use the following `gcloud` and `bq` commands: **View Logs (gcloud)** ```bash -gcloud logging read 'resource.type="nat_gateway" AND logName="projects/{project_id}/logs/compute.googleapis.com%2Fnat_flows"' --project {project_id} --limit 10 --format json +gcloud logging read 'resource.type="nat_gateway" AND logName="projects/{project_id}/logs/compute.googleapis.com%2Fnat_flows"' --project {project_id} --limit 10 --format json --quiet ``` To filter for dropped packets: ```bash -gcloud logging read 'resource.type="nat_gateway" AND logName="projects/{project_id}/logs/compute.googleapis.com%2Fnat_flows" AND jsonPayload.allocation_status="DROPPED"' --project {project_id} --limit 10 --format json +gcloud logging read 'resource.type="nat_gateway" AND logName="projects/{project_id}/logs/compute.googleapis.com%2Fnat_flows" AND jsonPayload.allocation_status="DROPPED"' --project {project_id} --limit 10 --format json --quiet ``` **Aggregate Trends (bq)** @@ -79,7 +79,7 @@ To get the status of the router used by the NAT gateway: ```bash gcloud compute -routers get-status {router_name} --region {region} +routers get-status {router_name} --region {region} --quiet ``` ## Key Fields diff --git a/skills/cloud/google-cloud-networking-observability/references/firewall-analysis.md b/skills/cloud/google-cloud-networking-observability/references/firewall-analysis.md index 593eff8d65..86de606a18 100644 --- a/skills/cloud/google-cloud-networking-observability/references/firewall-analysis.md +++ b/skills/cloud/google-cloud-networking-observability/references/firewall-analysis.md @@ -56,13 +56,13 @@ If MCP tools are unavailable, use the following `gcloud` and `bq` commands: **View Logs (gcloud)** ```bash -gcloud logging read 'resource.type="gce_subnetwork" AND logName="projects/{project_id}/logs/compute.googleapis.com%2Ffirewall"' --project {project_id} --limit 10 --format json +gcloud logging read 'resource.type="gce_subnetwork" AND logName="projects/{project_id}/logs/compute.googleapis.com%2Ffirewall"' --project {project_id} --limit 10 --format json --quiet ``` To filter for denied packets: ```bash -gcloud logging read 'resource.type="gce_subnetwork" AND logName="projects/{project_id}/logs/compute.googleapis.com%2Ffirewall" AND jsonPayload.rule_details.action="DENY"' --project {project_id} --limit 10 --format json +gcloud logging read 'resource.type="gce_subnetwork" AND logName="projects/{project_id}/logs/compute.googleapis.com%2Ffirewall" AND jsonPayload.rule_details.action="DENY"' --project {project_id} --limit 10 --format json --quiet ``` **Aggregate Trends (bq)** diff --git a/skills/cloud/google-cloud-networking-observability/references/threat-analysis.md b/skills/cloud/google-cloud-networking-observability/references/threat-analysis.md index 59752708cd..404bad6356 100644 --- a/skills/cloud/google-cloud-networking-observability/references/threat-analysis.md +++ b/skills/cloud/google-cloud-networking-observability/references/threat-analysis.md @@ -83,13 +83,13 @@ If MCP tools are unavailable, use the following `gcloud` and `bq` commands: **View Threat Alerts (gcloud)** ```bash -gcloud logging read 'logName:("projects/{project_id}/logs/networksecurity.googleapis.com%2Ffirewall_threat" OR "projects/{project_id}/logs/ids.googleapis.com%2Fthreat")' --project {project_id} --limit 10 --format json +gcloud logging read 'logName:("projects/{project_id}/logs/networksecurity.googleapis.com%2Ffirewall_threat" OR "projects/{project_id}/logs/ids.googleapis.com%2Fthreat")' --project {project_id} --limit 10 --format json --quiet ``` To filter for high-severity blocked threats: ```bash -gcloud logging read 'logName:("projects/{project_id}/logs/networksecurity.googleapis.com%2Ffirewall_threat" OR "projects/{project_id}/logs/ids.googleapis.com%2Fthreat") AND jsonPayload.threatDetails.severity=("HIGH" OR "CRITICAL") AND jsonPayload.action="DENY"' --project {project_id} --limit 10 --format json +gcloud logging read 'logName:("projects/{project_id}/logs/networksecurity.googleapis.com%2Ffirewall_threat" OR "projects/{project_id}/logs/ids.googleapis.com%2Fthreat") AND jsonPayload.threatDetails.severity=("HIGH" OR "CRITICAL") AND jsonPayload.action="DENY"' --project {project_id} --limit 10 --format json --quiet ``` **Aggregate Threat Trends (bq)** diff --git a/skills/cloud/google-cloud-networking-observability/references/vpc-flow-analysis.md b/skills/cloud/google-cloud-networking-observability/references/vpc-flow-analysis.md index 7aa1b14fbb..d5d7219739 100644 --- a/skills/cloud/google-cloud-networking-observability/references/vpc-flow-analysis.md +++ b/skills/cloud/google-cloud-networking-observability/references/vpc-flow-analysis.md @@ -54,7 +54,7 @@ If MCP tools are unavailable, use the following `gcloud` and `bq` commands: **View Logs (gcloud)** ```bash -gcloud logging read '(logName:"projects/{project_id}/logs/compute.googleapis.com%2Fvpc_flows" OR logName:"projects/{project_id}/logs/networkmanagement.googleapis.com%2Fvpc_flows") AND resource.type="gce_subnetwork"' --project {project_id} --limit 10 --format json +gcloud logging read '(logName:"projects/{project_id}/logs/compute.googleapis.com%2Fvpc_flows" OR logName:"projects/{project_id}/logs/networkmanagement.googleapis.com%2Fvpc_flows") AND resource.type="gce_subnetwork"' --project {project_id} --limit 10 --format json --quiet ``` **Aggregate Trends (bq)** diff --git a/skills/cloud/google-cloud-recipe-onboarding/SKILL.md b/skills/cloud/google-cloud-recipe-onboarding/SKILL.md index 7bad262195..599d0d12fe 100644 --- a/skills/cloud/google-cloud-recipe-onboarding/SKILL.md +++ b/skills/cloud/google-cloud-recipe-onboarding/SKILL.md @@ -109,7 +109,7 @@ Example (Cloud Run): ```bash gcloud run deploy hello-world \ --image=gcr.io/cloudrun/hello \ --platform=managed \ --region=us-central1 \ - --allow-unauthenticated + --allow-unauthenticated --quiet ``` This command will output a public URL, that you can reach in a web browser.